Jonas Meurer 02ce5c8f7d Respect user enumeration settings in user status lists ... So far, the functions to find user statuses listed didn't respect user enumeration settings (`shareapi_allow_share_dialog_user_enumeration` and `shareapi_restrict_user_enumeration_to_group` core app settings). Fix this privacy issue by returning an empty list in case `shareapi_allow_share_dialog_user_enumeration` is unset or `shareapi_restrict_user_enumeration_to_group` is set. In the long run, we might want to return users from common groups if `shareapi_restrict_user_enumeration_to_group` is set. It's complicated to implement this in a way that scales, though. See the discussion at https://github.com/nextcloud/server/pull/27879#pullrequestreview-753655308 for details. Also, don't register the user_status dashboard widget at all if `shareapi_allow_share_dialog_user_enumeration` is unset or `shareapi_restrict_user_enumeration_to_group` is set. Fixes: #27122 Signed-off-by: Jonas Meurer <jonas@freesources.org>		2021-10-25 10:05:33 +07:00
..
AppInfo	Respect user enumeration settings in user status lists	2021-10-25 10:05:33 +07:00
BackgroundJob	Better cleanup routine for statuses	2020-09-07 09:22:38 +07:00
Connector	Always use IUserStatus consts	2020-09-07 11:30:18 +07:00
Controller	UserStatus: no message means clear status message. This fixes #23332	2020-11-02 17:59:44 +07:00
Dashboard	Always use IUserStatus consts	2020-09-07 11:30:18 +07:00
Db	Don't update statuses to offline again and again	2021-06-07 10:14:35 +07:00
Exception	Add user-status app	2020-07-31 16:45:27 +07:00
Listener	Only load user status script when needed	2020-09-24 20:00:21 +07:00
Migration	Migrate internal classes to the OCP db col types	2021-01-12 14:09:13 +07:00
Service	Respect user enumeration settings in user status lists	2021-10-25 10:05:33 +07:00
Capabilities.php	Add user-status app	2020-07-31 16:45:27 +07:00