Steps to reproduce

1. Create a groupfolder with Advanced Permissions (ACL) enabled
2. Assign multiple groups to the folder with different ACL rules — for example:
   • Group-ReadOnly → Read ✓ / Write ⊘ / Create ⊘ / Delete ⊘ / Share ⊘
   • Group-FullAccess → Read ✓ / Write ✓ / Create ✓ / Delete ✓ / Share ✓
3. Create a user who is a member of both Group-ReadOnly and Group-FullAccess
4. Log in as this user and attempt to delete or share a file inside the folder

Expected behaviour

The user should be able to delete and share files. Since they belong to Group-FullAccess, which explicitly grants those permissions, the most permissive rule among all applicable groups should apply — as was the documented and observed behavior before v20.1.11.

Actual behaviour

The user cannot delete or share files. Since updating Team Folders from v20.1.9 to v20.1.11 (alongside Nextcloud 32.0.5 → 32.0.6), the most restrictive rule now wins: the ⊘ (deny) from Group-ReadOnly overrides the ✓ (allow) from Group-FullAccess.

Server configuration

Operating system: Debian (LXC container on Proxmox)

Web server: Apache

Database: MariaDB

PHP version: 8.3

Nextcloud version: 32.0.6

Team folders version: 20.1.11

Updated from an older Nextcloud/ownCloud or fresh install: Updated from Nextcloud 32.0.5 / Team Folders 20.1.9

Where did you install Nextcloud from: Official Nextcloud server package

Are you using external storage, if yes which one: Yes, SFTP

Are you using encryption: No

Are you using an external user-backend, if yes which one: No

Client configuration

Browser: Firefox

Operating system: Linux