I shared a folder with group A, but would like to prevent access to some files inside, making them accessible only to users belonging both to group A and group B.
What I did is:
share the folder with group A
then create a collaborative tag “only_for_group_b_eyes”
assign that tag only to those file I want to be accessible only to group b
finally create a file access rule:
file collaborative tag is "only_for_group_b_eyes"
user group membership is not member of “group B”
But, by doing this, the user “john”, that belongs only to group A, and attempts to open the shared folder, is pushed back to home and cannot see any content of the folder, while I think he should see some files (those not tagged).
Furtermore, all files are still visible in the search results, but none can be opened.
Thanks for your support!
Unfortunately I’m running in a similar issue, now that I upgraded to 12.0.2
The conditions are pretty the same: I shared a folder with a group “A” an then, on SOME items inside, I want to further restrict access to members of a “more privileged” group “B”.
When a user belonging only to group “A” enters the folder, two issues arise:
he can see the file in the list
when he tries to open the file he gets an “internal error” alert
In the logs we see this Error: core
Error while running background job (OCP\Files\ForbiddenException): Access denied
OCA\Files_Versions\Command\Expire {
fileName: "/my_shared_folder/my_restricted_file.txt",
user: "admin"
}
/var/www/html/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php - line 47: OCA\FilesAccessControl\Operation->checkFileAccess(Object(OCA\FilesAccessControl\StorageWrapper), 'files_versions/...')
/var/www/html/nextcloud/apps/files_accesscontrol/lib/StorageWrapper.php - line 269: OCA\FilesAccessControl\StorageWrapper->checkFileAccess('files_versions/...')
/var/www/html/nextcloud/lib/private/Files/View.php - line 1136: OCA\FilesAccessControl\StorageWrapper->unlink('files_versions/...')
/var/www/html/nextcloud/lib/private/Files/View.php - line 701: OC\Files\View->basicOperation('unlink', '/my_shared_folder...', Array)
/var/www/html/nextcloud/apps/files_versions/lib/Storage.php - line 220: OC\Files\View->unlink('/my_shared_folder...')
/var/www/html/nextcloud/apps/files_versions/lib/Storage.php - line 779: OCA\Files_Versions\Storage deleteVersion(Object(OC\Files\View), '/my_shared_folder...')
/var/www/html/nextcloud/apps/files_versions/lib/Command/Expire.php - line 61: OCA\Files_Versions\Storage expire('/my_shared_folder...', 'admin')
/var/www/html/nextcloud/lib/private/Command/CommandJob.php - line 35: OCA\Files_Versions\Command\Expire->handle()
/var/www/html/nextcloud/lib/private/BackgroundJob/Job.php - line 59: OC\Command\CommandJob->run('O 33 "OCA\\Files...')
/var/www/html/nextcloud/lib/private/BackgroundJob/QueuedJob.php - line 43: OC\BackgroundJob\Job->execute(Object(OC\BackgroundJob\JobList), Object(OC\Log))
/var/www/html/nextcloud/cron.php - line 147: OC\BackgroundJob\QueuedJob->execute(Object(OC\BackgroundJob\JobList), Object(OC\Log))
{main}