ACL permission merging not considering user before group

[MPStudyly]

How to use GitHub

• Please use the 👍 reaction to show that you are affected by the same issue.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Steps to reproduce

1. Add USER to GROUP
2. Create a group folder with "read-only" for GROUP
3. Add a sub-folder 'folder' to the group folder
4. Add ACL to sub-folder 'folder' to disallow everything for GROUP
5. Add ACL to sub-folder 'folder' to allow everything for USER

Expected behaviour

No member of GROUP sees 'folder' except USER who is able to do anything with and within it

Actual behaviour

No member of GROUP sees 'folder', neither USER

I see this as potentially related to #4435. Interestingly enough, this issue arises only for newly added folders. Existing sub-folders with according ACL do work as expected, at least as far I can tell. As of now I'm unable to grant myself access to my time tracking folder without allowing (read) access to it to anyone else as well.

Server configuration

Operating system: Debian 13

Database: PostgreSQL 13.23 (Debian 13.23-1.pgdg11+1) on x86_64-pc-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit

PHP version: 8.3.31

Nextcloud version: 33.0.2

Team folders version: 21.0.7

Are you using encryption: no

Are you using an external user-backend, if yes which one: LDAP

[tcoupin]

Hi @MPStudyly

did you try occ config:app:set groupfolders acl-inherit-per-user --value true ?

[MPStudyly]

Hi @MPStudyly

did you try occ config:app:set groupfolders acl-inherit-per-user --value true ?

Querying the server, unfortunately yes:

~$ sudo -u www-data php occ config:app:get groupfolders acl-inherit-per-user
true

Besides that, is this mentioned somewhere in the docs? Before opening the issue, I made sure I just haven't overlooked anything related.