From 36ab77e0bf8731042d17a305f9b07c12a8b40d29 Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Sat, 25 Oct 2025 14:23:55 +0000
Subject: [PATCH] fix og-specific issue with single-file volumes;

if a textfile was shared with permission r below/inside a more
restrictive volume, then:

* if the parent volume had either permission g or h, then the files in
  the parent folder could be accessed

* if the parent volume had anything stricter than g or h, then filenames
  in the parent volume could be seen, but not accessed
---
 copyparty/authsrv.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/copyparty/authsrv.py b/copyparty/authsrv.py
index 16a43cae..c9a66502 100644
--- a/copyparty/authsrv.py
+++ b/copyparty/authsrv.py
@@ -2652,6 +2652,13 @@ class AuthSrv(object):
                     self.log(t.format(vol.vpath, mtp), 1)
                     errors = True
 
+        for vol in vfs.all_nodes.values():
+            if not vol.flags.get("is_file"):
+                continue
+            zs = "og opds xlink"
+            for zs in zs.split():
+                vol.flags.pop(zs, None)
+
         for vol in vfs.all_nodes.values():
             if not vol.realpath or vol.flags.get("is_file"):
                 continue