Skip to content

Reflect public shares in isPublic flag and fix permission check #55147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Dec 3, 2025
Merged

Reflect public shares in isPublic flag and fix permission check #55147

merged 4 commits into from
Dec 3, 2025
+123 −83

Conversation

@salmart-dev
Copy link
Contributor

@salmart-dev salmart-dev commented Sep 16, 2025
edited
Loading

Summary

Fixes some issues introduced in the PR above, namely:

  1. The boolean flag isPublicShare was false in an instance where it should have been set to true. Flipping it to reflect the publicity of the share would break a compatibility functionality (read more below)
  2. Creating a collection using nicknames in a public share failed due to using instanceof on a storage wrapped by the files_accesscontrol app, instead of the function instanceOfStorage which checks if the instance itself or any wrapped storages (or wrappers) are instance of the passed class.

Compatibility Issue

For compatibility reasons the API call PROPFIND http://nextcloud.local/public.php/webdav should return the properties of the files in a public share. The share is identified through its ID, sent through the authorization header as username. In the master code, flipping the bool isPublicShare to true would break this functionality by changing the way the DAV tree is set up.

Checklist

@salmart-dev salmart-dev self-assigned this Sep 16, 2025
@salmart-dev salmart-dev added bug 3. to review Waiting for reviews labels Sep 16, 2025
@szaimen szaimen mentioned this pull request Oct 14, 2025
Closed
36 tasks
@salmart-dev salmart-dev force-pushed the fixPublicShares branch 2 times, most recently from 9535adf to ce8e8bd Compare October 16, 2025 09:55
@salmart-dev salmart-dev changed the title Fix public shares Reflect public shares in isPublic flag and fix permission check Oct 16, 2025
@salmart-dev salmart-dev marked this pull request as ready for review October 16, 2025 13:43
@salmart-dev salmart-dev requested a review from a team as a code owner October 16, 2025 13:43
@salmart-dev salmart-dev requested review from ArtificialOwl, CarlSchwan and leftybournes and removed request for a team October 16, 2025 13:43
CarlSchwan
CarlSchwan reviewed Oct 16, 2025
View reviewed changes
provokateurin
provokateurin reviewed Dec 1, 2025
View reviewed changes
Copy link
Member

@provokateurin provokateurin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but can you rebase and test everything again, as I fixed some things with chunked upload recently? I just want to avoid a regression with these changes.

@salmart-dev
refactor: extract tree initialization logic
c5ad20d 
Signed-off-by: Salvatore Martire <[email protected]>
@salmart-dev
fix: isPublicShare =true when share is public
38f8423 
The isPublicShare was set to false in one instance where it should have
been true. Flipping the value to true, would break the functionality for
PROPFIND /public.php/webdav/ which returns properties of files in a
share identified by the username being the share token.

Signed-off-by: Salvatore Martire <[email protected]>
@salmart-dev
fix: check instance of storage using helper function
4ac0fcf 
instanceof cannot be used to check the instance of a storage, doing so
breaks the check in certain cases. In this case, enabling the
`files_accesscontrol` app breaks the check.

Signed-off-by: Salvatore Martire <[email protected]>
@salmart-dev
style: apply cs-fixer to publicwebdav.php
631318f 
Signed-off-by: Salvatore Martire <[email protected]>
@salmart-dev
Copy link
Contributor Author

salmart-dev commented Dec 1, 2025

LGTM, but can you rebase and test everything again, as I fixed some things with chunked upload recently? I just want to avoid a regression with these changes.

Tested:

  • can't PROPFIND on a public share without read permissions (files drop)
  • can PROPFIND on a share via /public.php/webdav with username = share ID (while on master I can't when setting isPublic to true)
  • can upload a collection with the files_accesscontrol app enabled, while on master I get the error "Target folder does not exist anymore"

So it seems all is still good 👍

@salmart-dev salmart-dev added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Dec 3, 2025
@salmart-dev
Copy link
Contributor Author

salmart-dev commented Dec 3, 2025

/backport to stable32

@salmart-dev
Copy link
Contributor Author

salmart-dev commented Dec 3, 2025

/backport to stable31

@salmart-dev salmart-dev merged commit 31af870 into master Dec 3, 2025
271 of 296 checks passed
@salmart-dev salmart-dev deleted the fixPublicShares branch December 3, 2025 15:37
This was referenced Dec 3, 2025
Draft
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@CarlSchwan CarlSchwan CarlSchwan approved these changes

@provokateurin provokateurin provokateurin approved these changes

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl is a code owner automatically assigned from nextcloud/server-backend

@leftybournes leftybournes Awaiting requested review from leftybournes leftybournes is a code owner automatically assigned from nextcloud/server-backend

Assignees

@salmart-dev salmart-dev

Labels

4. to release Ready to be released and/or waiting for tests to finish bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@salmart-dev @CarlSchwan @provokateurin