search

nextcloud / passman

🔐 Open source password manager with Nextcloud integration
https://passman.cc
GNU Affero General Public License v3.0
785 stars 108 forks source link

Sharing WRITE ACL do nothing more than READ #815

Open rmarso opened 5 months ago

rmarso commented 5 months ago

Hi, First, Many Thanks for this App !! Best regards.

Bug report

Sharing WRITE ACL do nothing more than READ

with READ+WRITE ACL => MODIFY is KO => button appears but when i click nothing appends with READ+WRITE+FILE ACL => MODIFY is OK => button appears and when i click it opens the window

FILE ACL is mandatory to MODIFY a password or is it a bug ?

Steps to reproduce

  1. Login with account1 (admin group), create new entry and sharing with account2
  2. Login with account2 (admin group), create new entry and sharing with account1
  3. Sharing passwords between each other and tested on each side

Configuration

tested on fresh rocky 9 install with apache + php-fpm + mariadb with nextcloud and passman in their last version not tested with any previous not tested with docker

binsky08 commented 5 months ago

thanks for report @rmarso , I'll try to look into it soon

binsky08 commented 5 months ago

It seems that the frontend tries to decrypt the files field even if the sharing permission for that is missing. Positive: decryption of that field fails :) Todo: it should not even try that