Access Control Blocks parent folder


### Steps to reproduce
1. Set up tho users one who is in group g1 and one who is in group g1 AND g2
2. As Admin create a folder (folder1) and share it to a group (group1)
3. Set up restrictions on a subfolder (folder1/folder2) using FS tag "g2" + FAC rule (fstag=="g2" AND user not in group2) so in theory anyone who is in group1 and group2 should be able to view the folder (which works)
4. The access to the parent folder (folder1) is blocked for anyone ho is not in group1 AND group2
5. After removing the FS tag "g2" from folder2 everything works again (user who is member of g1 and not member of g2 can chdir to folder1)

### Expected behaviour
A user who is member of g1 should be able to see the content of folder1

### Actual behaviour
When a user who is member of g1 (but not g2) wants to chdir to folder1 nothing happens

### Server configuration
### Server configuration
**Operating system**: Linux squamata 4.8.0-2-amd64 #1 SMP Debian 4.8.11-1 (2016-12-02) x86_64

**Web server:** Apache/2.4.25 (Debian) (apache2handler)

**Database:** pgsql PostgreSQL 9.6.3 on x86_64-pc-linux-gnu, compiled by gcc (Debian 6.3.0-17) 6.3.0 20170510, 64-bit

**PHP version:** 7.0.19-1
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, apache2handler, mysqlnd, PDO, xml, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, imagick, intl, json, ldap, exif, mcrypt, mysqli, pdo_mysql, pdo_pgsql, pdo_sqlite, pgsql, Phar, posix, readline, shmop, SimpleXML, soap, sockets, sqlite3, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, Zend OPcache

**Nextcloud version:** 12.0.0 - 12.0.0.29

**Updated from an older Nextcloud/ownCloud or fresh install:**

**Where did you install Nextcloud from:** 

**Signing status:**
<details>
	<summary>Signing status</summary>

```
{
    "qownnotesapi": {
        "EXCEPTION": {
            "class": "OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException",
            "message": "Certificate is not valid."
        }
    }
}
```

</details>

**List of activated apps:**
<details>
	<summary>App list</summary>
```
Enabled:
 - activity: 2.5.2
 - bookmarks: 0.10.0
 - bruteforcesettings: 1.0.2
 - calendar: 1.5.3
 - checksum: 0.3.4
 - comments: 1.2.0
 - contacts: 1.5.3
 - dav: 1.3.0
 - deck: 0.1.4
 - external: 2.0.3
 - federatedfilesharing: 1.2.0
 - federation: 1.2.0
 - files: 1.7.2
 - files_accesscontrol: 1.2.4
 - files_automatedtagging: 1.2.2
 - files_downloadactivity: 1.1.1
 - files_external: 1.3.0
 - files_markdown: 1.0.1
 - files_pdfviewer: 1.1.1
 - files_sharing: 1.4.0
 - files_texteditor: 2.4.1
 - files_trashbin: 1.2.0
 - files_versions: 1.5.0
 - files_videoplayer: 1.1.0
 - firstrunwizard: 2.1
 - gallery: 17.0.0
 - gpxedit: 0.0.6
 - gpxpod: 2.1.2
 - groupfolders: 1.0.2
 - issuetemplate: 0.2.1
 - logreader: 2.0.0
 - lookup_server_connector: 1.0.0
 - nextant: 1.0.8
 - nextcloud_announcements: 1.1
 - notes: 2.2.0
 - notifications: 2.0.0
 - oauth2: 1.0.5
 - password_policy: 1.2.2
 - provisioning_api: 1.2.0
 - qownnotesapi: 17.5.0
 - rainloop: 4.28.1
 - richdocuments: 1.12.28
 - serverinfo: 1.2.0
 - sharebymail: 1.2.0
 - spreed: 2.0.1
 - survey_client: 1.0.0
 - systemtags: 1.2.0
 - tasks: 0.9.5
 - theming: 1.3.0
 - twofactor_backupcodes: 1.1.1
 - updatenotification: 1.2.0
 - workflowengine: 1.2.0

Disabled:
 - admin_audit
 - apporder
 - audioplayer
 - encryption
 - keeweb
 - mail
 - user_external
 - user_ldap
 - weather
```
</details>

**The content of config/config.php:**
<details>
	<summary>Config report</summary>

```
{
    "instanceid": "ocoygzxy7l84",
    "passwordsalt": "***REMOVED SENSITIVE VALUE***",
    "secret": "***REMOVED SENSITIVE VALUE***",
    "trusted_domains": [
        "cloud.eguana.rocks"
    ],
    "datadirectory": "\/var\/nextcloud\/data",
    "overwrite.cli.url": "https:\/\/cloud.eguana.rocks",
    "dbtype": "pgsql",
    "version": "12.0.0.29",
    "dbname": "nextcloud",
    "dbhost": "localhost",
    "dbport": "",
    "dbtableprefix": "oc_",
    "dbuser": "***REMOVED SENSITIVE VALUE***",
    "dbpassword": "***REMOVED SENSITIVE VALUE***",
    "logtimezone": "UTC",
    "installed": true,
    "maintenance": false,
    "loglevel": 2,
    "mail_from_address": "admin",
    "mail_smtpmode": "php",
    "mail_smtpauthtype": "LOGIN",
    "mail_domain": "eguana.rocks"
}
```
</details>

**Are you using external storage, if yes which one:** Array
(
    [0] => \OC\Files\Storage\Local
    [1] => \OCA\Files_External\Lib\Storage\FTP
    [2] => \OC\Files\Storage\DAV
    [3] => \OCA\Files_External\Lib\Storage\OwnCloud
    [4] => \OCA\Files_External\Lib\Storage\SFTP
    [5] => \OCA\Files_External\Lib\Storage\AmazonS3
    [6] => \OCA\Files_External\Lib\Storage\Dropbox
    [7] => \OCA\Files_External\Lib\Storage\Google
    [8] => \OCA\Files_External\Lib\Storage\Swift
    [9] => \OCA\Files_External\Lib\Storage\SFTP
    [10] => \OCA\Files_External\Lib\Storage\SMB
    [11] => \OCA\Files_External\Lib\Storage\SMB
)


**Are you using encryption:** no

**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...

### Client configuration
**Browser:** Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Access Control Blocks parent folder #65

Steps to reproduce

Expected behaviour

Actual behaviour

Server configuration

Server configuration

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Access Control Blocks parent folder #65

Description

Steps to reproduce

Expected behaviour

Actual behaviour

Server configuration

Server configuration

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions