Adding images to album from a folder shared with me fails #669
Comments
|
This is currently an upstream limitation |
pulsejet
added
bug
|
This is really a pitty. The pull request you mentioned above is merged, but I'm still facing this limitation with NC 27. As long as this persists, a more informative error message would be helpful, e.g. like the one from the console: <d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
<s:exception>Sabre\DAV\Exception\Forbidden</s:exception>
<s:message>Can't add file to album, only files from bruno can be added</s:message>
</d:error>Meanwhile, would this app be a possible workaround? https://apps.nextcloud.com/apps/groupfolders |
From what I could read, the pull request does not solve the isssue: so in fact, the requirement is that ownerUID == uid. It would be great if that condition was not so strict, for example, if a user has explicitly allowed sharing, then adding files that are shared to an album should also be allowed. |
Yeah, the linked PR only improves the randomness in the behavior as described there. The limitation still exists, which is why this issue is blocked.
Shares have an "allow resharing" permission so ideally we need to check for that. I didn't dive deep enough / didn't find a trivial solution to this yet. |
|
I guess part of the problem is, that this has to be re-check for each image in an album at every request, to make sure the permissions have not changed. |
|
True. For example,
|
|
No, if a user decides to unshare a file/disallow resharing, it should recursively be removed from all albums it contains, which no longer have permissions to the file. In this example, the file should vanish in both the albums of Bob and Cathy. This can, of course be frustrating for Bob and Cathy, as their precious file is suddenly gone. Worst case, both come here and report this as a bug. 😆 A possible solution from a user perspective could be a warning message when opening an album that user XY has unshared N files and is no longer part of the album. Another possible solution could be a placeholder image containing a message like: "Cathy unshared this file; it is no longer visible to you." If Cathy would reshare that file, it could be displayed again. Such a placeholder should be removed from an album like a regular file. Additionally, there should be an album-wide option to remove all placeholders from an album users can no longer access. This is important if many placeholders for unshared files are in an album and must be dropped simultaneously. One question regarding the checks: Is a file accessible/allowed for re-sharing? Are those done now already? I assume there is no way around this anyway, right? |
Exactly, which makes it quite complex. For one, now we also need to track who added the photo to the album and make this check in a hook. There's also the possibility that Alice simply revokes the re-sharing permission on the shared folder, which should also trigger this. But I'm not sure if such a hook even exists at the moment.
This is a great idea. It does still need tracking who shared the file though, since if Alice opened the album, we need to know that Bob added it to the album originally, and then make the check that Bob can still access and re-share it. One new caveat here would be that it may leak some information, for example the date of the photo that was un-shared throught it's position in the timeline.
The associated machinery mostly exists already, it's just a matter of integrating it with the albums backend of Photos. That's not trivial, unfortunately, since IIRC the DAV backend doesn't "see" shares etc. so we need separate lookups to determine those things. |
|
In general, is this something to implemented in memories or rather nextcloud/photos? |
|
There's nextcloud/photos#1905 |
|
I have the same issue... but what is this discussion about? → won't fix because it's complex? What is interesting to me is: I have a folder shared with another account. The account adds a picture there. So how does this move on? Is someone fixing the problem? PS: To your discussion above... If I want to share shared files without the problem that the main sharer can revoke the access to it... I just copy them. |
No. It's just blocked cause we can't fix it here.
Nope. When you upload to a shared folder, the owner of the folder assumes the ownership of the uploaded file. This also applies to quotas etc.
Don't think so, but I'm sure the Photos maintainers would be happy to get a PR for this (best to check with them on the implementation first though)
The problem isn't the lack of possible solutions but that the behavior might be unintuitive in various cases. For example, Alice might be aware that Bob shared the album to Cathy and we can't really infer if she did intend to unshare from just Bob or both. Either way, we do need to take one path and see how it works. But the reason this is blocked is more on implementation rather than this issue at the moment. |
Describe the bug
Adding images to an album from a folder that is shared with me fails.
To Reproduce
theSharewith user giver upload some images and share it with user receiver with all rights (ediing, creating, resharing, deleting, download).theShareto into you Memories folder.theShare.theShareto an album. See it failing on the screenshot below.Note:
Screenshots
Platform:
Additional context
I'm getting this in the browser (Brave) console, when I open Memories. No idea if this is related to the issue.
No, nothing there.
The text was updated successfully, but these errors were encountered: