Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Write Nextcloud groups as CATEGORIES of system address book contacts #38432

Open
ChristophWurst opened this issue May 24, 2023 · 7 comments · May be fixed by #40997
Open

Write Nextcloud groups as CATEGORIES of system address book contacts #38432

ChristophWurst opened this issue May 24, 2023 · 7 comments · May be fixed by #40997
Labels
2. developing Work in progress enhancement feature: carddav Related to CardDAV internals feature: dav feature: users and groups

Comments

@ChristophWurst
Copy link
Member

How to use GitHub

  • Please use the 👍 reaction to show that you are interested into the same feature.
  • Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
  • Subscribe to receive notifications on status change and new comments.

Is your feature request related to a problem? Please describe.

Nextcloud 27 exposes the system address book with read-only contacts for all system users. It's common to have Nextcloud groups for departments, teams and projects.

Describe the solution you'd like

Add a CATEGORIES property to the system contacts based on the display names of a user's Nextcloud groups.

This requires users to be allowed to see other user's groups.

Describe alternatives you've considered

N/a

Additional context

#19575
@ChristophWurst ChristophWurst added enhancement 0. Needs triage Pending check for reproducibility or if it fits our roadmap labels May 24, 2023
@ChristophWurst ChristophWurst mentioned this issue May 24, 2023
Closed
11 tasks
@ChristophWurst
Copy link
Member Author

This requires users to be allowed to see other user's groups.

Users do see their own groups at the personal settings / profile settings page (bottom left). If other users should see this information is to be researched or defined.

Right now you can find out the members of a group by adding them to a share or a Talk room. But you can't do the inverse of getting the groups of a user.

tcitworld added a commit that referenced this issue Oct 19, 2023
@tcitworld
feat(dav): expose Nextcloud groups to Contact's system addressbook co…
d5e1af8 
…ntacts

Closes #38432

Signed-off-by: Thomas Citharel <[email protected]>
tcitworld added a commit that referenced this issue Oct 19, 2023
@tcitworld
feat(dav): expose Nextcloud groups to Contact's system addressbook co…
ba40cdc 
…ntacts

Closes #38432

Signed-off-by: Thomas Citharel <[email protected]>
tcitworld added a commit that referenced this issue Oct 19, 2023
@tcitworld
feat(dav): expose Nextcloud groups to Contact's system addressbook co…
072466f 
…ntacts

Closes #38432

Signed-off-by: Thomas Citharel <[email protected]>
tcitworld added a commit that referenced this issue Oct 19, 2023
@tcitworld
feat(dav): expose Nextcloud groups to Contact's system addressbook co…
75ffff3 
…ntacts

Closes #38432

Signed-off-by: Thomas Citharel <[email protected]>
@tcitworld tcitworld linked a pull request Oct 19, 2023 that will close this issue
Open
7 tasks
tcitworld added a commit that referenced this issue Oct 20, 2023
@tcitworld
feat(dav): expose Nextcloud groups to Contact's system addressbook co…
3ff1d95 
…ntacts

And move event listeners related to SyncService to proper ones
Note: Changes to user system addressbook cards are now always done in a
QueuedJob

Closes #38432

Signed-off-by: Thomas Citharel <[email protected]>
tcitworld added a commit that referenced this issue Oct 20, 2023
@tcitworld
feat(dav): expose Nextcloud groups to Contact's system addressbook co…
bd16299 
…ntacts

And move event listeners related to SyncService to proper ones
Note: Changes to user system addressbook cards are now always done in a
QueuedJob

Closes #38432

Signed-off-by: Thomas Citharel <[email protected]>
@ChristophWurst ChristophWurst added 2. developing Work in progress and removed 0. Needs triage Pending check for reproducibility or if it fits our roadmap labels Oct 20, 2023
@ChristophWurst
Copy link
Member Author

@AndyScherzinger @DaphneMuller @jancborchardt @juliushaertl @nickvergessen @sorbaugh @tobiasKaminsky please excuse the ping-all but this change is worked on in #40997 and I believe we should have platform-wide consent about the exposure of group membership of other users.

Right now you can only see your own groups in the personal settings. You do not see who's member of the admins or any other Nextcloud groups.

If groups are stored with system address book contacts, this information will be visible to all other users for the first time.

Do we want that?

@nickvergessen
Copy link
Member

You do not see who's member of the admins

Admins is like the only exception because it's exposed by various apps, including the default shipped data_request
https://github.com/nextcloud/privacy/blob/master/src/components/Admins.vue#L25

But yeah, not sure we should leak all groups.

@tobiasKaminsky
Copy link
Member

I am sure that we should not do this, as this is sensitive data.
I remember stories about competing departements in one giant company, where they are not allowed to talk to each other. So imagine one can now see at which projects/groups the others work.

tcitworld added a commit that referenced this issue Oct 26, 2023
@tcitworld
feat(dav): expose Nextcloud groups to Contact's system addressbook co…
407b108 
…ntacts

And move event listeners related to SyncService to proper ones
Note: Changes to user system addressbook cards are now always done in a
QueuedJob

Closes #38432

Signed-off-by: Thomas Citharel <[email protected]>
tcitworld added a commit that referenced this issue Oct 27, 2023
@tcitworld
feat(dav): expose Nextcloud groups to Contact's system addressbook co…
dae23b7 
…ntacts

And move event listeners related to SyncService to proper ones
Note: Changes to user system addressbook cards are now always done in a
QueuedJob

Closes #38432

Signed-off-by: Thomas Citharel <[email protected]>
@tcitworld
Copy link
Member

I've disabled the feature by default through an appconfig, and there's also other appconfig options to include or exclude groups that will be exposed. What do you think?

@ChristophWurst
Copy link
Member Author

I think that is a good compromise. Groups aren't exposed by default and if admins are okay with exposure they can configure it explicitly.

In the long run groups could have a visibility setting similar to user profile properties. Admins could use them to set the visibility scope of a group:

  • Private (default): groups is only visible to admins and members
  • Local: only visible to people on the instance. This means we can store it in the system address book but remove the data when sent to another instance
  • Federated: visible to everyone on the instance, and also on federated instances. This means we can store it in the system address book and send the data to other instances too.
  • Published: visible to everyone. This means we can store it in the system address book and send the data to other instances and the lookup server.

@nickvergessen
Copy link
Member

I would even like a "hidden" visibility scope where only admins see the group but not "normal members"

@jancborchardt jancborchardt moved this to 🧭 Planning evaluation / ideas in 🖍 Design team Feb 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2. developing Work in progress enhancement feature: carddav Related to CardDAV internals feature: dav feature: users and groups
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(dav): expose Nextcloud groups to Contact's system addressbook contacts nextcloud/server
4 participants
@nickvergessen @ChristophWurst @tcitworld @tobiasKaminsky