announcementcenter icon indicating copy to clipboard operation
announcementcenter copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

Announcement center "admins" can see every announcement

Open Shen opened this issue 5 years ago • 1 comments

Steps to reproduce

  1. add user 'user1' to group 'test'
  2. add group 'test' in settings to announcement center admin-groups
  3. post an announcement with user 'user2' to another group (not a group which user1 belongs to).
  4. user1 is able to see the announcement

Expected behaviour

user1 should only see his own announcements and announcements of his groups.

Actual behaviour

user1 is able to see every announcement. It is a breach of privacy if a user can see announcements that are intended exclusively for another group.

Nextcloud version: 16.0.5.1

Announcement Center version: 3.5.1

Shen avatar Jan 21 '20 21:01 Shen

This won't really change for now, because you could otherwise post an announcement and have no way of deleting it again, in case you didnt set a group which you are part of. Maybe the admin setting should adjusted a bit, but actually i didnt change the app really in a long time due to the lack of free time

nickvergessen avatar Jan 21 '20 22:01 nickvergessen