Skip to content

[stable31] fix(sharing): Allow public share access for everyone#56797

Open
backportbot[bot] wants to merge 1 commit into
stable31from
backport/55811/stable31
Open

[stable31] fix(sharing): Allow public share access for everyone#56797
backportbot[bot] wants to merge 1 commit into
stable31from
backport/55811/stable31

Conversation

@backportbot

@backportbot backportbot Bot commented Dec 2, 2025

Copy link
Copy Markdown

Backport of PR #55811

@backportbot backportbot Bot added this to the Nextcloud 31.0.12 milestone Dec 2, 2025
@nfebe nfebe enabled auto-merge December 2, 2025 16:47
@nfebe nfebe force-pushed the backport/55811/stable31 branch from c4dadbd to 569b46f Compare December 2, 2025 16:53
@solracsf

solracsf commented Dec 2, 2025

Copy link
Copy Markdown
Member

Failure is related.

There was 1 failure:

1) Test\Share20\ManagerTest::testGetShareByTokenShareOwnerExcludedFromLinkShares
Failed asserting that exception of type "Error" matches expected exception "OCP\Share\Exceptions\ShareNotFound". Message was: "Class "Test\Share20\Constants" not found" at
/home/runner/actions-runner/_work/server/server/tests/lib/Share20/ManagerTest.php:3315

@nextcloud-bot nextcloud-bot mentioned this pull request Dec 3, 2025
Merged
7 tasks
@AndyScherzinger AndyScherzinger force-pushed the backport/55811/stable31 branch from 569b46f to fb6a8ab Compare December 3, 2025 22:23
solracsf
solracsf reviewed Dec 4, 2025
View reviewed changes
Comment thread tests/lib/Share20/ManagerTest.php Outdated
Comment thread tests/lib/Share20/ManagerTest.php Outdated
This was referenced Dec 4, 2025
Merged
Merged
provokateurin
provokateurin requested changes Dec 8, 2025
View reviewed changes

@provokateurin provokateurin left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Blocking until tests are fixed

This was referenced Dec 8, 2025
Merged
Merged
Merged
@nextcloud-bot nextcloud-bot mentioned this pull request Jan 7, 2026
Merged
@nextcloud-bot nextcloud-bot mentioned this pull request Jan 14, 2026
Merged
@nextcloud-bot nextcloud-bot mentioned this pull request Feb 4, 2026
Merged
@nextcloud-bot nextcloud-bot mentioned this pull request Feb 11, 2026
Merged
@AndyScherzinger AndyScherzinger removed this from the Nextcloud 31.0.14 milestone Feb 12, 2026
@nfebe nfebe force-pushed the backport/55811/stable31 branch from fb6a8ab to e460fef Compare June 22, 2026 14:16
@nfebe
fix(sharing): Allow public share access for everyone
4fce681 
When a logged-in user accesses a public share link in the same browser,
the system was incorrectly checking if that user's groups were excluded
from creating link shares. This caused share not found errors for users
in excluded groups, even though public shares should be accessible to anyone
with the link.

The group exclusion setting (`shareapi_allow_links_exclude_groups`) is
intended to restrict share creation, not share access. Public shares
are meant to be anonymous and accessible regardless of the viewer identity
or group membership.

We now check the exclusion for the share creator and not the viewer.

Signed-off-by: nfebe <fenn25.fn@gmail.com>
@nfebe nfebe force-pushed the backport/55811/stable31 branch from e460fef to 4fce681 Compare June 22, 2026 14:51
@nfebe nfebe requested a review from provokateurin June 22, 2026 20:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@solracsf solracsf solracsf left review comments

@nfebe nfebe nfebe approved these changes

@juliusknorr juliusknorr Awaiting requested review from juliusknorr

@provokateurin provokateurin Awaiting requested review from provokateurin

Requested changes must be addressed to merge this pull request.

Assignees

@nfebe nfebe

Labels

3. to review Waiting for reviews bug feature: sharing

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@solracsf @nfebe @provokateurin @AndyScherzinger @blizzz @Altahrim