Cannot MOVE (+rename) files to which access control rules apply #67
Description
Title
Steps to reproduce
- Create File Access Control Rules for Folder tagged with tag 'Charts (invisible)'
- Define rules for Images only and Text (plain/markdown) only
- see table
| Rule | Option | Value |
|---|---|---|
| File system tag | is tagged with | Charts (invisible) |
| File MIME type | does not match | /^text\/(plain|markdown)$/i |
| File MIME type | does not match | /^image\/.*$/i |
| File MIME type | does not match | /^httpd\/unix-.*$/i |
- Upload 1.jpg to directory inside the 'Charts (invisible)' tagged directory >>
success!
[Charts] (tag: Charts(invisible))
Folder 1
1.jpg
Expected behaviour
- Rename 1.jpg to 2.jpg >>
success! - Move 2.jpg to parent folder >>
success! - Delete 2.jpg >>
success!
Move operator should move files to desired destination.
Move operator should successfully rename files.
Actual behaviour
- Rename 1.jpg to 2.jpg >>
failure - Move 1.jpg to parent folder >>
failure - Delete 1.jpg >>
success!
Server configuration
Operating system: Linux blackmesa 4.9.0-3-amd64 #1 SMP Debian 4.9.25-1 (2017-05-02) x86_64
Web server: nginx/1.10.3 (fpm-fcgi)
Database: mysql 10.1.23
PHP version: 7.0.19-1
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, session, standard, cgi-fcgi, mysqlnd, PDO, xml, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, igbinary, intl, json, ldap, exif, mcrypt, mysqli, pdo_mysql, Phar, posix, readline, redis, shmop, SimpleXML, soap, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, Zend OPcache
Nextcloud version: 12.0.0 - 12.0.0.29
Updated from an older Nextcloud/ownCloud or fresh install:
existing installation since Nextcloud 10
Where did you install Nextcloud from:
daily source
Signing status:
Signing status
[]
List of activated apps:
App list
``` Enabled: - activity: 2.5.2 - admin_audit: 1.2.0 - announcementcenter: 3.1.0 - audioplayer: 2.0.1 - bookmarks: 0.10.0 - bruteforcesettings: 1.0.2 - calendar: 1.5.3 - circles: 0.10.0 - comments: 1.2.0 - contacts: 1.5.3 - dav: 1.3.0 - deck: 0.1.4 - drawio: 0.8.8 - external: 2.0.3 - federatedfilesharing: 1.2.0 - federation: 1.2.0 - files: 1.7.2 - files_accesscontrol: 1.2.4 - files_automatedtagging: 1.2.2 - files_downloadactivity: 1.1.1 - files_external: 1.3.0 - files_markdown: 1.0.1 - files_pdfviewer: 1.1.1 - files_reader: 1.0.4 - files_retention: 1.1.2 - files_sharing: 1.4.0 - files_texteditor: 2.4.1 - files_trashbin: 1.2.0 - files_versions: 1.5.0 - files_videoplayer: 1.1.0 - firstrunwizard: 2.1 - gallery: 17.0.0 - groupfolders: 1.0.2 - impersonate: 1.0.1 - issuetemplate: 0.2.1 - keeweb: 0.4.0 - logreader: 2.0.0 - lookup_server_connector: 1.0.0 - news: 11.0.5 - nextant: 1.0.8 - nextcloud_announcements: 1.1 - notifications: 2.0.0 - oauth2: 1.0.5 - onlyoffice: 1.0.4 - ownbackup: 17.5.0 - password_policy: 1.2.2 - previewgenerator: 1.0.6 - provisioning_api: 1.2.0 - qownnotesapi: 17.5.0 - rainloop: 5.0.0 - serverinfo: 1.2.0 - sharebymail: 1.2.0 - spreed: 2.0.1 - survey_client: 1.0.0 - systemtags: 1.2.0 - tasks: 0.9.5 - theming: 1.3.0 - twofactor_backupcodes: 1.1.1 - updatenotification: 1.2.0 - user_ldap: 1.2.1 - weather: 1.4.2 - workflowengine: 1.2.0Disabled:
- encryption
- files_snapshots
- quota_warning
- user_external
</details>
**The content of config/config.php:**
<details>
<summary>Config report</summary>
{
"instanceid": "ocx0km2l2lfz",
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"bmcs.one"
],
"datadirectory": "/var/www/nextcloud/data",
"memcache.local": "\OC\Memcache\Redis",
"filelocking.enabled": "true",
"memcache.locking": "\OC\Memcache\Redis",
"redis": {
"host": "localhost",
"port": 6379,
"password": "REMOVED SENSITIVE VALUE",
"timeout": 1.5,
"dbindex": 0
},
"overwrite.cli.url": "https://bmcs.one",
"mysql.utf8mb4": true,
"default_language": "en",
"dbtype": "mysql",
"version": "12.0.0.29",
"dbname": "nextcloud",
"dbhost": "localhost",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"logtimezone": "UTC",
"installed": true,
"ldapIgnoreNamingRules": false,
"ldapUserCleanupInterval": 5,
"ldapProviderFactory": "\OCA\User_LDAP\LDAPProviderFactory",
"activity_expire_days": 21,
"wnd.logging.enable": true,
"mail_smtpmode": "smtp",
"mail_from_address": "nextcloud",
"mail_domain": "bmcs.one",
"mail_smtphost": "bmcs.one",
"mail_smtpport": "465",
"mail_smtpauth": 1,
"mail_smtpname": "REMOVED SENSITIVE VALUE",
"mail_smtppassword": "REMOVED SENSITIVE VALUE",
"mail_smtpauthtype": "LOGIN",
"mail_smtpsecure": "ssl",
"appstore.experimental.enabled": true,
"singleuser": false,
"loglevel": 2,
"log_rotate_size": 2306867,
"maintenance": false,
"updater.release.channel": "beta",
"theme": "",
"updater.secret": "REMOVED SENSITIVE VALUE"
}
</details>
**Are you using external storage, if yes which one:** Array
(
[0] => \OC\Files\Storage\Local
[1] => \OCA\Files_External\Lib\Storage\FTP
[2] => \OC\Files\Storage\DAV
[3] => \OCA\Files_External\Lib\Storage\OwnCloud
[4] => \OCA\Files_External\Lib\Storage\SFTP
[5] => \OCA\Files_External\Lib\Storage\AmazonS3
[6] => \OCA\Files_External\Lib\Storage\Dropbox
[7] => \OCA\Files_External\Lib\Storage\Google
[8] => \OCA\Files_External\Lib\Storage\Swift
[9] => \OCA\Files_External\Lib\Storage\SFTP
)
**Are you using encryption:** no
**Are you using an external user-backend, if yes which one:** LDAP/ActiveDirectory/Webdav/...
#### LDAP configuration (delete this part if not used)
<details>
<summary>LDAP config</summary>
```
will deliver if necessary. I don't consider this is an LDAP issue.
```
</details>
### Client configuration
**Browser:** Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36
**Operating system:**
### Logs
#### Web server error log
<details>
<summary>Web server error log</summary>
```
Nginx access.log
***.***.***.*** - - [04/Jun/2017:00:02:25 +0200] "MOVE /remote.php/webdav/Parent%20Folder/Charts/Folder%201/1.jpg HTTP/2.0" 500 407 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36"
***.***.***.*** - - [04/Jun/2017:00:02:26 +0200] "GET /ocs/v2.php/apps/notifications/api/v2/notifications HTTP/2.0" 200 509 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.96 Safari/537.36"
Nginx error.log
does not throw an error
```
</details>
#### Nextcloud log (data/nextcloud.log)
<details>
<summary>Nextcloud log</summary>
```
{"reqId":"bwfvHMPrj2M6S8TdLerq","level":4,"time":"2017-06-03T22:02:25+00:00","remoteAddr":"***.***.***.***","user":"957831e0-****-****-****-2d5505f1c4bc","app":"webdav","method":"MOVE","url":"\/remote.php\/webdav\/Parent%20Folder\/Charts\/Folder%201\/1.jpg","message":"Exception: {\"Message\":\"Access denied\",\"Exception\":\"OCP\\\\Files\\\\ForbiddenException\",\"Code\":0,\"Trace\":\"#0 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/files_accesscontrol\\\/lib\\\/StorageWrapper.php(47): OCA\\\\FilesAccessControl\\\\Operation->checkFileAccess(Object(OCA\\\\FilesAccessControl\\\\StorageWrapper), 'files\\\/Parent Fo...')\\n#1 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/files_accesscontrol\\\/lib\\\/StorageWrapper.php(282): OCA\\\\FilesAccessControl\\\\StorageWrapper->checkFileAccess('files\\\/Parent Fo...')\\n#2 \\\/var\\\/www\\\/nextcloud\\\/lib\\\/private\\\/Files\\\/View.php(796): OCA\\\\FilesAccessControl\\\\StorageWrapper->rename('files\\\/Parent Fo...', 'files\\\/Parent Fo...')\\n#3 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/dav\\\/lib\\\/Connector\\\/Sabre\\\/Node.php(137): OC\\\\Files\\\\View->rename('\\\/Parent Folder\\\/...', '\\\/Parent Folder\\\/...')\\n#4 \\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Tree.php(151): OCA\\\\DAV\\\\Connector\\\\Sabre\\\\Node->setName('2.jpg')\\n#5 \\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/CorePlugin.php(642): Sabre\\\\DAV\\\\Tree->move('Parent Folder\\\/C...', 'Parent Folder\\\/C...')\\n#6 [internal function]: Sabre\\\\DAV\\\\CorePlugin->httpMove(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#7 \\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/event\\\/lib\\\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)\\n#8 \\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(479): Sabre\\\\Event\\\\EventEmitter->emit('method:MOVE', Array)\\n#9 \\\/var\\\/www\\\/nextcloud\\\/3rdparty\\\/sabre\\\/dav\\\/lib\\\/DAV\\\/Server.php(254): Sabre\\\\DAV\\\\Server->invokeMethod(Object(Sabre\\\\HTTP\\\\Request), Object(Sabre\\\\HTTP\\\\Response))\\n#10 \\\/var\\\/www\\\/nextcloud\\\/apps\\\/dav\\\/appinfo\\\/v1\\\/webdav.php(71): Sabre\\\\DAV\\\\Server->exec()\\n#11 \\\/var\\\/www\\\/nextcloud\\\/remote.php(162): require_once('\\\/var\\\/www\\\/nextcl...')\\n#12 {main}\",\"File\":\"\\\/var\\\/www\\\/nextcloud\\\/apps\\\/files_accesscontrol\\\/lib\\\/Operation.php\",\"Line\":73,\"User\":\"957831e0-0946-1036-83c9-2d5505f1c4bc\"}","userAgent":"Mozilla\/5.0 (X11; Linux x86_64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/58.0.3029.96 Safari\/537.36","version":"12.0.0.29"}
```
</details>
#### Browser log
<details>
<summary>Browser log</summary>
Javascript console log:
core.js?v=f52ee2bab990f392d20da151005c535c-185:5720 MOVE https://bmcs.one/remote.php/webdav/Parent%20Folder/Charts/Folder%201/1.jpg 500 ()
request @ core.js?v=f52ee2bab990f392d20da151005c535c-185:5720
move @ client.js?v=f52ee2bab990f392d20da151005c535c-185:731
(anonymous) @ merged-index.js?v=f52ee2bab990f392d20da151005c535c-185:6073
dispatch @ core.js?v=f52ee2bab990f392d20da151005c535c-185:3
r.handle @ core.js?v=f52ee2bab990f392d20da151005c535c-185:3
Network XHR log:
1.jpg - 500
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
<s:exception>OCP\Files\ForbiddenException</s:exception>
<s:message>Access denied</s:message>
</d:error>
</details>