thomas-mc-work
commented
8 months ago I just found this command in the documentation to disable the system address book:
occ config:app:set dav system_addressbook_exposed --value="no"Open thomas-mc-work opened 8 months ago
thomas-mc-work
commented
8 months ago I just found this command in the documentation to disable the system address book:
occ config:app:set dav system_addressbook_exposed --value="no"
Describe the bug
Hello team, it's probably not considered a bug. But to operators like me, a serious issue.
I've just noticed that a system address book has been introduced some versions ago. Generally, I appreciate this feature. There is just one thing that annoys me on it: It doesn't respect the setting "Restrict users to only share with users in their groups.". This option has also limited the visibility of users that aren't within the same groups. This is a serious privacy setting on some of the instances that I manage. It's the only way to isolate core members from guests. Now with the system address book, it's suddenly possible to discover all other users again.
Steps to reproduce
Have two groups of users and the setting "Restrict users to only share with users in their groups." enabled.
Expected behavior
From my point of view, there should be one of these two options. The system address book …
Actual behavior
Every user on the instance is visible in the address book.
Contact version
5.5.1
Operating system
27.1.3
PHP engine version
None
Web server
Apache (supported)
Database
MariaDB
Additional info
No response