search

nextcloud / tables

🍱 Nextcloud tables app
https://apps.nextcloud.com/apps/tables
GNU Affero General Public License v3.0
143 stars 24 forks source link

Deleting row in a shared table is not possible #1031

Closed provokateurin closed 5 months ago

provokateurin commented 5 months ago

Steps to reproduce

  1. Have a table shared from user 1 to user 2
  2. User 2 can now add new rows and edit existing rows

Expected behavior

User 2 should also be able to delete rows. I understand that this is technically a different permission, but if the user can already edit the row data they can already destroy the data in it, so not being able to delete the row directly just adds a little bit more work for a malicious actor.

Actual behavior

Rows can not be deleted.

Tables app version

c.nc.c

Browser

Firefox 125.0.2

Client operating system

Arch Linux

Operating system

No response

Web server

None

PHP engine version

None

Database

None

Additional info

I couldn't find any existing issue about this, sorry if this is a duplicate.

blizzz commented 5 months ago

Does the share recipient has permissions to delete rows?

provokateurin commented 5 months ago

I don't know, maybe that is the actual problem :D Let me ask Andy

provokateurin commented 5 months ago

Excuse me, this was a human error :upside_down_face:

blizzz commented 5 months ago

Layer 8 is toughest ;)