Nextcloud files access control

Hello everybody,

On my nextcloud, I need to manage file access based on a REST API. This REST API takes as parameters a user and metadata of a file that I add to the database (oc_files_metadata table) using listening on the UpdateFilesMetadata event when a file is uploaded to my nextcloud.
How can I set up this file access control (prohibit access to the file in the case where the user does not have the right)? I feel like I could listen to the SabrePluginAddEvent event to do this but I would need some help on how to do it.

Thanks in advance, Julien

Hello,

Are you using your own app here or want to set up using the existing apps?

What ACLs are you referring to? Are you talking about the (sharing) permissions or some other app to enforce the ACLs?

Christian

I’m using my own app. What i want is prohibit access to the file in the “Files” tab provided by Files app

So, you want to prevent access of a user to his own files? Or is there some sharing involved?

Yes, I want to prevent access of a user to his own files, no sharing involved

Honestly, this far beyond my personal experience or scope just to frame this answer correctly.

One ides I have would be to attach a storage wrapper. There was a recent discussion about virus checkers that in fact do the same. The rough idea is this: The actual storage is a class in the server core that abstracts the file IO and database handling. The core (or apps for that matter) can register wrappers around this storage to be used. These will proxy to the actual underlying storage or wrapper their requests but might alter/check/verify/… them.
I suspect there is also the possibility to prevent from forwarding and instead raising an exception in some way. But you will have to check out the details of this.