Server: NC12 Beta1 displays ALL Users of the NC instance

@LukasReschke

and @ChristophWurst as well :wink:

This is the intended behavior, IMO.

Note that apps that use the contacts manager API, like the Mail app for example, gets the same data when it queries contact information.
Also note that it will show a maximum of 20 contacts. Hence you don't see all other users.

o.O intended behavior?

Well, I can't deploy NC 12 for my customers if they have the ability to see 20 other customers and their usernames from a simple drop-down menu...

I just noticed it displays the Full Name instead of the username.. That's a way more critical.. I'm just thinking about the privacy policy..

No user should see other user's Full Name without their approval.. that's like making my customers list publicly accessible

cc @LukasReschke @karlitschek what do you think? Seems we need an admin setting for this, just like the share API?

»Show internal users in contacts menu« – enabled by default

Or what do you think?

cc @LukasReschke @karlitschek what do you think? Seems we need an admin setting for this, just like the share API?
»Show internal users in contacts menu« – enabled by default

SGTM. For now my workaround is to edit the core\templates\layout.user.php and comment out the <div id="contactsmenu"> section. I really hope, I don't have to do that in the final version ;-)

what do you think? Seems we need an admin setting for this, just like the share API?

Why doesn't it just use the sharing setting we have that can limits sharing to users within the own groups. That was what I would expect to apply there too.

@juliushaertl makes sense. @jospoortvliet @karlitschek @LukasReschke any further input?

I think it makes sense. When you don't share you don't collaborate so not being able to communicate (unless you have that person in your own address book of course) makes sense. If there's a use case where it needs to be separated out later on, we can do that... But this is probably good enough for 99%.

I think reusing the sharing setting makes sense. No need for another switch

If username-autocompletion is disabled, the contacts-menu should never ever show local users:

Groups, which are excluded from sharing should not see local users at all:

If sharing is restricted to users own groups, he should only see contacts from his groups:

We may also want to overthink the federation lookup-settings, since they could be also used for contacts-menu on user-side: 🤔 @schiessle

Just remarked, that setting your full name to "Local" makes you invisible from the contacts menu 🤔 Intended? @ChristophWurst

So, the only way to separate personal data from different tenants would be to build separate NC instances, true?

I'd prefer groups to be the differentiator: People who don't share any access control group shouldn't be visible to each other. Remains the question: how does NC know a group is an access control group?
For LDAP, this could be a property like BusinessCategory.

Fix is in #4757.

Please visit my comment again: https://github.com/nextcloud/server/issues/4656#issuecomment-299408347 - I think this issue is only fixed in parts, since we still gut reports like:

https://help.nextcloud.com/t/hide-users-from-contacts-menu/12956/
https://github.com/nextcloud/server/issues/5096 (showing contacts menu with LDAP backend)

Please file a new issue for this enhancement request.

This hasn't been fixed. I don't understand how this isn't a priority security issue, especially if an entity like me has multiple platforms centralizing together. Where is the new enhancement request or do we really need to re-create the same issue?

Referring to issue from OP:

All users are in different groups and should be handled like different customers.

@karlitschek answer was the best. Give us that option with permissions:

I think reusing the sharing setting makes sense. No need for another switch

Also, give the contacts-app permissions to access the internal users and match the group permissions as well please (this might be a separate issue for contacts-app) <3

This seems to be the only solution until this is resolved (Not tested):
https://help.nextcloud.com/t/why-any-user-can-view-all-the-contacts-belonging-to-other-groups/22642/4

I'm using NextCloud Pi and I can see right off the bat after installing XMPP that the 'ncp' user is exposed in the contacts list. It would be super cool if I could disable specific users from even showing up/being available for XMPP or limit the available contacts to a specific group.

This is likely an issue in the XMPP app - which either doesn't respect the settings or handles this by itself, or would need that feature. It isn't really relevant here.