copy file from shares shared by secure view role to personal space results in 500 status code error.

owncloud / ocis

:atom_symbol: ownCloud Infinite Scale Stack

https://doc.owncloud.com/ocis/next/

Apache License 2.0

1.37k stars 180 forks source link

copy file from shares shared by secure view role to personal space results in 500 status code error. #9482

Closed S-Panta closed 1 month ago

S-Panta commented 3 months ago

Describe the bug

Copying files from shared shares via the secure view role results in a 500 status code.

Steps to reproduce

Create a new user test
Share the folder folder1 from Admin via Secure Role to test.

Sharee tries to copy share to personal space

curl -vk --location --request COPY 'https://host.docker.internal:9200/dav/spaces/a0ca6a90-a365-4782-871e-d44447bbc668$a0ca6a90-a365-4782-871e-d44447bbc668/folder1' --header 'Destination: https://host.docker.internal:9200/remote.php/dav/spaces/6fac54b6-feef-4157-abc5-02f79550dcff%24a7322a1c-b091-4ec4-8687-c9358f4bf196/folder1' -utest:test

Expected behavior

What should be the expected status code for the process? This only happens in secure view. File copying is possible while sharing with other permission role

Actual behavior

The server returns 500 status code

Setup

```console OCIS_XXX=Infinite Scale 6.0.0+5f03a566ee Community OCIS_YYY=somevalue PROXY_XXX=somevalue ```

S-Panta commented 3 months ago

Also, here lies the summary of status code of various copying process that happens when shared resources via Secure viewer role. https://github.com/owncloud/ocis/issues/9334#issuecomment-2182573751

micbar commented 3 months ago

Should be 403

@butonic @kobergj If you agree.

phil-davis commented 2 months ago

@saw-jan @Salipa-Gurung can someone please make a test scenario for this in ocis, and check that it will pass with reva PR https://github.com/cs3org/reva/pull/4775

saw-jan commented 2 months ago

@saw-jan @Salipa-Gurung can someone please make a test scenario for this in ocis, and check that it will pass with reva PR cs3org/reva#4775

we do have PR #9437 for the test scenario. now have to test it with the respective fix PRs.

S-Panta commented 2 months ago

The issue is fixed in the spaces path but with old and new dav , the status code is still 500 Reference: https://drone.owncloud.com/owncloud/ocis/37540/52/5 @2403905

saw-jan commented 2 months ago

Curl examples:

# new dav path
curl -XCOPY "https://localhost:9200/dav/files/demo/Shares/shareme" \
-H"Destination: https://localhost:9200/dav/files/demo/shareme" \
-udemo:demo -vk

# old dav path
curl -XCOPY "https://localhost:9200/webdav/Shares/shareme" \        
-H"Destination: https://localhost:9200/webdav/shareme" \        
-udemo:demo -vk

500 for old/new dav paths :x:
```
< HTTP/1.1 500 Internal Server Error
```
If the shared file or folder (if empty or contains zero-byte files) then COPY works and file/folder is created :question: Same for all dav paths: old, new and spaces

prashant-gurung899 commented 1 month ago

Curl examples:
# new dav path
curl -XCOPY "https://localhost:9200/dav/files/demo/Shares/shareme" \
-H"Destination: https://localhost:9200/dav/files/demo/shareme" \
-udemo:demo -vk

# old dav path
curl -XCOPY "https://localhost:9200/webdav/Shares/shareme" \        
-H"Destination: https://localhost:9200/webdav/shareme" \        
-udemo:demo -vk
500 for old/new dav paths ❌
< HTTP/1.1 500 Internal Server Error
If the shared file or folder (if empty or contains zero-byte files) then COPY works and file/folder is created ❓ Same for all dav paths: old, new and spaces

@saw-jan The status code response for both the old/new dav paths is giving '403':

< HTTP/1.1 403 Forbidden

saw-jan commented 1 month ago

Then this can be closed here. THanks :+1: