Closed mbiebl closed 1 year ago
mbiebl
commented
1 year ago To further elaborate on that point: I don't need this system address book on end devices and under iOS it has an undesired side effect: As the system address book is read-only, iOS no longer offers to use the Nextcloud CardDAV Account as default account for storing new contacts.
ChristophWurst
commented
1 year ago As the system address book is read-only, iOS no longer offers to use the Nextcloud CardDAV Account as default account for storing new contacts.
Do you not have any other writable address books?
ChristophWurst
commented
1 year ago https://docs.nextcloud.com/server/27/admin_manual/release_notes/upgrade_to_27.html#exposed-system-address-book doesn't disable the address book but the contents.
mbiebl
commented
1 year ago As the system address book is read-only, iOS no longer offers to use the Nextcloud CardDAV Account as default account for storing new contacts.
Do you not have any other writable address books?
I do have another, writable address book. E.g. for my own user, I currently have https://XXXX/remote.php/dav/addressbooks/users/michael/default/ (rw) https://XXXX/remote.php/dav/addressbooks/users/michael/z-server-generated--system/ (ro)
mbiebl
commented
1 year ago https://docs.nextcloud.com/server/27/admin_manual/release_notes/upgrade_to_27.html#exposed-system-address-book doesn't disable the address book but the contents.
How do I apply/restrict those enumeration settings? Will the read-only, system address book be gone completely or just empty? Does this break auto-completion when using sharing?
mbiebl
commented
1 year ago What I'm basically asking here is a way to not expose the system address book via CardDAV.
ChristophWurst
commented
1 year ago I do have another, writable address book. E.g. for my own user, I currently have https://XXXX/remote.php/dav/addressbooks/users/michael/default/ (rw) https://XXXX/remote.php/dav/addressbooks/users/michael/z-server-generated--system/ (ro)
And iOS won't allow you to use default as AB for storing new contacts?
The system AB uses sharing enumeration settings as privacy control. If you turn off enumeration the AB will only show the user's own contact. Autocompletion will be limited to what's allowed for the enumeration.
Hiding the full AB from the user's address book home is currently not supported.
mbiebl
commented
1 year ago And iOS won't allow you to use
defaultas AB for storing new contacts?
Correct. You can only select full CardDAV accounts, not individual address books. And the existence of a (single) ro address book makes iOS disregard that particular CardDAV account
ChristophWurst
commented
1 year ago Ouch. Do you know if that also happened before the system AB when someone shared an AB read-only with you?
mbiebl
commented
1 year ago Ouch. Do you know if that also happened before the system AB when someone shared an AB read-only with you?
I think so, yes. But I can double check with v26 if needed.
ChristophWurst
commented
1 year ago It would be interesting to know. If you have an instance at hand I'd appreciate clarity on that. I don't have an iOS device to test.
mbiebl
commented
1 year ago If this is relevant for this feature request, I'll try to setup a v26 later today.
mbiebl
commented
1 year ago Ok, so I had an older v26 instance still lying around. It shows the same problem if one activates the "recently contacted address book".
mbiebl
commented
1 year ago I "fixed" that in v26 by uninstalling the "Contacts Interaction" app.
After that, I can again select the Nextcloud CardDAV account as default account for new contacts on iOS.
ChristophWurst
commented
1 year ago That is unfortunate but good to know. I wonder if that is a bug in iOS or if this behavior actually makes sense. Could this be worth a new topic at https://discussions.apple.com/? I could not find existing discussion about it.
mbiebl
commented
1 year ago I guess this is a separate discussion to have and I do not want to derail this issue too much.
The issue with iOS is not the only reason why I want to not expose the system address book (via CardDAV).
mbiebl
commented
1 year ago The system AB uses sharing enumeration settings as privacy control. If you turn off enumeration the AB will only show the user's own contact. Autocompletion will be limited to what's allowed for the enumeration.
Ok, thanks. So this mechanism will not work for me as I do want to have autocompletion work for file sharing.
mbiebl
commented
1 year ago The system AB uses sharing enumeration settings as privacy control. If you turn off enumeration the AB will only show the user's own contact. Autocompletion will be limited to what's allowed for the enumeration.
Ok, thanks. So this mechanism will not work for me as I do want to have autocompletion work for file sharing.
fwiw, I tried that for a user: I switched all profile settings to hidden, but the contact still showed up in the global SAB (even after running occ dav:sync-system-addressbook). So it appears this mechanism doesn't actually work.
ChristophWurst
commented
1 year ago The scope is the one next to the heading of the property, not the profile visibility:
mbiebl
commented
1 year ago Interesting and thanks for the hint. A bit confusing that there are two ways to control this functionality.
That said, if I e.g. want to hide an email address, that is not possible:
Also, this approach is not going to work for me anyway, so I'll leave it at that, to keep the RFE focussed on the original issue.
MicKress
commented
1 year ago To further elaborate on that point: I don't need this system address book on end devices and under iOS it has an undesired side effect: As the system address book is read-only, iOS no longer offers to use the Nextcloud CardDAV Account as default account for storing new contacts.
So I can choose Nextcloud as default address book in iOS (16.5) even if I have activated recently contacted adress book (as a read-only-address-book).
ChristophWurst
commented
1 year ago @jancborchardt should it be possible to disable the SAB as admin?
hamza221
commented
1 year ago I added Nextcloud CardDav "account" as main "List" in my iPhone I created a new contact from iPhone, found it on the Nextcloud WebUi Then deleted the contact on the iPhone and it got deleted from Nextcloud too I used IOS 16.5 and nc.cloud.com
mbiebl
commented
1 year ago Nextcloud 26 without Contacts Integration:
Nexcloud with Contacts Integration enabled (i.e. it has a read-only address book now)
The same problem shows with Nextcloud 27, only there I can't disable the SAB
accolon
commented
1 year ago There is another issue with a globally visible system address book: duplicate contacts.
I'm running a small Nextcloud instance for my family and friends. I sync my iPhone/Mac/... address book with my instance via CardDAV, having a contact "Erika Mustermann" with several phone numbers, email addresses etc.
"Erika Mustermann" also has an account on my Nextcloud to do the same, so now I see two contacts with the same name on my devices. (I can manually link them, at least on iOS, but I don't think that's a good solution.)
I even thought about using only the contacts based on Nextcloud accounts for people affected by this issue, but you can't put several phone numbers or a street address into the Nextcloud profile. Also, you have to rely on the account owners to maintain their profiles since these entries are read-only for everyone else.
TL;DR: I strongly support a solution to hide/disable the system address book again.
ChristophWurst
commented
1 year ago We can add a config switch to disable the system address book globally.
jancborchardt
commented
1 year ago Just to understand @ChristophWurst – this is not a fix for the read-only system address book not working on iOS, correct? Any idea what we could do there? Maybe @marinofaggiana @Ivansss do you have insight here?
I even thought about using only the contacts based on Nextcloud accounts for people affected by this issue, but you can't put several phone numbers or a street address into the Nextcloud profile.
@accolon could you open an issue about that on https://github.com/nextcloud/server/issues/ ? It would be an enhancement to the Nextcloud profile cc @Pytal
mbiebl
commented
1 year ago Any idea what we could do there?
Since iOS is closed source, I don't think you can actually do anything about the iOS issue regarding read-only address books.
That said, the wish for having a switch to turn off the SAB is not only this iOS behaviour. As was mentioned elsewhere, in some cases, you simply don't want to export the SAB for other reasons.
So, in conclusion: simply provide a switch to turn off SAB (via CardDAV), and I'd be happy
bcutter
commented
1 year ago Really looking forward to switch this off. No idea for what reason / on which purpose it has been implemented (there might be good reasons for collaboration), but for a well-managed instance the downsides are just too much, also if it's "only" duplicate/redundanct contacts not being able to deduplicate. Quite annoying, at least it was listed at https://docs.nextcloud.com/server/latest/admin_manual/release_notes/upgrade_to_27.html - so someone writing that already thought "well, this might be not for everyone... let's tell the people" - and he was absolutely right :-)
/remote.php/dav/addressbooks/users/Username/z-server-generated--system/) work? Not confident enough for the moment as I'm not sure if it will have side effects...
nicokaiser
commented
1 year ago There needs to be a way to hide/disable the system address book, it just does not make any sense in some cases. Especially since it is not a „global address book“ but a list of user accounts which cannot be altered in any way.
On iOS this causes an additional contact list „Accounts“ which all user account names without any additional data (profiles are disabled), and even with some users twice in the list (I have no clue why). So in the unified contacts view these contacts are listed 3 times, which is very annoying and confusing.
I see that for some users this features might be helpful, but it really should be optional.
lwt-pressy
commented
1 year ago For me this is also a security and a privacy issue. I dislike it the all my admin accounts (even the backup accounts) are disclosed. Also the user can not set their full name and email to private, so they will by default not only disclosed to all users, but also by default then sync to all the outside device the other users sync it to.
jph76
commented
1 year ago Just adding my 2 cents: This is really annoying on iPhone. “Mobile” phone numbers from user contacts get overwritten by “voice” phone numbers from system contacts. Unfortunately, stupid Siri can’t handle this, at least in German. “Hey Siri, ruf xyz auf dem Handy an” (call xyz on mobile) results in Siri answering “I don’t have a mobile number for xyz“ and “Hey Siri, ruf xyz auf Voice an” (call xyz on voice) results in Siri shrugging “I don’t have an app for that”.
(Is it just me or is everybody else also unable to remove phone numbers from personal profile?)
ChristophWurst
commented
1 year ago “Mobile” phone numbers from user contacts get overwritten by “voice” phone numbers from system contacts
Interesting. It was other before but we changed it to voice: https://github.com/nextcloud/server/pull/38454.
ChristophWurst
commented
1 year ago “Mobile” phone numbers
Those must be TYPE=cell in vcards.
jph76
commented
1 year ago It looks like this: TEL;type=IPHONE;type=CELL;type=VOICE;type=pref:+49 ...
JRGonz
commented
1 year ago I have bumped into this as well. Is the solution going to be to hide the system address book? This seems like the best solution since I am also seeing duplicates in the web UI contacts list. I thought I had broken something until I noticed the Accounts addressbook popping up in iOS. Hopefully a hide option is the solution since the older method of simply sharing an address book with proper permissions to groups/users was working great until I updated to 27.
ChristophWurst
commented
1 year ago Is the solution going to be to hide the system address book?
Yes, that is one of the accepted solutions: https://github.com/nextcloud/server/issues/38880#issuecomment-1612672965
JRGonz
commented
1 year ago Is there any progress on this? I noticed it is still not assigned and this 'feature' of having an Accounts addressbook exposed is causing havoc with my users. The duplicates are confusing iOS and avatars are not showing up or proper contact information because of the 'Accounts' addressbook they all have pushed to their devices. iOS doesn't allow fine tuning of addressbooks anymore either. You used to be able to turn off per addressbook but I guess Apple removed that option.
Same with duplicates in the NC web UI. Autocomplete searches are pulling up two contacts. It has turned into a real mess for end users.
ChristophWurst
commented
1 year ago The proposed change has been approved and is waiting for someone to pick up the work.
The idea of the exposed system address book is that you no longer have to maintain an address book by hand but can rely on the auto-generated one.
ChristophWurst
commented
1 year ago @bcutter @JRGonz @marianrh do you code or know someone who does? I'd be more than happy to give pointers and assist making this change happen.
ZID-TU-Graz-Collab
commented
1 year ago What is the probability that the global SAB turn-off switch will be available in NC 27.0.3? This information would help us to decide if we should upgrade to NC 26.x or find an workaround for 27.x by ourselves (as @mbiebl mentioned, email -and also full name- can not set to 'Private' in the UI).
ChristophWurst
commented
1 year ago Needs admin docs
miaulalala
commented
1 year ago Documentation here: https://github.com/nextcloud/documentation/pull/11048
jph76
commented
1 year ago @ChristophWurst Thank you for fixing this.
Making the system address book available via DAV is a good idea but it probably wasn’t a good one to introduce this feature as a breaking change.
Some thoughts on this feature: For a tiny family Nextcloud like mine exposing the system address book makes sense. It removes the need to create family members twice as users and as contacts in the contacts app. I don’t have to think about data protection etc., this makes things easy for me.
But the system address book is IMHO not yet ready to provide contact information from the regular contacts app. For example, the system address won’t let me add different phone numbers to a contact on the profile page like the contact app allows.
Maybe it’s worth the effort bringing the system address book/profile page on par with the contacts app.
phaidros7
commented
1 year ago The proposed change has been approved and is waiting for someone to pick up the work.
The idea of the exposed system address book is that you no longer have to maintain an address book by hand but can rely on the auto-generated one.
Wouldn't it be an alternative solution, instead of publishing the 'system address book', which in reality is a list of all local accounts to create a real address book, in which users or groups can be included or excluded, even by default?
That would solve the maliciously exposed admin accounts.
Double entries in search / auto complete could be prevented by just filtering the list for duplicates, or am I wrong here?
schweigerson
commented
11 months ago See https://docs.nextcloud.com/server/latest/admin_manual/groupware/contacts.html#system-address-book $ sudo -u www-data php /var/www/html/\<nextcloud-subdir>/occ config:app:set dav system_addressbook_exposed --value="no"
Describe the solution you'd like
The latest version v27 introduces the system address book or more specifically exposes it to every user as a separate address book named "accounts". This addressbook is also synced to client devices, like iOS, via CardDAV, which is something I don't want.
I'm missing a global switch to not expose this system address book for all users.
Ref https://github.com/nextcloud/server/issues/19575