Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Flow denial on uploading private files prevents NC Talk Folder access/creation #206

Open
rkwillig opened this issue Jul 28, 2021 · 2 comments
Open

Flow denial on uploading private files prevents NC Talk Folder access/creation #206

rkwillig opened this issue Jul 28, 2021 · 2 comments
Labels
bug

Comments

@rkwillig
Copy link

Steps to reproduce

  1. Creating flow rule with following filters: "Tag - not tagged by - TAGNAME" && "User Group is not ADMIN"
  2. Installing nextcloud Talk App
  3. Create new user

Expected behaviour

User is able to login and is able to use Nextcloud Talk

Actual behaviour

On first login User is getting an internal server error, log shows that the flow rule denies creation of "Talk" folder in user directory.
pre-creating the folder "Talk" by skeleton directory ist working to create the folder and let's the user log in, but the user has no access on the "Talk" folder because of the flow restrictions.
I haven't found any way to exclude the folder from the rule, so the user can use NC Talk.

Users should not be able to upload files to their own NC (Home) folder, but they should be able to work in shared folders and should be able to use NC Talk.

Server configuration

Operating system: Debian 9

Web server: nginx

Database: mariadb 15.1

PHP version: 7.4

Nextcloud version: 21 & 22

Where did you install Nextcloud from: .zip-package from nextcloud.com

Signing status:

No errors have been found.

List of activated apps:

Enabled:
  - accessibility: 1.7.0
  - activity: 2.15.0
  - bruteforcesettings: 2.2.0
  - circles: 22.0.0
  - cloud_federation_api: 1.4.0
  - comments: 1.11.0
  - contactsinteraction: 1.2.0
  - dashboard: 7.1.0
  - dav: 1.18.0
  - federatedfilesharing: 1.11.0
  - federation: 1.11.0
  - files: 1.16.0
  - files_accesscontrol: 1.12.0
  - files_automatedtagging: 1.12.0
  - files_pdfviewer: 2.3.0
  - files_rightclick: 1.1.0
  - files_sharing: 1.13.2
  - files_trashbin: 1.11.0
  - files_versions: 1.14.0
  - files_videoplayer: 1.11.0
  - firstrunwizard: 2.11.0
  - logreader: 2.7.0
  - lookup_server_connector: 1.9.0
  - nextcloud_announcements: 1.11.0
  - notifications: 2.10.1
  - oauth2: 1.9.0
  - onlyoffice: 7.0.4
  - password_policy: 1.12.0
  - photos: 1.4.0
  - privacy: 1.6.0
  - provisioning_api: 1.11.0
  - recommendations: 1.1.0
  - serverinfo: 1.12.0
  - settings: 1.3.0
  - sharebymail: 1.11.0
  - spreed: 12.0.1
  - support: 1.5.0
  - survey_client: 1.10.0
  - systemtags: 1.11.0
  - text: 3.3.0
  - theming: 1.12.0
  - twofactor_backupcodes: 1.10.1
  - updatenotification: 1.11.0
  - user_status: 1.1.1
  - viewer: 1.6.0
  - weather_status: 1.1.0
  - workflowengine: 2.3.0
Disabled:
  - admin_audit
  - audioplayer
  - encryption
  - files_external
  - user_ldap

Nextcloud configuration:

{
    "system": {
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "cloud.CUSTOMERDOMAIN.de"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "22.0.0.11",
        "overwrite.cli.url": "http:\/\/cloud.CUSTOMERDOMAIN.de",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "loglevel": 1,
        "default_language": "de_DE",
        "default_locale": "de_DE",
        "sharing.interal_shares_accepted": true,
        "memcache.local": "\\OC\\Memcache\\APCu",
        "filelocking.enabled": true,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "skeletondirectory": "\/var\/www\/clients\/client5\/web12\/web\/keinedaten",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379,
            "dbindex": 5,
            "timeout": 0,
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "theme": "",
        "maintenance": false,
        "defaultapp": "files",
        "mail_smtpmode": "smtp",
        "mail_smtpsecure": "ssl",
        "mail_sendmailmode": "smtp",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "LOGIN",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "465",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "app_install_overwrite": [
            "email_template_CUSTOMER"
        ],
        "updater.release.channel": "stable"
    }
}

Are you using external storage, if yes which one: no

Are you using encryption: no

Are you using an external user-backend, if yes which one: no

Client configuration

Browser: Chrome/Firefox/Edge

Operating system: Win10
@nickvergessen
Copy link
Member

Maybe you can Allow the name Talk independent from the absence of the Tag?
Not sure this is otherwise solvable at the moment.

@maximelehericy
Copy link

This issue will probably appear for all folders created automatically by apps (calendar or collectives for example)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nickvergessen @maximelehericy @rkwillig