search

pondersource / nextcloud-mfa-awareness

Make Nextcloud aware of whether the current user is logged in with Multi-Factor Authentication
MIT License
0 stars 2 forks source link

files_accesscontrol block doesn't apply to subfolders? #104

Closed michielbdejong closed 7 months ago

michielbdejong commented 7 months ago

Given this workflow:

Screenshot 2023-11-29 at 13 37 47

The folder blafolder is correctly greyed out for usr1:

Screenshot 2023-11-29 at 13 37 17

However, it seems that remote access by user Admin is not blocked:

Screenshot 2023-11-29 at 13 37 08
michielbdejong commented 7 months ago

If this is the case then how can our MFA Zone flow be working at all for blocking remote access of a resource that was shared prior to becoming an MFA Zone?

michielbdejong commented 7 months ago

Ah wait, I forgot that this is not actually remote access, this is a share to a local user.

And actually Admin is on longer able to edit /blafolder, but is still able to edit /blafolder/qwer (because 'qwer' doesn't match the name).

So I'll rename this issue to be about subfolders

michielbdejong commented 7 months ago

Ah, luckily this is not true for the tag check, only for the filename check.