[Bug]: [NC24.0.4] Even though the "Allow Download" permission for shared folders has been removed, but I can still download files from the Collabora Online menu.

[ynott]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• Nextcloud Server is running on 64bit capable CPU, PHP and OS.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

Add share attributes + prevent download permission by PVince81 - Pull Request #32482 -. nextcloud/server

The above Pull Request allows you to prohibit downloads in the menu from the Nextcloud file list, but you can download files in PDF and PPT from the Download as menu in Collabora Online.

The files can be downloaded as follows.

Steps to reproduce

1. Put pptx and PDF files in the test_share folder.
2. Share the test_share folder to the test_user folder and remove the "Allow download" permission.
3. Log in as the test_user user, open the test_share folder and open the pptx files in it in Collabora Online.
4. In the Collabora Online menu, select "Files" -> "Download as" -> "PDF Document".
5. In the Collabora Online menu, select "Files" -> "Download as" -> "PowerPoint Presentation(.pptx)".

Expected behavior

"Allow download" has been removed from the permissions, so it should not be possible to download the file.

Installation method

Manual installation

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.0

Web server

Nginx

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Updated from a minor version (ex. 22.2.3 to 22.2.4)
From 24.0.3 to 24.0.4

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

$ sudo -u nginx php /var/www/html/nextcloud/occ config:list system
{
    "system": {
        "logtimezone": "Asia\/Tokyo",
        "default_language": "ja",
        "default_locale": "ja_JP",
        "default_phone_region": "JP",
        "defaultapp": "files",
        "tempdirectory": "\/home\/nextcloud\/data\/temp",
        "log_type": "file",
        "logfile": "\/var\/log\/nextcloud\/nextcloud.log",
        "logdateformat": "Y-m-d H:i:s",
        "loglevel": 0,
        "log_rotate_size": 0,
        "log.condition": {
            "apps": [
                "admin_audit"
            ]
        },
        "has_internet_connection": true,
        "memcache.distributed": "\\OC\\Memcache\\Redis",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "filelocking.enabled": "true",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": 6379,
            "timeout": 0,
            "password": "***REMOVED SENSITIVE VALUE***"
        },
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": [
            "nc24.nextcloud.biz"
        ],
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "24.0.4.1",
        "overwrite.cli.url": "https:\/\/nc24.nextcloud.biz",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "maintenance": false,
        "updater.release.channel": "stable",
        "theme": "",
        "app_install_overwrite": [
            "workflow_script"
        ],
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_smtpauth": 1,
        "mail_smtpauthtype": "PLAIN",
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpsecure": "tls",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "updater.secret": "***REMOVED SENSITIVE VALUE***"
    }
}

### List of activated Apps

```shell
sudo -u nginx php /var/www/html/nextcloud/occ app:list
Enabled:
  - accessibility: 1.10.0
  - activity: 2.16.0
  - admin_audit: 1.14.0
  - bruteforcesettings: 2.4.0
  - calendar: 3.4.2
  - checksum: 1.1.4
  - circles: 24.0.1
  - cloud_federation_api: 1.7.0
  - comments: 1.14.0
  - contactsinteraction: 1.5.0
  - dashboard: 7.4.0
  - dav: 1.22.0
  - federatedfilesharing: 1.14.0
  - federation: 1.14.0
  - files: 1.19.0
  - files_accesscontrol: 1.14.0
  - files_automatedtagging: 1.14.0
  - files_external: 1.16.1
  - files_lock: 24.0.1
  - files_pdfviewer: 2.5.0
  - files_retention: 1.13.2
  - files_rightclick: 1.3.0
  - files_sharing: 1.16.2
  - files_trashbin: 1.14.0
  - files_versions: 1.17.0
  - files_videoplayer: 1.13.0
  - firstrunwizard: 2.13.0
  - groupfolders: 12.0.1
  - guests: 2.2.0
  - impersonate: 1.11.0
  - logreader: 2.9.0
  - lookup_server_connector: 1.12.0
  - nextcloud_announcements: 1.13.0
  - notifications: 2.12.0
  - oauth2: 1.12.0
  - password_policy: 1.14.0
  - photos: 1.6.0
  - privacy: 1.8.0
  - provisioning_api: 1.14.0
  - recommendations: 1.3.0
  - richdocuments: 6.2.0
  - richdocumentscode: 22.5.502
  - sendent: 1.2.13
  - serverinfo: 1.14.0
  - settings: 1.6.0
  - sharebymail: 1.14.0
  - spreed: 14.0.4
  - survey_client: 1.12.0
  - systemtags: 1.14.0
  - text: 3.5.1
  - theming: 1.15.0
  - theming_customcss: 1.11.0
  - twofactor_backupcodes: 1.13.0
  - updatenotification: 1.14.0
  - user_migration: 1.1.0
  - user_saml: 5.0.2
  - user_status: 1.4.0
  - viewer: 1.8.0
  - weather_status: 1.4.0
  - workflow_script: 1.9.0
  - workflowengine: 2.6.0
Disabled:
  - encryption
  - files_fulltextsearch: 24.0.1
  - fulltextsearch: 24.0.0
  - fulltextsearch_elasticsearch: 24.0.1
  - support: 1.7.0
  - user_ldap

### Nextcloud Signing status

```shell
No errors have been found.

Nextcloud Logs

No error log found.

Additional info

No response

[Raudius]

Hi ynott, thanks for the report.

I managed to find the problem and have prepared a fix: #2390

[ynott]

@Raudius
Excellent
Thanks for the quick Fix.

For the following Issue, I think the cause is the same, will this PR fix it?
nextcloud/files_pdfviewer#645