Try to change a users group: the group admin can see all groups, although he is only admin of one group. But fortunately group admin gets an “authorization error” when assigning users to group without admin privileges for that group
Expected behaviour
Group admin can only see the group he is admin of (like in all versions below 10.9)
Actual behaviour
Group admin can see all groups
Server configuration
Operating system: Debian Bullseye
Web server: Apache2
Database: MySQL
PHP version: 7.4
ownCloud version: 10.9.1
Updated from an older ownCloud or fresh install: Updated
Where did you install ownCloud from: tar.gz
Signing status (ownCloud 9.0 and above): OK
List of activated apps:
Enabled:
activity:
Version: 2.7.0
Path: /var/www/owncloud/apps/activity
comments:
Version: 0.3.0
Path: /var/www/owncloud/apps/comments
configreport:
Version: 0.2.0
Path: /var/www/owncloud/apps/configreport
dav:
Version: 0.7.0
Path: /var/www/owncloud/apps/dav
federatedfilesharing:
Version: 0.5.0
Path: /var/www/owncloud/apps/federatedfilesharing
federation:
Version: 0.1.0
Path: /var/www/owncloud/apps/federation
files:
Version: 1.5.2
Path: /var/www/owncloud/apps/files
files_external:
Version: 0.8.0
Path: /var/www/owncloud/apps/files_external
files_mediaviewer:
Version: 1.0.5
Path: /var/www/owncloud/apps/files_mediaviewer
files_pdfviewer:
Version: 1.0.1
Path: /var/www/owncloud/apps/files_pdfviewer
files_sharing:
Version: 0.14.0
Path: /var/www/owncloud/apps/files_sharing
files_texteditor:
Version: 2.4.1
Path: /var/www/owncloud/apps/files_texteditor
files_trashbin:
Version: 0.9.1
Path: /var/www/owncloud/apps/files_trashbin
files_versions:
Version: 1.3.0
Path: /var/www/owncloud/apps/files_versions
firstrunwizard:
Version: 1.2.0
Path: /var/www/owncloud/apps/firstrunwizard
gallery:
Version: 16.1.2
Path: /var/www/owncloud/apps/gallery
market:
Version: 0.6.2
Path: /var/www/owncloud/apps/market
notifications:
Version: 0.5.4
Path: /var/www/owncloud/apps/notifications
provisioning_api:
Version: 0.5.0
Path: /var/www/owncloud/apps/provisioning_api
templateeditor:
Version: 0.4.0
Path: /var/www/owncloud/apps/templateeditor
twofactor_totp:
Version: 0.7.4
Path: /var/www/owncloud/apps/twofactor_totp
updatenotification:
Version: 0.2.1
Path: /var/www/owncloud/apps/updatenotification
Are you using external storage, if yes which one: no
Are you using encryption: no
Are you using an external user-backend, if yes which one: no
Thanks for reporting this. I was able to verify the issue and reported it to the development team.
In this case it might have already made sense for you to open a Github ticket. You are more then welcome to open a topic about a github ticket, but in general most discussion happens in Github.
We should link the Github ticket here, once it has been created.
(Github will auto forward you to the second link if you concatenate .patch at the end of the first)
cd /var/www/owncloud
# or wherever your ownCloud is installed
wget https://patch-diff.githubusercontent.com/raw/owncloud/core/pull/39752.patch
patch -p 1 < 39752.patch
rm 39752.patch
# so the file doesn't show up in the file integrity check