NC12 Beta1 displays ALL Users of the NC instance #4656
Comments
|
and @ChristophWurst as well 😉 |
|
This is the intended behavior, IMO. Note that apps that use the contacts manager API, like the Mail app for example, gets the same data when it queries contact information. |
ChristophWurst
added
0. Needs triage
|
o.O intended behavior? Well, I can't deploy NC 12 for my customers if they have the ability to see 20 other customers and their usernames from a simple drop-down menu... |
|
I just noticed it displays the Full Name instead of the username.. That's a way more critical.. I'm just thinking about the privacy policy.. No user should see other user's Full Name without their approval.. that's like making my customers list publicly accessible |
|
cc @LukasReschke @karlitschek what do you think? Seems we need an admin setting for this, just like the share API? »Show internal users in contacts menu« – enabled by default Or what do you think? |
SGTM. For now my workaround is to edit the |
Why doesn't it just use the sharing setting we have that can limits sharing to users within the own groups. That was what I would expect to apply there too. |
|
@juliushaertl makes sense. @jospoortvliet @karlitschek @LukasReschke any further input? |
|
I think it makes sense. When you don't share you don't collaborate so not being able to communicate (unless you have that person in your own address book of course) makes sense. If there's a use case where it needs to be separated out later on, we can do that... But this is probably good enough for 99%. |
|
I think reusing the sharing setting makes sense. No need for another switch |
|
If username-autocompletion is disabled, the contacts-menu should never ever show local users: Groups, which are excluded from sharing should not see local users at all: If sharing is restricted to users own groups, he should only see contacts from his groups: We may also want to overthink the federation lookup-settings, since they could be also used for contacts-menu on user-side: 🤔 @schiessle |
|
Just remarked, that setting your full name to "Local" makes you invisible from the contacts menu 🤔 Intended? @ChristophWurst |
|
So, the only way to separate personal data from different tenants would be to build separate NC instances, true? I'd prefer groups to be the differentiator: People who don't share any access control group shouldn't be visible to each other. Remains the question: how does NC know a group is an access control group? |
ChristophWurst
added
3. to review
|
Fix is in #4757. |
|
Please visit my comment again: #4656 (comment) - I think this issue is only fixed in parts, since we still gut reports like: https://help.nextcloud.com/t/hide-users-from-contacts-menu/12956/ |
|
Please file a new issue for this enhancement request. |
|
This hasn't been fixed. I don't understand how this isn't a priority security issue, especially if an entity like me has multiple platforms centralizing together. Where is the new enhancement request or do we really need to re-create the same issue? Referring to issue from OP:
@karlitschek answer was the best. Give us that option with permissions:
Also, give the contacts-app permissions to access the internal users and match the group permissions as well please (this might be a separate issue for contacts-app) <3 This seems to be the only solution until this is resolved (Not tested): |
|
I'm using NextCloud Pi and I can see right off the bat after installing XMPP that the 'ncp' user is exposed in the contacts list. It would be super cool if I could disable specific users from even showing up/being available for XMPP or limit the available contacts to a specific group. |
|
This is likely an issue in the XMPP app - which either doesn't respect the settings or handles this by itself, or would need that feature. It isn't really relevant here. |
Is there a better way to fix this nowadays? |
Steps to reproduce
Expected behaviour
It should only display contacts, set up via the contacts-app
Actual behaviour
It shows the Full Name of 20 users within the actual installation! Thats a big security issue as everyone can see all other usernames active in that actual installation!
The following image is showing the users "admin", "test1" and "test3". I'm currently logged in as "test2". All users are in different groups and should be handled like different customers.
Server configuration
Operating system:
CentOS Linux release 7.3.1611 (Core)
Web server:
Apache/2.4.6 (CentOS)
Database:
5.5.52-MariaDB
PHP version:
PHP 5.6.30 (cli)
Nextcloud version: (see Nextcloud admin page)
Nextcloud 12.0 beta 1
Updated from an older Nextcloud/ownCloud or fresh install:
Fresh install
Where did you install Nextcloud from:
Nextcloud Homepage
The text was updated successfully, but these errors were encountered: