sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nextcloud-server/apps/user_status/tests/Unit
History
Jonas Meurer 3fe267b772
Respect user enumeration settings in user status lists 
So far, the functions to find user statuses listed didn't respect user
enumeration settings (`shareapi_allow_share_dialog_user_enumeration`
and `shareapi_restrict_user_enumeration_to_group` core app settings).

Fix this privacy issue by returning an empty list in case
`shareapi_allow_share_dialog_user_enumeration` is unset or
`shareapi_restrict_user_enumeration_to_group` is set.

In the long run, we might want to return users from common groups if
`shareapi_restrict_user_enumeration_to_group` is set. It's complicated
to implement this in a way that scales, though. See the discussion at
https://github.com/nextcloud/server/pull/27879#pullrequestreview-753655308
for details.

Also, don't register the user_status dashboard widget at all if
`shareapi_allow_share_dialog_user_enumeration` is unset or
`shareapi_restrict_user_enumeration_to_group` is set.

Fixes: #27122

Signed-off-by: Jonas Meurer <jonas@freesources.org>
 		2021-10-20 11:33:23 +07:00
..
BackgroundJob Update php licenses 2021-06-04 22:02:41 +07:00
Connector Update php licenses 2021-06-04 22:02:41 +07:00
Controller Update php licenses 2021-06-04 22:02:41 +07:00
Dashboard Revert "Fix Recent statuses plural/singular" 2021-08-09 19:33:25 +07:00
Db Merge pull request #27375 from nextcloud/bugfix/noid/dont-update-offline-status 2021-06-07 12:12:33 +07:00
Listener Update php licenses 2021-06-04 22:02:41 +07:00
Service Respect user enumeration settings in user status lists 2021-10-20 11:33:23 +07:00
CapabilitiesTest.php Update php licenses 2021-06-04 22:02:41 +07:00