Skip to content

filter ACL forbidden paths from search query#4745

Merged
icewind1991 merged 3 commits into
masterfrom
acl-search-filtering
Jun 11, 2026
Merged

filter ACL forbidden paths from search query#4745
icewind1991 merged 3 commits into
masterfrom
acl-search-filtering

Conversation

@icewind1991

@icewind1991 icewind1991 commented Jun 4, 2026

Copy link
Copy Markdown
Member

Currently, the logic for removing files the user doesn't have access to from search is done as a post-processing step.

While this filters out the correct entries, it means that the number of returned results is less than the limit asked for (or even 0). Which the search logic interprets as there being no more results.

By applying the filtering as part of the query, we return the number of results asked for.

@icewind1991 icewind1991 added this to the Nextcloud 34 milestone Jun 4, 2026
@icewind1991 icewind1991 requested a review from provokateurin June 4, 2026 19:25
@icewind1991 icewind1991 added the 3. to review Items that need to be reviewed label Jun 4, 2026
@icewind1991

icewind1991 commented Jun 4, 2026

Copy link
Copy Markdown
Member Author

Fixes nextcloud/server#60306

@icewind1991 icewind1991 mentioned this pull request Jun 4, 2026
Closed
@icewind1991 icewind1991 force-pushed the acl-search-filtering branch from edc4213 to 9d76275 Compare June 4, 2026 20:42
@icewind1991
test: add test for searching with ACL filtered results
ec77268 
Signed-off-by: Robin Appelman <robin@icewind.nl>
@icewind1991
fix: filter ACL forbidden paths from search query
98ce44b 
Signed-off-by: Robin Appelman <robin@icewind.nl>
@icewind1991
chore: update stubs
673b955 
Signed-off-by: Robin Appelman <robin@icewind.nl>
@icewind1991 icewind1991 force-pushed the acl-search-filtering branch from 9d76275 to 673b955 Compare June 4, 2026 20:44
@danxuliu danxuliu mentioned this pull request Jun 5, 2026
Open
@icewind1991

icewind1991 commented Jun 11, 2026

Copy link
Copy Markdown
Member Author

/backport to stable34

@icewind1991

icewind1991 commented Jun 11, 2026

Copy link
Copy Markdown
Member Author

/backport to stable33

@icewind1991 icewind1991 merged commit d9dfef8 into master Jun 11, 2026
56 checks passed
@icewind1991 icewind1991 deleted the acl-search-filtering branch June 11, 2026 14:02
This was referenced Jun 11, 2026
Merged
Merged
@danxuliu

danxuliu commented Jun 16, 2026

Copy link
Copy Markdown
Member

@icewind1991 @provokateurin While the fix solves the issue for users with forbidden paths it breaks searching for users without any forbidden path. It can be reproduced with the steps from nextcloud/server#60306 but searching as the user manager instead of as the user restricted. The E2E test from #4675 also fails for the search done as user manager.

Adding something like:

		if (empty($forbiddenPaths)) {
			return new SearchBinaryOperator(ISearchBinaryOperator::OPERATOR_AND, []);
		}

to getSearchFilter() make it work as expected for both manager and restricted, but I did not dig into the issue.

Besides that, would it be possible to backport this pull request and the follow up also to stable32? Thanks!

@icewind1991

icewind1991 commented Jun 19, 2026

Copy link
Copy Markdown
Member Author

/backport to stable32

@backportbot backportbot Bot mentioned this pull request Jun 19, 2026
Merged
3 tasks
@danxuliu danxuliu mentioned this pull request Jun 22, 2026
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@provokateurin provokateurin provokateurin approved these changes

Assignees

No one assigned

Labels

3. to review Items that need to be reviewed

Projects

None yet

Milestone

Nextcloud 34

Development

Successfully merging this pull request may close these issues.

3 participants

@icewind1991 @danxuliu @provokateurin