NC12 Beta1 displays ALL Users of the NC instance

[PietsHost]

Steps to reproduce

1. Install NC12 Beta 1
2. Create Users test1, test2, test3
3. Click on the user-icon in the upper right corner (find contacts)

Expected behaviour

It should only display contacts, set up via the contacts-app

Actual behaviour

It shows the Full Name of 20 users within the actual installation! Thats a big security issue as everyone can see all other usernames active in that actual installation!

The following image is showing the users "admin", "test1" and "test3". I'm currently logged in as "test2". All users are in different groups and should be handled like different customers.

Server configuration

Operating system:
CentOS Linux release 7.3.1611 (Core)

Web server:
Apache/2.4.6 (CentOS)

Database:
5.5.52-MariaDB

PHP version:
PHP 5.6.30 (cli)

Nextcloud version: (see Nextcloud admin page)
Nextcloud 12.0 beta 1

Updated from an older Nextcloud/ownCloud or fresh install:
Fresh install

Where did you install Nextcloud from:
Nextcloud Homepage

[juliusknorr]

@LukasReschke

[juliusknorr]

and @ChristophWurst as well 😉

[ChristophWurst]

This is the intended behavior, IMO.

Note that apps that use the contacts manager API, like the Mail app for example, gets the same data when it queries contact information.
Also note that it will show a maximum of 20 contacts. Hence you don't see all other users.

[PietsHost]

o.O intended behavior?

Well, I can't deploy NC 12 for my customers if they have the ability to see 20 other customers and their usernames from a simple drop-down menu...

[PietsHost]

I just noticed it displays the Full Name instead of the username.. That's a way more critical.. I'm just thinking about the privacy policy..

No user should see other user's Full Name without their approval.. that's like making my customers list publicly accessible

[jancborchardt]

cc @LukasReschke @karlitschek what do you think? Seems we need an admin setting for this, just like the share API?

»Show internal users in contacts menu« – enabled by default

Or what do you think?

[PietsHost]

cc @LukasReschke @karlitschek what do you think? Seems we need an admin setting for this, just like the share API?
»Show internal users in contacts menu« – enabled by default

SGTM. For now my workaround is to edit the core\templates\layout.user.php and comment out the <div id="contactsmenu"> section. I really hope, I don't have to do that in the final version ;-)

[juliusknorr]

what do you think? Seems we need an admin setting for this, just like the share API?

Why doesn't it just use the sharing setting we have that can limits sharing to users within the own groups. That was what I would expect to apply there too.

[jancborchardt]

@juliushaertl makes sense. @jospoortvliet @karlitschek @LukasReschke any further input?

[jospoortvliet]

I think it makes sense. When you don't share you don't collaborate so not being able to communicate (unless you have that person in your own address book of course) makes sense. If there's a use case where it needs to be separated out later on, we can do that... But this is probably good enough for 99%.

[karlitschek]

I think reusing the sharing setting makes sense. No need for another switch