Skip to content

fix: catch OCSForbiddenException in public page search#2346

Open
saschabuehrle wants to merge 1 commit intonextcloud:mainfrom
saschabuehrle:fix/issue-2345
Open

fix: catch OCSForbiddenException in public page search#2346
saschabuehrle wants to merge 1 commit intonextcloud:mainfrom
saschabuehrle:fix/issue-2345

Conversation

@saschabuehrle
Copy link
Copy Markdown

@saschabuehrle saschabuehrle commented Mar 16, 2026

Bug

Issue #2345 — When anonymous users search through a public page share link, the search scans the entire Collective but attempts to filter unauthorized results using checkPageShareAccess(). However, this function throws OCSForbiddenException instead of the expected NotPermittedException, causing the exception to bypass the catch block and crash the API with HTTP 403 Forbidden.

Fix

This PR updates the exception handling in the contentSearch method to catch both NotPermittedException and OCSForbiddenException. This ensures that unauthorized search results are properly filtered out instead of causing the entire API call to fail.

Testing

The fix ensures that anonymous users can search through public page shares without encountering HTTP 403 errors when some results are outside their access permissions.

Greetings, saschabuehrle

@saschabuehrle
fix: catch OCSForbiddenException in public page search
2c17e22 
When anonymous users search through a public page share link,
checkPageShareAccess() throws OCSForbiddenException instead of
NotPermittedException. This change catches both exception types
to prevent the API from crashing with HTTP 403 Forbidden.

Fixes nextcloud#2345
@max-nextcloud
Copy link
Copy Markdown
Collaborator

max-nextcloud commented Mar 16, 2026

Hi @saschabuehrle

Thanks a lot for your contribution. Makes sense to me. I'll take a close look at the code paths later to properly review it.

Workflow results

  • DCO is failing - we'll need you to sign-off on your work.
  • Static migration analysis is failing because this PR is from a fork. We'll need to fix the workflow to also work for forks. But that does not block this PR.

@pawamoy
Copy link
Copy Markdown

pawamoy commented Mar 20, 2026

Sorry to interrupt, I wanted to let you know that this PR is most probably entirely AI-generated, including replies to your comments. Just see the batch of PRs they opened recently to form your own opinion.

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 31, 2026

Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6

Thank you for contributing to Nextcloud and we hope to hear from you soon!

(If you believe you should not receive this message, you can add yourself to the blocklist.)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@max-nextcloud max-nextcloud Awaiting requested review from max-nextcloud max-nextcloud is a code owner

@mejo- mejo- Awaiting requested review from mejo- mejo- is a code owner

@silverkszlo silverkszlo Awaiting requested review from silverkszlo silverkszlo is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

feedback-requested

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@saschabuehrle @max-nextcloud @pawamoy