Trying to access another users folder from propfind gives internal server error

[dpakach]

according to owncloud/ocis-reva#9 users can access another users dav endpoints which is a bug. but in EOS storage if a user tries to access another user's file he gets similar result.
But when accessing another users folder it gives 500 - Internal Server Error
While this should not be allowed, it should gives proper status code and message like 403

[butonic]

To clarify: the spaces concept allow acessing other users spaces at the /dav/spaces/{spaceid} endpoint. Accessing other users spaces at /dav/files/{username} only makes sense if te space belongs to a technical user that shared his root to multiple users or a group. A workaround for old project drive like functionality. Spaces adresses that properly.

That being said, The /dav/files/{username} endpoint should return 404 to not leak if a user exists or not. See #3872

The ocdav handler currently checks if the logged in user matches the username in the path, regardless of storage driver and returns whatever error code is returned by the storage driver.

[fschade]

Please open again if the ticket is still relevant