"File access control" blocks me on Android and with documents on desktop

[SamuXzX]

I already opened an issue in the forum, but I report here as it seems something specifically related to this Git.

Steps to reproduce

1. Set a filter with File access control like this. I'm sorry it is in Italian, it says that when the file is tagged with "Samuele" and the user is not in the group "Samuele", the file should not be accessed. I can confirm that non-"Samuele" users can't see such files when I share a folder with them.

2. Add your user to the right group so that you can go through the previous filter. Here you can see I'm in "Samuele".

3. Filter the folder with the right tag, so that the filter takes action. I tagged the folder inside which I encounter the issue.

4. Try to access an .md of .odt or .docx (for these I use Collabora) thats behind a File access control filter.

5. You can try moving such files in a folder that has no filter and you'll see that now it works.

Expected behaviour

.md and .docx files should open normally both in Android and on Web interface, if I comply with the rules I set in the File access control flow.

Actual behaviour

Instead I try to access an .md or .docx and I receive "Loading takes a long time" and nothing more. On Web interface, Collabora shows a message saying that maybe the file format is not supported.

Server configuration

Operating system: Ubuntu 18.04.1 LTS (GNU/Linux 4.15.0-136-generic x86_64)

Web server: Apache/2.4.29 (Ubuntu)

Database: mysql Ver 8.0.25 for Linux on x86_64 (MySQL Community Server - GPL)

PHP version: PHP 8.0.5

Nextcloud version: 21.0.2

Where did you install Nextcloud from: If I remember well I downloaded it with wget and installed it on the VPS.

Signing status:

No errors have been found.

List of activated apps:

  - accessibility: 1.7.0
  - admin_audit: 1.11.0
  - bookmarks: 4.2.1
  - bruteforcesettings: 2.1.0
  - calendar: 2.2.1
  - cloud_federation_api: 1.4.0
  - contacts: 3.5.1
  - contactsinteraction: 1.2.0
  - dashboard: 7.1.0
  - dav: 1.17.1
  - federatedfilesharing: 1.11.0
  - federation: 1.11.0
  - files: 1.16.0
  - files_accesscontrol: 1.11.0
  - files_linkeditor: 1.1.5
  - files_pdfviewer: 2.1.0
  - files_rightclick: 1.0.0
  - files_sharing: 1.13.1
  - files_trashbin: 1.11.0
  - files_versions: 1.14.0
  - files_videoplayer: 1.10.0
  - firstrunwizard: 2.10.0
  - logreader: 2.6.0
  - lookup_server_connector: 1.9.0
  - mail: 1.9.5
  - nextcloud_announcements: 1.10.0
  - notes: 4.0.4
  - notifications: 2.9.0
  - oauth2: 1.9.0
  - password_policy: 1.11.0
  - passwords: 2021.5.0
  - photos: 1.3.0
  - privacy: 1.5.0
  - provisioning_api: 1.11.0
  - recommendations: 1.0.0
  - richdocuments: 4.1.1
  - serverinfo: 1.11.0
  - settings: 1.3.0
  - sharebymail: 1.11.0
  - survey_client: 1.9.0
  - systemtags: 1.11.0
  - tasks: 0.13.6
  - text: 3.2.0
  - theming: 1.12.0
  - twofactor_backupcodes: 1.10.0
  - twofactor_totp: 6.0.0
  - updatenotification: 1.11.0
  - viewer: 1.5.0
  - workflowengine: 2.3.0

Nextcloud configuration:

<?php
$CONFIG = array (
  'instanceid' => XXXXXXXXXX,
  'passwordsalt' => XXXXXXXXXX,
  'secret' => XXXXXXXXXX,
  'trusted_domains' => 
  array (
    0 => 'nextcloud.samuelezappala.it',
  ),
  'datadirectory' => '/var/www/nextcloud.samuelezappala.it/public/data',
  'dbtype' => 'mysql',
  'version' => '21.0.2.1',
  'overwrite.cli.url' => 'https://nextcloud.samuelezappala.it',
  'dbname' => XXXXXXXXXX,
  'dbhost' => 'localhost',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => XXXXXXXXXX,
  'dbpassword' => XXXXXXXXXX,
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'filelocking.enabled' => true,
  'redis' => 
  array (
    'host' => '/var/run/redis/redis-server.sock',
    'port' => 0,
    'dbindex' => 0,
    'password' => XXXXXXXXXX,
    'timeout' => 1.5,
  ),
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 0,
  'app_install_overwrite' => 
  array (
    0 => 'passman',
    1 => 'breezedark',
  ),
  'htaccess.RewriteBase' => '/',
  'updater.release.channel' => 'stable',
  'default_phone_region' => 'IT',
  'mail_from_address' => 'samuele.zappala',
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_domain' => 'mail.com',
  'mail_smtpauthtype' => 'LOGIN',
  'mail_smtpauth' => 1,
  'mail_smtphost' => 'smtp.mail.com',
  'mail_smtpname' => 'samuele.zappala@mail.com',
  'mail_smtppassword' => XXXXXXXXXX,
);

Are you using external storage, if yes which one: NO

Are you using encryption: NO

Are you using an external user-backend, if yes which one: NO

Client configuration

Browser: Opera 76.0.4017.123

Operating system: KDE Neon 5.21

Logs

Nextcloud log (data/owncloud.log)

I suppose you mean the logging section in the Settings of Nextcloud.

[workflowengine] Info: Last qualified flow configuration is going to run Blocca accesso a un file

PROPFIND /public.php/webdav/
from 93.63.221.126 at 2021-05-26T06:36:54+00:00

Browser log

Javascript console when trying to open a .docx that is behind a filter of File access control:

[blizzz]

@juliushaertl when collabora is fetching those files, it does not do in a logged-in state, is it?

[juliushaertl]

Yes, collabora uses unauthenticated requests but we get the user from the wopi token and set the user in the session https://github.com/nextcloud/richdocuments/blob/master/lib/Service/UserScopeService.php#L53

I also tried to reproduce but it worked fine for me:

• As admin create a folder with an office file in it
• The user is a member of the admin group
• Tag the folder it with a "blocked" tag
• Setup a files_accesscontrol rule to block
  • If the tag "blocked" is set
  • If the user is not a member of the admin group
• As admin opening the file works while as another user it is properly blocked

[SamuXzX]

Nonetheless I keep encountering this issue. Maybe I forgot to add useful informations such as a log in /var/log/apache2/collabora_error that I added in the report in the helpdesk of Nextcloud, that while I was doing my tests said:

[Wed May 26 04:51:51.863219 2021] [authz_core:error] [pid 30127] [client 167.71.13.196:43242] AH01630: client denied by server configuration: /var/www/html

Or what the log of Nextcloud says when I attempt to access a .docx file behind a block through the browser of my pc. I already reported it (it is the [workflowengine] Info: Last qualified flow configuration is going to run Blocca accesso a un file) but now I see this too:

richdocuments | OCP\Files\NotPermittedException:
0. /var/www/nextcloud.samuelezappala.it/public/apps/richdocuments/lib/Controller/WopiController.php - line 402:OC\Files\Node\File->fopen()
1. /var/www/nextcloud.samuelezappala.it/public/lib/private/AppFramework/Http/Dispatcher.php - line 218:OCA\Richdocuments\Controller\WopiController->getFile()
2. /var/www/nextcloud.samuelezappala.it/public/lib/private/AppFramework/Http/Dispatcher.php - line 127:OC\AppFramework\Http\Dispatcher->executeController()
3. /var/www/nextcloud.samuelezappala.it/public/lib/private/AppFramework/App.php - line 157:OC\AppFramework\Http\Dispatcher->dispatch()
4. /var/www/nextcloud.samuelezappala.it/public/lib/private/Route/Router.php - line 302:OC\AppFramework\App::main()
5. /var/www/nextcloud.samuelezappala.it/public/lib/base.php - line 993:OC\Route\Router->match()
6. /var/www/nextcloud.samuelezappala.it/public/index.php - line 37:OC::handleRequest()

[nickvergessen]

Wopi got some special handling in the meantime in terms of service and other places:
nextcloud/terms_of_service#765

Maybe you can retry if that is still a problem and if so post new stacktraces as well as your current rule set?

[SamuXzX]

In the meantime I stopped using File Access Control so I didn't encountered the problem again. I also reinstalled Nextcloud in another instance with the AIO image, so who knows?
But I'll try: I'll reinstall File Access Control and report to you.

[SamuXzX]

Server configuration

Operating system: Linux 5.15.0-60-generic x86_64
Web server: Apache/2.4.29 (Ubuntu)
Database: PostgreSQL 15.2 on x86_64-pc-linux-musl, compiled by gcc (Alpine 12.2.1_git20220924-r4) 12.2.1 20220924, 64-bit
PHP version: PHP 8.0.28

Nextcloud version: Nextcloud Hub 3 (25.0.6)
Nextcloud AIO version: 5.1.0

Client configuration

Browser: Firefox 113.0 (64bit)
Operating system: KDE Neon 5.27

Logs

Nextcloud

nextcloud log exported file

Nextcloud AIO

Trying to fix docker.sock permissions internally...
Creating docker group internally with id 116
�[0;92mInitial startup of Nextcloud All-in-One complete!
You should be able to open the Nextcloud AIO Interface now on port 8080 of this server!
E.g. https://internal.ip.of.this.server:8080

If your server has port 80 and 8443 open and you point a domain to your server, you can get a valid certificate automatically by opening the Nextcloud AIO Interface via:
https://your-domain-that-points-to-this-server.tld:8443�[0m
++ head -1 /mnt/docker-aio-config/data/daily_backup_time
+ BACKUP_TIME=04:00
+ export BACKUP_TIME
+ export DAILY_BACKUP=1
+ DAILY_BACKUP=1
++ sed -n 2p /mnt/docker-aio-config/data/daily_backup_time
+ '[' '' '!=' automaticUpdatesAreNotEnabled ']'
+ export AUTOMATIC_UPDATES=1
+ AUTOMATIC_UPDATES=1
+ set +x
Daily backup script has started
grep: write error: Broken pipe
{"level":"info","ts":1683864063.2538338,"msg":"using provided configuration","config_file":"/Caddyfile","config_adapter":""}
{"level":"info","ts":1683864063.2669923,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Receive-Buffer-Size for details."}
[12-May-2023 04:01:03] NOTICE: fpm is running, pid 108
[12-May-2023 04:01:03] NOTICE: ready to handle connections
Starting mastercontainer update...
(The script might get exited due to that. In order to update all the other containers correctly, you need to run this script with the same settings a second time.)
Waiting for watchtower to stop
Creating daily backup...
Waiting for backup container to stop
Waiting for backup container to stop
Starting and updating containers...
Waiting for the Nextcloud container to start
Sending backup notification...
Daily backup script has finished
Deleted Images:
untagged: nextcloud/aio-nextcloud@sha256:abd65a10622e2fd73bb1f9078d3bd8d5f11d03b73cacefc2b70f9f667c0b1a8c
deleted: sha256:281dd5e879fb5313348e1319998d170cc9417c5d1b9b1afdcb930a2a0de0db23
deleted: sha256:8fc7d1b71b0f8f25eeed0d32bb792fe59507d1c99472a5fe8ecd9097f8f107f2
deleted: sha256:8eb31d76e7f4da57152b70d0008bc64f4ccc04ed2231d1815c8c6cfc41ccb9aa
deleted: sha256:898a6537dddd7ab52f55f7d13080eef6bde8e0404e469b599dd8f4bc52bf1e15
deleted: sha256:bba76065e5ee8660c150199d4aaa4cc5ac2e71d30ed21a9c7ab8f5c56b97db1f
deleted: sha256:439bfd8f38fef888ec9e7fae6f4f4c639dbedac16d03f602d16ba9ac32f193ae
deleted: sha256:b2f7ad7474bb8ca0602b1c48564c8d22a3e5c0115c31435866af9b5f0d703cd2
deleted: sha256:778f7b41af7f56339b2289a10abd7f60babbb9b9f5e17d84b3218bea6c6c6496
deleted: sha256:3409ec3297c7cfad7e019a304030ed96235cb403e9711ea885bad0ae52c86b68
deleted: sha256:2d580698e81e299c400e3444283e048407c37529e7d332d33445bc3040c43b10
deleted: sha256:1f043ed54281eeed9394979329fe64b3ea8d8ad56c7ddc6f1d1b31424414fb57
deleted: sha256:d398e3b6c40af4c065c84cbd89cd2078d0200f9df2ae8767b6371f43d3b9887f
deleted: sha256:186e269ea0e51fceb21b3f5b3ec33cad7e8af92681f28f23493da5a606a9dc36
deleted: sha256:d997e5aa541f731e5fff5300822ce34a1d2ea72df41f116c3c9c4432ec71388d
deleted: sha256:6c8a27f6eea5eb55b6f09a0f76fbddf253a57d07c5ea2e3dfc4d251d31d1ebd8
deleted: sha256:05e1466b4c6db317b1a0e9bb77aab96932ea8695e271b6db15027f448477e9d4
deleted: sha256:776fa141813c7e21b5c47c1c09f8fc1eb721cdf1869107c9791d1bad7bb365bd
deleted: sha256:c6c595e9f413309c11b23f652411fc8f8cc3200aa545b033e30749b12677f88b
deleted: sha256:fd48f7e2157c6df6470c4519e03cbed741b91f124cbe495153f1a7858ce3ff24
deleted: sha256:a116696db03a6e54cefb7d6c7972a2cfd5301f5f9364dda3b8f7a0968d63e800
deleted: sha256:a75a520e88e8bb14cb89e89650e6ca71ee0ba2c8d7e246a63a7d3928c39f7fff
deleted: sha256:68fe2be4f292d5a4a0760242a934d75cd9b16019a87881270f72334ec9d87354
deleted: sha256:6342c20299c21bdddeba64fa2e6dbde72c8a306ca0bf71cfaeb6461dd0ce04cf
untagged: nextcloud/aio-redis@sha256:0b04b31f5b113bc19d44a66c428a29b97a9126fc62cdbdea5a53c6789e6e0c5d
deleted: sha256:dc390e59169087fe41710485ed217a84bbc724d3b2c0441d93d0e6c0b299225b
deleted: sha256:9cd0eb3c9f9a61369f3aacf079fc700f98c129fba87d1ec0ac1c77bed2284e58
deleted: sha256:dcd12978c44e0c6a9bebb368a0e5c76d549a0f1ec28c00593df2bca32c17d68a
deleted: sha256:0ed24cad79c967e895c85ee08435869fc4018568ec3c8435a38a1bd838a19b97
deleted: sha256:dc6329459a486d611d8be01642ac8fa6290cea940f8c49ed1953d45df3136ceb
untagged: nextcloud/aio-collabora@sha256:916fc5567a222ece0a980b4c33c807808aadb2bcac7a7f2a2770053b1da893ce
deleted: sha256:b6c36443659a2665aa596907d09297eb36fa4cae463317310171c5d58b3cbfa1
deleted: sha256:d41f378baf292756861d5b93e4580faf43daee887cf2968e0c5585384f9bc813
untagged: nextcloud/aio-borgbackup@sha256:9adc40e331b778894710f1b7f17b4f252dbc4df3b5783c17d66a122be61f3e6d
deleted: sha256:01dc1a0a789c1cfe0d3a9a6b006b8fd10cd2a020208d393cef3e9d71617bd881
deleted: sha256:12a276719ce4321a971e1dd76e4129778881a3e69ce8cccb6176ad33a4ef820f
deleted: sha256:12df42c5e2acb30f98bdde42b3e9a63ea9ec9c06c8334e8b8a0213563f20f853
deleted: sha256:59c0e290728683f2f251c09c937a853c138d062cd49e2a54d972ef62be66cdbc
deleted: sha256:ba2579839850c7f1960e47b1239282944fd8e551386d1d5ff387b4d6994ceb82
untagged: nextcloud/aio-imaginary@sha256:84c89091901403cd29323b41b76d1345063f9d59938210d9dbf4d91f661ecd56
deleted: sha256:71fa332af60795049197ce0f20cd372e54a4aaddaee70a16d86aa46cba676398
deleted: sha256:cb0298288dfb649731a859aded5d5c5f8c7b484ff3969e3a4dce60cf82fedd0d
deleted: sha256:21aaeeb43fafab3645b0d49d1ea164792d80af8166ef069773d6b775353b84b2
untagged: nextcloud/aio-postgresql@sha256:96e0135ecdd201cb330ee92b03ff8e157fdca6d7334573b2e6003d2149736d72
deleted: sha256:faac8eba3892ed01222cc7d2747f69f95290a1b514616d60aaac94888f9c5b93
deleted: sha256:e8f758a51a299f9ee0859f25b86a1fb356a6568cb166802c6ed54aa9fb30f821
deleted: sha256:4295095b1cdd3a98b684a0f2015013867dd449e898aea94f409ed086ef8be4f8
deleted: sha256:c87d02ceb96ca4ee4bfd77f9cec9b9bde52e08328655d714ce762d51cdc8793e
deleted: sha256:6bf57e424078df4f525ef7e889881ed18347436ac89c6743d507559061046f17
deleted: sha256:511f9fcc4f3242b586d3bcac8947e1f5529f00a1a77985afb199be2a3e72df75
deleted: sha256:6e80c5f568aaff54534eed18ef3ac057def000c836c90e937ef8fddd2df193e5
deleted: sha256:8577fffd14c2bbfcaea3cb1d7bd571c9626b8fe437c0ab852001ceabb7747c06
deleted: sha256:7e56b6296b1f2facf79eb8006e09b8bd15c9474d74a9906db7639dbc92098a3e
deleted: sha256:0108be7ceef4ce27e4473baf2e978f86e89174184b6a89e3ecc5f0729bfb33c9
untagged: nextcloud/aio-apache@sha256:d22b77d8332c7996f833a836e445386a7067fae2eda3d5036b71574a965eda42
deleted: sha256:0ce2b8eb71a58b55d5e7f46d276bd436c767f513617d03b8a95288dd67e33485
deleted: sha256:6aa61c3bea5a9cd8451a880945225cc8b6b08e742967fd6c047f1aa1be134bcf
deleted: sha256:0d1623328f7b1975d7a3271022d9eaa993acca3f12bbd2a5c562dd0875ed07d4
deleted: sha256:3a3089db9f90eaa8b659ea3ec17c25cede52fd956d3ce7adee3b69f0b483ac35
deleted: sha256:b6f545910281007722c09be3668de363caa10f020c187dd1f403d1029f3ec655
deleted: sha256:7e0c8eea5cc221c4d8b811ce8041f0e69eab217fd6827500f4626eadfe5816ef
deleted: sha256:fc603e109fe5157b5717514c6233b4e1bf8ca62de4125e91f7bec3de1be70114
deleted: sha256:684af06d177edba52f90a3c910e48f5fb3c241e1dda3a08633e258dfd16aa00d
deleted: sha256:7db64bf235308ae719b6cf87661e800fb0a6c309de947a251ae059764e8500fe
deleted: sha256:abae9e96b5986d62c5d9810633232b244b9e67bb2f0467cd4eb5a57343ead8b5
deleted: sha256:3d3558913b3f6432b386eda9b42afa38085bc584f376e97d973030af131a7e94
deleted: sha256:c38290a827833660bfefe49fb45f3dd7d9f6e79c952ad9b107165ebf50a2fecf
deleted: sha256:01188839556fafcb7d09446a90aab43f49c632a93e60d5097640a3d9c95f86a1
deleted: sha256:2c210c81fe76193f0a4caf2e2956506916c9a24abb8576e5f06a1e337c60374e
deleted: sha256:67a32c5d8ea8ea9d79095c57a56cdb42836301db034336737183cac04da8a214
deleted: sha256:f0323e55cc380928b3e4ee8a48f57557de27a352b9802e2b0a811477f742fc15
untagged: nextcloud/aio-watchtower@sha256:68979355b5c19290b634ea7547fd604802b5971067a4413bc39ebf8157717911
deleted: sha256:91a205083544d66a17ef3cde721262513b26b470f9529a529e5a1853e2bf6b6c
deleted: sha256:34017b5f7d28eead3b37c7e2b0eda0eb99bb33fb3d8d4fb99603220bec0206ae
deleted: sha256:b3e4966419fcbea8f04dc3c1117c7d3cdad43913fc83007d8a7ab5d3df8a30cc
deleted: sha256:24194969d64f4899f561a237ae85333d1a91432184781976534da8a648fa77e6
deleted: sha256:b60f3b5e2e3876c5121cbc59f5125d6c020f81d0d74a60ee0f6e11bde6885fdb

Total reclaimed space: 1.492GB
++ head -1 /mnt/docker-aio-config/data/daily_backup_time
+ BACKUP_TIME=04:00
+ export BACKUP_TIME
+ export DAILY_BACKUP=1
+ DAILY_BACKUP=1
++ sed -n 2p /mnt/docker-aio-config/data/daily_backup_time
+ '[' '' '!=' automaticUpdatesAreNotEnabled ']'
+ export AUTOMATIC_UPDATES=1
+ AUTOMATIC_UPDATES=1
+ set +x
Daily backup script has started
grep: write error: Broken pipe
Starting mastercontainer update...
(The script might get exited due to that. In order to update all the other containers correctly, you need to run this script with the same settings a second time.)
Waiting for watchtower to stop
Creating daily backup...
Waiting for backup container to stop
Waiting for backup container to stop
Starting and updating containers...
Waiting for the Nextcloud container to start
Waiting for the Nextcloud container to start
Sending backup notification...
Daily backup script has finished
Total reclaimed space: 0B
++ head -1 /mnt/docker-aio-config/data/daily_backup_time
+ BACKUP_TIME=04:00
+ export BACKUP_TIME
+ export DAILY_BACKUP=1
+ DAILY_BACKUP=1
++ sed -n 2p /mnt/docker-aio-config/data/daily_backup_time
+ '[' '' '!=' automaticUpdatesAreNotEnabled ']'
+ export AUTOMATIC_UPDATES=1
+ AUTOMATIC_UPDATES=1
+ set +x
Deleting duplicate sessions
NOTICE: PHP message: 404 Not Found
Type: Slim\Exception\HttpNotFoundException

4
Message: Not found.
File: /var/www/docker-aio/php/vendor/slim/slim/Slim/Middleware/RoutingMiddleware.php
Line: 76
Trace: #0 /var/www/docker-aio/php/vendor/slim/slim/Slim/Routing/RouteRunner.php(56): Slim\Middleware\RoutingMiddleware->performRouting(Object(GuzzleHttp\Psr7\ServerRequest))
#1 /var/www/docker-aio/php/vendor/slim/csrf/src/Guard.php(476): Slim\Routing\RouteRunner->handle(Object(GuzzleHttp\Psr7\ServerRequest))
#2 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(168): Slim\Csrf\Guard->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Slim\Routing\RouteRunner))
#3 /var/www/docker-aio/php/vendor/slim/twig-view/src/TwigMiddleware.php(115): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))
#4 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(121): Slim\Views\TwigMiddleware->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous))
#5 /var/www/docker-aio/php/src/Middleware/AuthMiddleware.php(38): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))
#6 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(269): AIO\Middleware\AuthMiddleware->__invoke(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous))
#7 /var/www/docker-aio/php/vendor/slim/slim/Slim/Middleware/ErrorMiddleware.php(76): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))
#8 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(121): Slim\Middleware\ErrorMiddleware->process(Object(GuzzleHttp\Psr7\ServerRequest), Object(Psr\Http\Server\RequestHandlerInterface@anonymous))
#9 /var/www/docker-aio/php/vendor/slim/slim/Slim/MiddlewareDispatcher.php(65): Psr\Http\Server\RequestHandlerInterface@anonymous->handle(Object(GuzzleHttp\Psr7\ServerRequest))
#10 /var/www/docker-aio/php/vendor/slim/slim/Slim/App.php(199): Slim\MiddlewareDispatcher->handle(Object(GuzzleHttp\Psr7\ServerRequest))
#11 /var/www/docker-aio/php/vendor/slim/slim/Slim/App.php(183): Slim\App->handle(Object(GuzzleHttp\Psr7\ServerRequest))
#12 /var/www/docker-aio/php/public/index.php(180): Slim\App->run()
#13 {main}

Nextcloud container

              now              
-------------------------------
 2023-05-13 06:02:42.710288+02
(1 row)

+ '[' -f /dev-dri-group-was-added ']'
++ find /dev -maxdepth 1 -mindepth 1 -name dri
+ '[' -n '' ']'
+ set +x
Installing imagemagick via apk...
Enabling Imagick...
Configuring Redis as session handler...
Setting php max children...
Posting notifications to users that are admins...
Posting 'Your apps just got updated!' to: Samuele
Done!
System config value tempdirectory set to string /mnt/ncdata/tmp/
Applying one-click-instance settings...
System config value one-click-instance set to boolean true
System config value one-click-instance.user-limit set to integer 100
System config value one-click-instance.link set to string https://nextcloud.com/all-in-one/
support already enabled
Adjusting log files...
System config value logfile set to string /var/www/html/data/nextcloud.log
Config value logfile for app admin_audit set to /var/www/html/data/audit.log
System config value updatedirectory set to string /nc-updater
Applying network settings...
System config value trusted_domains => 1 set to string cloud.samuelezappala.it
System config value overwrite.cli.url set to string https://cloud.samuelezappala.it/
System config value htaccess.RewriteBase set to string /
.htaccess has been updated
System config value files_external_allow_create_new_local set to boolean false
System config value trusted_proxies => 0 set to string 127.0.0.1
System config value trusted_proxies => 1 set to string ::1
Config value base_endpoint for app notify_push set to https://cloud.samuelezappala.it/push
Config value wopi_url for app richdocuments set to https://cloud.samuelezappala.it/
System config value allow_local_remote_servers set to boolean true
No ipv6-address found for cloud.samuelezappala.it.
Config value wopi_allowlist for app richdocuments set to 38.242.201.53,127.0.0.1/8,192.168.0.0/16,172.16.0.0/12,10.0.0.0/8,fd00::/8,::1,cloud.samuelezappala.it
System config value enabledPreviewProviders => 0 set to string OC\Preview\Imaginary
System config value preview_imaginary_url set to string http://nextcloud-aio-imaginary:9000
[13-May-2023 06:03:39] NOTICE: fpm is running, pid 353
[13-May-2023 06:03:39] NOTICE: ready to handle connections
Activating collabora config...
Activated any config changes
[2023-05-13 12:28:55.385672 +02:00] WARN [notify_push::connection] src/connection.rs:75: Invalid authentication message

Apache container

Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
Waiting for Nextcloud to start...
{"level":"info","ts":1683950626.690759,"msg":"using provided configuration","config_file":"/Caddyfile","config_adapter":""}
[Sat May 13 06:03:46.741499 2023] [mpm_event:notice] [pid 61:tid 140026998459208] AH00489: Apache/2.4.57 (Unix) configured -- resuming normal operations
[Sat May 13 06:03:46.744212 2023] [core:notice] [pid 61:tid 140026998459208] AH00094: Command line: '/usr/local/apache2/bin/httpd -D FOREGROUND'

Collabora container

Collabora log exported file

Steps to reproduce

1. Added myself to group "Samuele":
   

2. The file is tagged "Samuele":
   

3. Enabled filter:
   

It says that if the file is tagged "Samuele" and the user does not belong to group "Samuele", the file cannot be accessed.

Actual behaviour

1. Impossible to create new office document from template:
   

2. Impossible to create new .md file:
   

Reloaded the page, trying to create the same test.md file answers like the file already exists (?):

Still cannot create a file:

3. Removed the File Access Control filter, the files I tried to create appear:
   

[Nils160988]

Looks similar (or even a duplicate?) like this issue here: nextcloud/richdocuments#1168
I am not sure about the root cause of this issue and where to keep track of it. Does anybody know?