small1
commented
2 months ago This will be a tricky one since DELETE is not issued on rename. as long as you have write you can rename.
Open luka-nextcloud opened 2 months ago
small1
commented
2 months ago This will be a tricky one since DELETE is not issued on rename. as long as you have write you can rename.
luka-nextcloud
commented
2 months ago This will be a tricky one since DELETE is not issued on rename. as long as you have write you can rename.
Some storages might have only one operation for rename, but that is not guaranteed. So, we should make it consistent between storages.
joshtrichards
commented
1 month ago Is this the inverse of nextcloud/groupfolders#859? :-)
Also see nextcloud/groupfolders#1646
provokateurin
commented
1 month ago Hm I'd say this is intended. Delete means non-recoverable changes while renaming a file or folder can be reverted easily. I'd say this can be fixed with https://github.com/nextcloud/groupfolders/issues/1646 by just adding it to the ACL options. I'm not sure if it should be the same as the "Move" ACL or a separate "Rename" ACL. @joshtrichards what do you think?
⚠️ This issue respects the following points: ⚠️
Bug description
Users can rename a file/folder when the right of delete file is denied in advanced authorization. Happens on 29 and master.
Steps to reproduce
Expected behavior
File/Folder cannot be renamed without delete permission.
Installation method
None
Nextcloud Server version
29
Operating system
None
PHP engine version
None
Web server
None
Database engine version
None
Is this bug present after an update or on a fresh install?
None
Are you using the Nextcloud Server Encryption module?
None
What user-backends are you using?
Configuration report
No response
List of activated Apps
No response
Nextcloud Signing status
No response
Nextcloud Logs
No response
Additional info
No response