mail icon indicating copy to clipboard operation
mail copied to clipboard
verified publisher icon nextcloud

This app does not respect the "Allow sharing with groups"-setting

Open pierreozoux opened this issue 3 years ago • 3 comments

Expected behavior

Given the following settings

Screenshot from 2022-02-08 14-23-03

When you write a new email, you shouldn't be proposed autocompletion emails from users from groups you are not in.

Actual behavior

It does propose you all the emails of the instance.

Steps to reproduce

  1. configure the sharing settings like in the screenshot
  2. create a new email
  3. start to type in the to field and get autocompletion proposition from users outside your groups.

Mail app version

1.11.6

Mailserver or service

Not relevant.

Operating system

Not relevant.

PHP engine version

Other

Web server

Other

Database

Other

Additional info

Relates to this bug: https://github.com/nextcloud/server/issues/25390

On shared instance, this is a privacy issue.

pierreozoux avatar Feb 08 '22 13:02 pierreozoux

Hey @pierreozoux :wave:

I need some help with your bug report.

Sharing Settings

image

Users & Groups

image

Test Case 1

  • Login as alice
  • Write a new message
Input To Suggestion
bob -
john -
house House Greyjoy (Nextcloud)
House Stark (Nextcloud)
night Night's Watch (Nextcloud)
admin admin (Nextcloud)

* (Nextcloud) = Group in Nextcloud

Test Case 2

  • Login as alice
  • Write a new message to [email protected]
  • Sent the message
  • Open write a new message again
Input To Suggestion
night [email protected]
Night's Watch (Nextcloud)

[email protected] is returned by the address collector (as we wrote an email earlier)

Night's Watch (Nextcloud) = Group in Nextcloud

Test Case 3

  • Login as alice
  • Open contacts
  • Add a new contact Robb Stark with email [email protected]
  • Open mail
  • Write a new message
Input To Suggestion
robb Robb Stark ([email protected])

Robb Stark ([email protected]) is a direct match from contacts then

Test Case 1, 2 and 3 look okay. I also had a quick look at the auto completion service. We use three sources: Contacts, Groups and collected addresses.

Can you share some more details how to reproduce it :thinking:

kesselb avatar May 20 '22 22:05 kesselb

Hi @kesselb

This looks definitely like a duplicate of https://github.com/nextcloud/mail/issues/6148

I'll answer for @pierreozoux

Its weird I cannot replicate on a fresh install but on our current install we do have the issue of the autocompletion settings being ignored...

If I allow auto-completion for users in the same groups: I should only see users from that group in the autocompletion when I start to type a recipient What I actually see is an auto-completion of all the users in the instance.

Can it be something that is messed up during an upgrade when there was this issues ? We still have some stuff in the db that should be cleaned up ?

Nextcloud version 23.0.7 Mail verison 1.13.7

Thanks

unteem avatar Aug 24 '22 09:08 unteem

Hi @kesselb,

As I understand it, the ContactsManager (lib/private) is not responsible for filtering the results. Then, I don't see how the code would filter by groups as it only filters on shareapi_allow_share_dialog_user_enumeration. https://github.com/nextcloud/mail/blob/ca3f9296ba110725863f4a83e984a9bd77ac1776/lib/Service/ContactsIntegration.php#L56-L63

I believe we need something like this.

Have I missed something ?

Thanks !

hrenard avatar Aug 25 '22 10:08 hrenard

Label dropped because it was a duplicate of the attribute at https://github.com/orgs/nextcloud/projects/61. The priority does not change.

ChristophWurst avatar Oct 12 '22 09:10 ChristophWurst