[OCIS] ocs v1, normal user can list members in the group - Githubissues

owncloud / product

ownCloud Product Backlog

GNU Lesser General Public License v3.0

0 stars 1 forks source link

[OCIS] ocs v1, normal user can list members in the group #290

Open dpakach opened 4 years ago

dpakach commented 4 years ago

steps

create a normal user and add the user to a group
As the user try to list the members of the group

Expected

it should give forbidden

Actual

it is possible to list the members of the group

❯ curl https://localhost:9200/ocs/v1.php/cloud/groups/group1 -u einstein:relativity -k 
<?xml version="1.0" encoding="UTF-8"?>
<ocs><meta><status>ok</status><statuscode>100</statuscode><message>OK</message></meta><data><users><element>einstein</element></users></data></ocs>%