Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: mask out rule permissions before merging permissions #2833

Merged
merged 2 commits into from
Mar 5, 2024
Merged

fix: mask out rule permissions before merging permissions #2833

merged 2 commits into from
Mar 5, 2024

Conversation

icewind1991
Copy link
Member

To test:

  • Create group1 and group2
  • Create user1 and add it to group1 and group2
  • Create a groupfolder with access to group1 and group2 and acl enabled
  • On the groupfolder, set all permissions to allow for group1, and all except read to deny for group2
  • Create a subfolder folder
  • On the subfolder, set all to deny for group2.
  • occ groupfolders:permissions 1 should list the following permissions
+--------+---------------+-----------------------------------------+
| Path   | User/Group    | Permissions                             |
+--------+---------------+-----------------------------------------+
| /      | group: group2 | -write, -create, -delete, -share        |
|        | group: group1 | +read, +write, +create, +delete, +share |
| folder | group: group2 | -read, -write, -create, -delete, -share |
+--------+---------------+-----------------------------------------+

User1 has no access to the subfolder, as it is denied through group2

  • On folder, set all share permissions to deny and the rest to inherit
  • occ groupfolders:permissions 1 should list the following permissions
+--------+---------------+-----------------------------------------+
| Path   | User/Group    | Permissions                             |
+--------+---------------+-----------------------------------------+
| /      | group: group2 | -write, -create, -delete, -share        |
|        | group: group1 | +read, +write, +create, +delete, +share |
| folder | group: group1 | -share                                  |
|        | group: group2 | -read, -write, -create, -delete, -share |
+--------+---------------+-----------------------------------------+

On master: user1 now suddenly has access to the folder, even though there should be no new allow permissions for them.

With this PR his permissions are still denied.

@icewind1991 icewind1991 force-pushed the mask-acl-permissions-before-merge branch from 6f1fe2d to 0791457 Compare February 27, 2024 14:58
come-nc
come-nc reviewed Feb 29, 2024
View reviewed changes
lib/ACL/Rule.php Outdated Show resolved Hide resolved
@icewind1991
fix: mask out rule permissions before merging permissions
afeef5c 
Signed-off-by: Robin Appelman <robin@icewind.nl>
@icewind1991
fix tests
14c2d19 
Signed-off-by: Robin Appelman <robin@icewind.nl>
@icewind1991 icewind1991 force-pushed the mask-acl-permissions-before-merge branch from 0791457 to 14c2d19 Compare March 4, 2024 13:07
@icewind1991 icewind1991 requested a review from come-nc March 4, 2024 14:49
@icewind1991 icewind1991 merged commit 314fae1 into master Mar 5, 2024
44 checks passed
@icewind1991 icewind1991 deleted the mask-acl-permissions-before-merge branch March 5, 2024 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@come-nc come-nc come-nc approved these changes

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@icewind1991 @come-nc