Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability for admin to hide folders from users #4634

Closed
chrisbeardy opened this issue May 1, 2017 · 8 comments
Closed

Add ability for admin to hide folders from users #4634

chrisbeardy opened this issue May 1, 2017 · 8 comments
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap enhancement needs info

Comments

@chrisbeardy
Copy link

Potentially issue for file access control

Expected behaviour

When tag is added to restrict access control, would like ability to hide folder from all users without permission so that they cannot see it or enter it.

Actual behaviour

Message at top of screen saying do not have permission to upload/download files here

@MorrisJobke
Copy link
Member

@chrisbeardy What is the use case behind this? I don't see any scenario why an admin should hide a users files and I find it quite disturbing. This would then also mean that you for example sync it, add the tag and then the client deletes the files.

cc @nickvergessen @karlitschek

@MorrisJobke MorrisJobke added 0. Needs triage Pending check for reproducibility or if it fits our roadmap needs info labels May 1, 2017
@MorrisJobke MorrisJobke changed the title Feature Request: Add ability for admin to hide folders from users Add ability for admin to hide folders from users May 1, 2017
@chrisbeardy
Copy link
Author

@MorrisJobke

Say I have 2 folders, A and B, two users A and B. I have set up user permissions so that user A can only use folder A for uploading/downloading and user B can only use folder B for uploading/downloading. I have done this using invisible tags and the file access control using this example https://docs.nextcloud.com/server/10/admin_manual/configuration_files/files_access_control.html

What I want to be able to do I stop User A from seeing User B's folder and vise versa.

@MorrisJobke
Copy link
Member

MorrisJobke commented May 1, 2017

Say I have 2 folders, A and B, two users A and B. I have set up user permissions so that user A can only use folder A for uploading/downloading and user B can only use folder B for uploading/downloading. I have done this using invisible tags and the file access control using this example

Having an admin with folders A and B, sharing A to userA and B to userB ... problem solved without juggling with the tagging and permissions. Or do I see this wrong?

@MorrisJobke
Copy link
Member

Say I have 2 folders, A and B, two users A and B. I have set up user permissions so that user A can only use folder A for uploading/downloading and user B can only use folder B for uploading/downloading. I have done this using invisible tags and the file access control using this example https://docs.nextcloud.com/server/10/admin_manual/configuration_files/files_access_control.html

Where those two folders are coming from? A and B is created by userA and by userB in their home folder ... why should the admin then remove it again if they are user created?

@chrisbeardy
Copy link
Author

@MorrisJobke

sorry if I'm not being clear, I'll try and explain a bit more specific to my application.

I have 3 users (Chris, Dan and Jason). I set up nextcloud using a VM and have attached a network share using SMB, the network share contains the users home folders, called Chris, Dan and Jason along with other folders that we all use. The problem I have is as soon as I attached the network share all three users can see all the folders. what I would like is that Dan cannot see Chris and Jason's home folders and so on.

I understand admin could create folders and only share them with the correct users however as I set up network share, it seems that all the users have access to all the folders on the network share.

I hope this makes sense.

@MorrisJobke
Copy link
Member

I still doubt that hiding is here the best approach, because it could cause weird side effect if now Dan creates a folder named Chris because for him this folder doesn't exist and then it collides with this magic folder.

For SMB shares we also have the way to have one mount point with a special variable per user. This the is something like users/$user and gets mounted to Home/ for example. Then Dan would have users/Dan mounted at Home/ and Chris would have users/Chris mounted in Home/. For the shared content you would add a second mount that is the same for all users. Something like shared/ on the SMB which is mounted for each user to Team/.

That concept is already in place and is used heavily by our users.

@chrisbeardy
Copy link
Author

I see that that could be the case and therefore hiding folders could be dangerous. I shall implement what you have suggested as this functionality seems much more suited. Thanks for your help and understanding on this topic.

@MorrisJobke
Copy link
Member

I see that that could be the case and therefore hiding folders could be dangerous. I shall implement what you have suggested as this functionality seems much more suited. Thanks for your help and understanding on this topic.

Thanks for you explanation. We always try to understand the reasons for given features. Sorry that this not went the way you imagined, but implementing everything would lead to a huge very complex system that doesn't work as stable anymore. So we try to find solutions with the current implementation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
0. Needs triage Pending check for reproducibility or if it fits our roadmap enhancement needs info
Projects
None yet
Development

No branches or pull requests

2 participants