File access control is not working on root shared folder

[StefanoBettega]

Steps to reproduce

1. Have a Customer A group with Customer_A_User_1 and Customer_A_User_2
2. Have a _Marketing group and a _Software group; admin belongs to both of them
3. Admin creates a Customer_A folder
4. Admin creates a Marketing and a Software folder into Customer_A folder
5. Admin tags with _marketing (hidden) and _software (hidden) the above folders
6. Admin creates a couple of rules: folder tagged with _marketing cannot be accessed by users not belonging to _Marketing group. The same applies for _software and _Software group
7. Admin shares Marketing folder and Software folder with Customer A group, the first in read only mode (no changes allowed) and the second one with full permissoin

Expected behaviour

1. if Customer_A_User_1 logs on, it only has to acces the Marketing folder in read only mode
2. if Customer_A_User_2 logs on, it only has to acces the Software folder in read/write mode

Actual behaviour

1. Customer_A_User_1 can enter the Software folder
2. Customer_A_User_2 can enter the Marketing folder

Server configuration

Operating system: Linux 4.18.0-0.bpo.1-amd64 #1 SMP Debian 4.18.6-1~bpo9+1 (2018-09-13) x86_64

Web server: Apache/2.4.25 (Debian) (apache2handler)

Database: sqlite3 3.20.1

PHP version: 7.2.11
Modules loaded: Core, date, libxml, openssl, pcre, sqlite3, zlib, ctype, curl, dom, fileinfo, filter, ftp, hash, iconv, json, mbstring, SPL, PDO, session, posix, Reflection, standard, SimpleXML, pdo_sqlite, Phar, tokenizer, xml, xmlreader, xmlwriter, mysqlnd, apache2handler, apcu, exif, gd, intl, ldap, memcached, pcntl, pdo_mysql, pdo_pgsql, redis, sodium, zip, Zend OPcache

Nextcloud version: 14.0.3 - 14.0.3.0

Where did you install Nextcloud from: unkown (it's official docker image)

Signing status:

List of activated apps: Enabled:

• accessibility: 1.0.1
• activity: 2.7.0
• admin_audit: 1.4.0
• checksum: 0.4.1
• cloud_federation_api: 0.0.1
• comments: 1.4.0
• dav: 1.6.0
• federatedfilesharing: 1.4.0
• federation: 1.4.0
• files: 1.9.0
• files_accesscontrol: 1.4.0
• files_editcontrol: 1.4.0
• files_pdfviewer: 1.3.2
• files_sharing: 1.6.2
• files_texteditor: 2.6.0
• files_trashbin: 1.4.1
• files_versions: 1.7.1
• files_videoplayer: 1.3.0
• firstrunwizard: 2.3.0
• gallery: 18.1.0
• groupfolders: 1.3.3
• issuetemplate: 0.4.0
• logreader: 2.0.0
• lookup_server_connector: 1.2.0
• nextcloud_announcements: 1.3.0
• notifications: 2.2.1
• oauth2: 1.2.1
• password_policy: 1.4.0
• provisioning_api: 1.4.0
• serverinfo: 1.4.0
• sharebymail: 1.4.0
• support: 1.0.0
• survey_client: 1.2.0
• systemtags: 1.4.0
• theming: 1.5.0
• twofactor_backupcodes: 1.3.1
• updatenotification: 1.4.1
• workflowengine: 1.4.0
  Disabled:
• encryption
• files_external
• user_external
• user_ldap

Nextcloud configuration:

`{
"htaccess.RewriteBase": "/",
"memcache.local": "\OC\Memcache\APCu",
"apps_paths": [
{
"path": "/var/www/html/apps",
"url": "/apps",
"writable": false
},
{
"path": "/var/www/html/custom_apps",
"url": "/custom_apps",
"writable": true
}
],
"instanceid": "REMOVED SENSITIVE VALUE",
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"REMOVED SENSITIVE VALUE",
"REMOVED SENSITIVE VALUE"
],
"datadirectory": "REMOVED SENSITIVE VALUE",
"dbtype": "sqlite3",
"version": "14.0.3.0",
"overwrite.cli.url": "REMOVED SENSITIVE VALUE",
"installed": true,
"mail_smtpmode": "smtp",
"mail_from_address": "REMOVED SENSITIVE VALUE",
"mail_domain": "REMOVED SENSITIVE VALUE",
"mail_smtpauthtype": "LOGIN",
"mail_smtphost": "REMOVED SENSITIVE VALUE",
"mail_smtpport": "587",
"mail_smtpauth": 1,
"mail_smtpname": "REMOVED SENSITIVE VALUE",
"mail_smtppassword": "REMOVED SENSITIVE VALUE"
}

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Independent (tried with Chrome, Firefox, IE, ...)

Operating system: Mostly Windows

Additional note

1. If you create into Marketing folder a new subfolder and tag it, access to that folder is denied to Customer_A_User_2, as expected. It seems that the control fails only on the root shared folder.
2. It all seemed to work before I added the https://github.com/linhtinh11/files_editcontrol application. But even if I remove it, it doesn't work as expected

[nickvergessen]

Works quite fine here, if I put Customer_A_User_1 in the marketing group and Customer_A_User_2 in the software group, so this isn't a bug report, it seems to be a support request. Please use https://portal.nextcloud.com for those or look on the home user forums on https://help.nextcloud.com