From 381decca493ffbdec9356142a02b5a3edb8284d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julius=20H=C3=A4rtl?=
Date: Tue, 18 Feb 2020 19:42:57 +0100
Subject: [PATCH] Add setting to restrict user enumeration to groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Julius Härtl
---
apps/settings/js/admin.js | 4 ++++
apps/settings/lib/Settings/Admin/Sharing.php | 1 +
apps/settings/templates/settings/admin/sharing.php | 8 ++++++++
3 files changed, 13 insertions(+)
diff --git a/apps/settings/js/admin.js b/apps/settings/js/admin.js
index e798cd8d19..dfe9b8caba 100644
--- a/apps/settings/js/admin.js
+++ b/apps/settings/js/admin.js
@@ -142,6 +142,10 @@ $(document).ready(function(){
savePublicShareDisclaimerText(this.value);
});
+ $('#shareapi_allow_share_dialog_user_enumeration').on('change', function() {
+ $('#shareapi_restrict_user_enumeration_to_group_setting').toggleClass('hidden', !this.checked);
+ })
+
$('#allowLinks').change(function() {
$("#publicLinkSettings").toggleClass('hidden', !this.checked);
$('#setDefaultExpireDate').toggleClass('hidden', !(this.checked && $('#shareapiDefaultExpireDate')[0].checked));
diff --git a/apps/settings/lib/Settings/Admin/Sharing.php b/apps/settings/lib/Settings/Admin/Sharing.php
index 495af9d537..980e579d36 100644
--- a/apps/settings/lib/Settings/Admin/Sharing.php
+++ b/apps/settings/lib/Settings/Admin/Sharing.php
@@ -73,6 +73,7 @@ class Sharing implements ISettings {
'allowPublicUpload' => $this->config->getAppValue('core', 'shareapi_allow_public_upload', 'yes'),
'allowResharing' => $this->config->getAppValue('core', 'shareapi_allow_resharing', 'yes'),
'allowShareDialogUserEnumeration' => $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes'),
+ 'restrictUserEnumerationToGroup' => $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no'),
'enforceLinkPassword' => Util::isPublicLinkPasswordRequired(),
'onlyShareWithGroupMembers' => $this->shareManager->shareWithGroupMembersOnly(),
'shareAPIEnabled' => $this->config->getAppValue('core', 'shareapi_enabled', 'yes'),
diff --git a/apps/settings/templates/settings/admin/sharing.php b/apps/settings/templates/settings/admin/sharing.php
index 2bca48ce4a..c7f3ff16b7 100644
--- a/apps/settings/templates/settings/admin/sharing.php
+++ b/apps/settings/templates/settings/admin/sharing.php
@@ -109,11 +109,19 @@
t('These groups will still be able to receive shares, but not to initiate them.')); ?>
+
/>
+
+
+ />
+
+
+
/>