the password sharing function allows to share the password to nextcloud-users with no access to the password-app

marius-wieschollek / passwords

A simple, yet feature rich password manager for Nextcloud

GNU Affero General Public License v3.0

215 stars 45 forks source link

the password sharing function allows to share the password to nextcloud-users with no access to the password-app #430

Closed olli3333 closed 2 years ago

olli3333 commented 3 years ago

We have restrict the access to the password-app to users in one nextcloud-group. This works fine. But the sharing function allows to share the password to users, which are not a member in the nextcloud group with access to the password-app. It should be restricted only to the users which are member in the nextcloud-group which access to the app.

Nextcloud Version: 21.0.4 PHP Version: 7.4 Database and Version: MySQL Server OS and Version: Ubuntu 20.04 Passwords Version: latest

nooblag commented 3 years ago

Reporting the same bug as described above for:

Nextcloud Version: 22.2.0 PHP Version: 8.0.11 Database and Version: PostgreSQL Server OS and Version: Ubuntu 18.04 LTS Passwords Version: 2021.10.20

marius-wieschollek commented 2 years ago

This can be solved by restricting sharing to users within the same group