Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding lists to shared board without permission leads to 403 #1505

Open
simonspa opened this issue Jul 14, 2023 · 1 comment
Open

Adding lists to shared board without permission leads to 403 #1505

simonspa opened this issue Jul 14, 2023 · 1 comment
Labels
📱 UI / UX

Comments

@simonspa
Copy link

Describe the bug

When adding a list to a shared deck without management permission, the API returns 403, see stacktrace. From the app it is however not clear at all, and the list is created anyway but not synced. The error message is just briefly shown. I'd consider this more of a UI/UX issue than a bug.

Steps to reproduce the behavior:

  1. Receive shared deck without management permission
  2. Try to add list
  3. List is added in Android app
  4. See error

Expected behavior
The app shows an error detailing why a list cannot be created, and no list is created.

Stacktrace

App Version: 1.22.1
App Version Code: 1022001
Server App Version: 1.9.2
App Flavor: play

Files App Version Code: 30250090

---

OS Version: 4.14.276-g6ef255005cea-ab9062920(9382335)
OS API Level: 33
Device: flame
Manufacturer: Google
Model (and Product): Pixel 4 (flame)

---

com.nextcloud.android.sso.exceptions.NextcloudHttpRequestFailedException: HTTP-Anfrage ist fehlgeschlagen mit HTTP-Statuscode: 403
	at com.nextcloud.android.sso.api.AidlNetworkRequest.performNetworkRequestV2(AidlNetworkRequest.java:188)
	at com.nextcloud.android.sso.api.NextcloudAPI.performNetworkRequestV2(NextcloudAPI.java:199)
	at com.nextcloud.android.sso.api.NextcloudAPI.lambda$performRequestObservableV2$1$com-nextcloud-android-sso-api-NextcloudAPI(NextcloudAPI.java:129)
	at com.nextcloud.android.sso.api.NextcloudAPI$$ExternalSyntheticLambda0.subscribe(Unknown Source:6)
	at io.reactivex.internal.operators.observable.ObservableFromPublisher.subscribeActual(ObservableFromPublisher.java:31)
	at io.reactivex.Observable.subscribe(Observable.java:12284)
	at io.reactivex.internal.operators.observable.ObservableMap.subscribeActual(ObservableMap.java:32)
	at io.reactivex.Observable.subscribe(Observable.java:12284)
	at io.reactivex.internal.operators.observable.ObservableSubscribeOn$SubscribeTask.run(ObservableSubscribeOn.java:96)
	at io.reactivex.internal.schedulers.ScheduledDirectTask.call(ScheduledDirectTask.java:38)
	at io.reactivex.internal.schedulers.ScheduledDirectTask.call(ScheduledDirectTask.java:26)
	at java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1137)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:637)
	at java.lang.Thread.run(Thread.java:1012)
Caused by: java.lang.IllegalStateException: {"status":403,"message":"Permission denied"}

	at com.nextcloud.android.sso.InputStreamBinder.processRequestV2(InputStreamBinder.java:454)
	at com.nextcloud.android.sso.InputStreamBinder.performNextcloudRequestAndBodyStreamV2(InputStreamBinder.java:127)
	at com.nextcloud.android.sso.InputStreamBinder.performNextcloudRequestV2(InputStreamBinder.java:110)
	at com.nextcloud.android.sso.aidl.IInputStreamService$Stub.onTransact(IInputStreamService.java:158)
	at android.os.Binder.execTransactInternal(Binder.java:1280)
	at android.os.Binder.execTransact(Binder.java:1244)
@stefan-niedermann
Copy link
Owner

Thank you for the detailled report! It should of course not be possible to add lists in this scenario.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
📱 UI / UX
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simonspa @stefan-niedermann