Server: scope of the contacts menu is too broad

I think this is a duplicate of #4656

Well, no duplicate because the quoted issue is closed already / there has been the pledge to open a separate issue.
In my opinion, the users that appear on the contacts screen should be limited to the users who share the [ldap|local|whateve auth engine is applied] groups of the current user PLUS all contacts in the user's address books.

Yeah, of course we need some means to show the most relevant contacts first. As described in the spec https://github.com/nextcloud/server/issues/207:

The contacts are sorted by last interaction. It’s easiest and most obvious for the first iteration. (Instead of also factoring in frequency etc)

cc @ChristophWurst @nextcloud/javascript @nextcloud/chat :)

When this option is enabled, users NOT in the same group and NOT in the address book should never be displayed.

Doesn't look hard to implement, as the logic for the sharing pulldown could be used as filter.

Until then, no other way than hacking the source code 😕

When this option is enabled, users NOT in the same group and NOT in the address book should never be displayed.

@GitHubUser4234 that option is irrelevant for the environment I described. There the address book is disabled and users should be able to share outside of their groups. And still the current scope of the contacts menu is too broad.

@DanScharon I see, well, my reply was referring more to @joergmschulz's comment. So we do have somewhat different requirements, but it looks like simply offering to disable the contact list could serve as common ground.

@GitHubUser4234 as far as I know this has been fixed. Cc @ChristophWurst @MorrisJobke for comment.

@DanScharon please see my comment. The spec intends better focus and it's a matter of time and resources to implement it.

@jancborchardt Is it? I thought that currently it can only be disabled when autocompletion in share dialog is disabled (#4656)? Sure I'll be happy to be proven wrong 😸

Hi, is someone working on this issue?

@sananirajabov not that I'm aware of :)

@skjnldsv perfect :)

On top of all that if you want the users on the platform not to be able to autocomplete/see other users, disabling that option in sharing settings does not prevent leaks in other apps that do use system addressbook. Those like circles or calendars (when adding attendees) do autocomplete users and give suggestions in dropdown menu.

My current idea for a work around the issue is basically deleting all contacts from the system addressbook (from oc_cards_properties). I would like to know if this has any implication to the way things work. I checked file sharing, talk, calendar, contacts and seems like everything works properly (users cant see eachother using autocomplete suggestion but when typing the entire user name).
I would like to get rid of the issue asap, but would like some re-assuring that this will not back fire if i missed something.

Also in case this gets solved in the future, there is a way via occ to rebuild user addressbook. The problem is it fetches only 500 users from the db. Is there a way to do it for all users?

Edit:
Seems like you can't add users from nextlcoud as attendee of calendar event, unless user figures in personal addressbook.

I have a question about searching users. Now, I limited users by sharing something with me, that's way now when I click to search users section just shared users appear, but when I search a user it only search in shared users because I retrieve users from database only who shared something with me. I think this implementation is right, but I am not sure. Could you share your opinions about this question?

I opened #23124 which was closed as duplicate of this one here.
In my understanding this is a information leak and maybe it is just the most easy implementation to not show the whole directory tree but only the ones from the LDAP filter that is set in the LDAP settings.