"File access control" blocks me on Android and with documents on desktop

Nextcloud version: 21.0.2
Operating system and version: Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-136-generic x86_64)
Apache or nginx version: Apache/2.4.29 (Ubuntu)
PHP version: PHP 8.0.5

The issue you are facing:
Apparently the File access control doesn’t recognize me when I use the Android app, so I can’t read document on the other side of a filter when on mobile. Additionally, I can’t open documents with Collabora that are past this filter, even if I respect the rule I set in File access control.

Is this the first time you’ve seen this error? No, I have had this problem for months already, but I can’t remember since when. I’m sure it happened before I upgraded php too.

Steps to replicate it:

  1. Set a filter with File access control like this. I’m sorry it is in Italian, it says that when the file is tagged with “Samuele” and the user is not in the group “Samuele”, the file should not be accessed. I can confirm that non-“Samuele” users can’t see such files when I share a folder with them.

  2. Add your user to the right group so that you can go through the previous filter. Here you can see I’m in “Samuele”.

  3. Filter the folder with the right tag, so that the filter takes action. I tagged the folder inside which I encounter the issue.

  4. Try to access an .md of .odt or .docx (for these I use Collabora thats behind a File access control filter. I receive “Loading takes a long time” and nothing more. On desktop, Collabora shows a message saying that maybe the file format is not supported.

  5. You can try moving such files in a folder that has no filter and you’ll see that now it works, as I experimented with Android app for .md and .docx and opening a .docx file on desktop.

The output of your Nextcloud log in Admin > Logging:

[workflowengine] Info: Last qualified flow configuration is going to run Blocca accesso a un file

PROPFIND /public.php/webdav/
from 93.63.221.126 at 2021-05-26T06:36:54+00:00

This is what I see in the logging everytime I try to access a file that’s past the filter, from the Android app.

The output of your config.php file:

<?php
$CONFIG = array (
  'instanceid' => XXXXXXXXXX,
  'passwordsalt' => XXXXXXXXXX,
  'secret' => XXXXXXXXXX,
  'trusted_domains' => 
  array (
    0 => 'nextcloud.samuelezappala.it',
  ),
  'datadirectory' => '/var/www/nextcloud.samuelezappala.it/public/data',
  'dbtype' => 'mysql',
  'version' => '21.0.2.1',
  'overwrite.cli.url' => 'https://nextcloud.samuelezappala.it',
  'dbname' => XXXXXXXXXX,
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => XXXXXXXXXX,
  'dbpassword' => XXXXXXXXXX,
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => true,
  'redis' => 
  array (
    'host' => '/var/run/redis/redis-server.sock',
    'port' => 0,
    'dbindex' => 0,
    'password' => XXXXXXXXXX,
    'timeout' => 1.5,
  ),
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 0,
  'app_install_overwrite' => 
  array (
    0 => 'passman',
    1 => 'breezedark',
  ),
  'htaccess.RewriteBase' => '/',
  'updater.release.channel' => 'stable',
  'default_phone_region' => 'IT',
  'mail_from_address' => 'samuele.zappala',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'mail.com',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.mail.com',
  'mail_smtpname' => 'samuele.zappala@mail.com',
  'mail_smtppassword' => XXXXXXXXXX,
);

The output of /var/log/apache2/access.log is very long but I don’t see anything that I think is relevant. If you need it I try to paste it here.

/var/log/apache2/collabora_error, which I find today, reports errors since last year, but related to today, that I did my experiments, it just says:

[Wed May 26 04:51:51.863219 2021] [authz_core:error] [pid 30127] [client 167.71.13.196:43242] AH01630: client denied by server configuration: /var/www/html