Calendar: Disabling calendar sharing with groups

Created on 15 Dec 2020  路  3Comments  路  Source: nextcloud/calendar

Steps to reproduce

  1. Nextcloud installation with different users and groups
  2. In Nextcloud settings -> sharing, disable "Allow sharing with groups"
  3. (Optional) Login with non-admin user
  4. In Calendar, share a calendar and in the search box, search for existing groups
  5. Share the calendar with a group and login with other user of the group
  6. Check calendar for shared calendars

Expected behaviour

If the "Allow sharing with groups" checkbox is disabled, users cannot share their calendars with groups.

Actual behaviour

Even if "Allow sharing with groups" is disabled, every user can find all groups existing in Nextcloud and share their calendar with them.

Calendar app

Calendar app version: 2.0.4

CalDAV-clients used: none

Client configuration

Browser: Chrome 87.0.4280.88

Operating system: Mac OS 10.15.5

Server configuration

Operating system: Debian GNU/Linux 10 (buster)

Web server: nginx/1.16.1

Database: mysql Ver 15.1 Distrib 10.3.27-MariaDB

PHP version: 7.4.13

Nextcloud Version: Nextcloud 19.0.6

Updated from an older installed version or fresh install: Updated from older version

List of activated apps: 

  - accessibility: 1.5.0
  - activity: 2.12.1
  - admin_audit: 1.9.0
  - calendar: 2.0.4
  - cloud_federation_api: 1.2.0
  - comments: 1.9.0
  - contacts: 3.4.2
  - contactsinteraction: 1.0.0
  - dav: 1.15.0
  - drop_account: 0.2.1
  - external: 3.6.0
  - federatedfilesharing: 1.9.0
  - federation: 1.9.0
  - files: 1.14.0
  - files_pdfviewer: 1.8.0
  - files_rightclick: 0.16.0
  - files_sharing: 1.11.0
  - files_trashbin: 1.9.0
  - files_versions: 1.12.0
  - files_videoplayer: 1.8.0
  - firstrunwizard: 2.8.0
  - impersonate: 1.6.1
  - logreader: 2.4.0
  - lookup_server_connector: 1.7.0
  - mail: 1.4.2
  - notes: 3.6.4
  - notifications: 2.7.0
  - oauth2: 1.7.0
  - onlyoffice: 6.2.0
  - password_policy: 1.9.1
  - photos: 1.1.0
  - preferred_providers: 1.8.0
  - provisioning_api: 1.9.0
  - recommendations: 0.7.0
  - registration: 0.5.0
  - serverinfo: 1.9.0
  - settings: 1.1.0
  - sharebymail: 1.9.0
  - spreed: 9.0.6
  - systemtags: 1.9.0
  - tasks: 0.13.6
  - text: 3.0.1
  - theming: 1.10.0
  - twofactor_backupcodes: 1.8.0
  - twofactor_totp: 5.0.0
  - viewer: 1.3.0
  - workflowengine: 2.1.0

Nextcloud configuration:

{
    "system": {
        "passwordsalt": "***REMOVED SENSITIVE VALUE***",
        "secret": "***REMOVED SENSITIVE VALUE***",
        "trusted_domains": {
            "0": "localhost",
            "2": "***REMOVED SENSITIVE VALUE***"
        },
        "datadirectory": "***REMOVED SENSITIVE VALUE***",
        "dbtype": "mysql",
        "version": "19.0.6.2",
        "overwrite.cli.url": "http:\/\/localhost",
        "dbname": "***REMOVED SENSITIVE VALUE***",
        "dbhost": "***REMOVED SENSITIVE VALUE***",
        "dbport": "",
        "dbtableprefix": "oc_",
        "mysql.utf8mb4": true,
        "dbuser": "***REMOVED SENSITIVE VALUE***",
        "dbpassword": "***REMOVED SENSITIVE VALUE***",
        "installed": true,
        "instanceid": "***REMOVED SENSITIVE VALUE***",
        "memcache.local": "\\OC\\Memcache\\APCu",
        "memcache.locking": "\\OC\\Memcache\\Redis",
        "redis": {
            "host": "***REMOVED SENSITIVE VALUE***",
            "port": "6379",
            "timeout": "0.0"
        },
        "mail_from_address": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpmode": "smtp",
        "mail_sendmailmode": "smtp",
        "mail_domain": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpauthtype": "PLAIN",
        "mail_smtpauth": 1,
        "mail_smtphost": "***REMOVED SENSITIVE VALUE***",
        "mail_smtpport": "587",
        "mail_smtpsecure": "tls",
        "mail_smtpname": "***REMOVED SENSITIVE VALUE***",
        "mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
        "maintenance": false,
        "loglevel": 2
    }
}

Logs

Web server error log (e.g. /var/log/apache)

Insert your webserver log here

Log file (data/nextcloud.log)

Insert your nextcloud.log file here

Browser log

Insert your browser log here, this could for example include:

a) The javascript console log
b) The network log
c) ...
1 - to develop bug
Source
picture scorewinner
👍4

Most helpful comment

Same for Nextcloud Talk https://github.com/nextcloud/spreed/issues/5047

picture mritzmann on 29 Jan 2021
👍2

All 3 comments

Some background info:
For us as official Nextcloud provider (opsone.ch) with a couple thousand accounts on one single installation, this is a rather big problem, because users could, by accident or on purpose, share their calendars with all other users on our Nextcloud instance聽and also share confidential information by accident.
In addition to the issue with group sharing restrictions, we had multiple users complain, that they cannot unsubscribe or delete calendars that were shared with them. Worst case scenario someone shares a ton of calendars with all other users and we would have to manually remove every one of them by hand.

scorewinner picture scorewinner on 17 Dec 2020
👍2

We have exactly the same problem as @scorewinner described

sandrolf picture sandrolf on 29 Jan 2021

Same for Nextcloud Talk https://github.com/nextcloud/spreed/issues/5047

mritzmann picture mritzmann on 29 Jan 2021
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

bcag2 picture bcag2  路  4Comments
skjnldsv picture skjnldsv  路  4Comments
georgehrke picture georgehrke  路  3Comments
BornToBeRoot picture BornToBeRoot  路  3Comments
mauritslamers picture mauritslamers  路  4Comments