Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

request with not enough permissions returning 404 #6670

Closed
KarunAtreya opened this issue Jun 29, 2023 · 0 comments · Fixed by #6919
Closed

request with not enough permissions returning 404 #6670

KarunAtreya opened this issue Jun 29, 2023 · 0 comments · Fixed by #6919
Assignees
@saw-jan
Labels
Type:Bug

Comments

@KarunAtreya
Copy link
Contributor

KarunAtreya commented Jun 29, 2023
edited by saw-jan
Loading

Describe the bug

When resharing a folder using api with FRONTEND_ENABLE_RESHARING=false, request with not enough permissions should return 403 status code but returning 404.
According to,
#5742 (comment)

Steps to reproduce

Steps to reproduce the behavior:

  1. einstein shares 'test' folder to moss with editor role and moss gets permission 15 for the folder in response as FRONTEND_ENABLE_RESHARING is set to false
  2. moss accepts share requested by einstein
  3. moss tries to reshare 'test' folder with marie permission 31 with using api and get response 404

Expected behavior

When moss tries to reshare the folder with marie, the response code should be 403 as he does not have enough permissions to share.

<?xml version="1.0" encoding="UTF-8"?>
<ocs>
    <meta>
        <status>error</status>
        <statuscode>403</statuscode>
        <message>No share permission</message>
    </meta>
</ocs>

Actual behavior

When einstein shares "test" folder with moss with role editor using api and gets permission 15 in response
using curl command:

curl -k -XPOST "https://localhost:9200/ocs/v1.php/apps/files_sharing/api/v1/shares" -u einstein:relativity -H "Content-Type: application/x-www-form-urlencoded" -d "shareType=0&shareWith=moss&path=test&role=editor&permissions=31"
Response here 
<?xml version="1.0" encoding="UTF-8"?>
<ocs>
    <meta>
        <status>ok</status>
        <statuscode>100</statuscode>
        <message>OK</message>
    </meta>
    <data>
        <id>286e1426-59af-49aa-afdf-903dabcba052:4c510ada-c86b-4815-8820-42cdf82c3d51:8d781c52-f6c1-493c-9166-90bf66554c1b</id>
        <share_type>0</share_type>
        <uid_owner>einstein</uid_owner>
        <displayname_owner>Albert Einstein</displayname_owner>
        <additional_info_owner>[email protected]</additional_info_owner>
        <permissions>15</permissions>
        <stime>1688032093</stime>
        <parent></parent>
        <expiration></expiration>
        <token></token>
        <uid_file_owner>einstein</uid_file_owner>
        <displayname_file_owner>Albert Einstein</displayname_file_owner>
        <additional_info_file_owner>[email protected]</additional_info_file_owner>
        <state>0</state>
        <path>/test</path>
        <item_type>folder</item_type>
        <mimetype>httpd/unix-directory</mimetype>
        <space_id>286e1426-59af-49aa-afdf-903dabcba052$4c510ada-c86b-4815-8820-42cdf82c3d51!4c510ada-c86b-4815-8820-42cdf82c3d51</space_id>
        <space_alias>personal/einstein</space_alias>
        <storage_id>shared::/Shares/test</storage_id>
        <storage>0</storage>
        <item_source>286e1426-59af-49aa-afdf-903dabcba052$4c510ada-c86b-4815-8820-42cdf82c3d51!b1ffe3af-ef72-49ce-9c9b-635ea4ce6ddd</item_source>
        <file_source>286e1426-59af-49aa-afdf-903dabcba052$4c510ada-c86b-4815-8820-42cdf82c3d51!b1ffe3af-ef72-49ce-9c9b-635ea4ce6ddd</file_source>
        <file_parent>286e1426-59af-49aa-afdf-903dabcba052$4c510ada-c86b-4815-8820-42cdf82c3d51!4c510ada-c86b-4815-8820-42cdf82c3d51</file_parent>
        <file_target>/Shares/test</file_target>
        <share_with>marie</share_with>
        <share_with_user_type>0</share_with_user_type>
        <share_with_displayname>Marie Skłodowska Curie</share_with_displayname>
        <share_with_additional_info>[email protected]</share_with_additional_info>
        <mail_send>0</mail_send>
        <name></name>
    </data>
</ocs>

the response contains

<permissions>15</permissions>

moss accepts the share requested by Einstein and
Again when moss shares 'Shares/test" with marie through api

using curl command:

curl -k -XPOST "https://localhost:9200/ocs/v1.php/apps/files_sharing/api/v1/shares" -u moss:vista -H "Content-Type: application/x-www-form-urlencoded" -d "shareType=0&shareWith=marie&path=Shares/test&role=editor&permissions=31"

<?xml version="1.0" encoding="UTF-8"?>
<ocs>
    <meta>
        <status>error</status>
        <statuscode>404</statuscode>
        <message>No share permission</message>
    </meta>
</ocs>

Setup

loacally

PROXY_ENABLE_BASIC_AUTH=true 
IDM_CREATE_DEMO_USERS=true 
OCIS_INSECURE=true 
FRONTEND_ENABLE_RESHARING=false

Additional context

#5742 (comment)
This was referenced Jun 29, 2023
Merged
Closed
@micbar micbar moved this from Qualification to Prio 3 or less in Infinite Scale Team Board Jul 3, 2023
@saw-jan saw-jan self-assigned this Jul 28, 2023
This was referenced Jul 28, 2023
Merged
Merged
phil-davis added a commit that referenced this issue Jul 31, 2023
@phil-davis
Merge pull request #6919 from owncloud/bump-reva-fix-6670
80f4d6a 
[full-ci] bump reva (Fix #6670)
@github-project-automation github-project-automation bot moved this from Prio 3 or less to Done in Infinite Scale Team Board Jul 31, 2023
ownclouders pushed a commit that referenced this issue Jul 31, 2023
@phil-davis
Merge pull request #6919 from owncloud/bump-reva-fix-6670
2f0fbd6 
[full-ci] bump reva (Fix #6670)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@saw-jan saw-jan

Labels
Type:Bug
Projects
Infinite Scale Team Board
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[full-ci] bump reva (Fix #6670) owncloud/ocis
2 participants
@KarunAtreya @saw-jan