Group Admins can't access own settings #20193
Description
Steps to reproduce
This is an example of the user- and group-structure in my nextcloud:
Admin
User 1 (Group: admin, group_1, group_2; Admin for: group_1, group_2)
User 2 (Group: group_1; Admin for: group_1)
User 3 (Group: none; Admin for: none)
Now, in this constellation, the User_2 can’t access his own settings. If i remove the user as admin for group_1, the settings are accessible again. Everything else seems to work as it should.
Expected behaviour
Every user can still access their own settings
Actual behaviour
Group admin can not access their own settings. Sends them back to the default app.
Server configuration detail
Operating system: Linux 4.4.0-174-generic #204-Ubuntu SMP Wed Jan 29 06:41:01 UTC 2020 x86_64
Webserver: nginx/1.10.3 (fpm-fcgi)
Database: mysql 5.7.29
PHP version:
7.2.28-3+ubuntu16.04.1+deb.sury.org+1
Modules loaded: Core, date, libxml, openssl, pcre, zlib, filter, hash, Reflection, SPL, sodium, session, standard, cgi-fcgi, mysqlnd, PDO, xml, apcu, calendar, ctype, curl, dom, mbstring, fileinfo, ftp, gd, gettext, iconv, imagick, intl, json, exif, mysqli, pdo_mysql, Phar, posix, readline, shmop, SimpleXML, smbclient, sockets, sysvmsg, sysvsem, sysvshm, tokenizer, wddx, xmlreader, xmlwriter, xsl, zip, libsmbclient, Zend OPcache
Nextcloud version: 18.0.3 - 18.0.3.0
Updated from an older Nextcloud/ownCloud or fresh install: since OC6
Where did you install Nextcloud from: unknown
Signing status
Array
(
)
List of activated apps
Enabled:
- accessibility: 1.4.0
- activity: 2.11.0
- admin_audit: 1.8.0
- apporder: 0.9.0
- bruteforcesettings: 1.5.0
- calendar: 2.0.2
- cloud_federation_api: 1.1.0
- comments: 1.8.0
- contacts: 3.2.0
- dav: 1.14.0
- deck: 0.8.0
- documentserver_community: 0.1.5
- extract: 1.2.3
- federatedfilesharing: 1.8.0
- files: 1.13.1
- files_accesscontrol: 1.8.1
- files_automatedtagging: 1.8.2
- files_fulltextsearch: 1.4.1
- files_linkeditor: 1.0.13
- files_pdfviewer: 1.7.0
- files_rightclick: 0.15.2
- files_sharing: 1.10.1
- files_trashbin: 1.8.0
- files_versions: 1.11.0
- files_videoplayer: 1.7.0
- flowupload: 0.1.8
- fulltextsearch: 1.4.1
- fulltextsearch_elasticsearch: 1.5.0
- groupfolders: 6.0.3
- impersonate: 1.5.0
- issuetemplate: 0.6.0
- logreader: 2.3.0
- lookup_server_connector: 1.6.0
- mail: 1.1.4
- metadata: 0.11.1
- notifications: 2.6.0
- oauth2: 1.6.0
- ocdownloader: 1.7.6
- onlyoffice: 4.1.4
- password_policy: 1.8.0
- passwords: 2020.3.1
- photos: 1.0.0
- previewgenerator: 2.2.0
- privacy: 1.2.0
- provisioning_api: 1.8.0
- quota_warning: 1.7.0
- recommendations: 0.6.0
- registration: 0.4.7
- serverinfo: 1.8.0
- settings: 1.0.0
- sharebymail: 1.8.0
- spreed: 8.0.5
- systemtags: 1.8.0
- tasks: 0.12.1
- text: 2.0.0
- theming: 1.9.0
- twofactor_backupcodes: 1.7.0
- twofactor_email: 1.0.1
- twofactor_totp: 4.1.3
- updatenotification: 1.8.0
- viewer: 1.2.0
- workflowengine: 2.0.0
Disabled:
- encryption
- federation
- files_external
- firstrunwizard
- nextcloud_announcements
- support
- survey_client
- user_ldap
Configuration (config/config.php)
{
"knowledgebaseenabled": false,
"enable_previews": true,
"preview_max_x": 2048,
"preview_max_y": 2048,
"preview_libreoffice_path": "\/usr\/bin\/libreoffice",
"preview_office_cl_parameters": " --headless --nologo --nofirststartwizard --invisible --norestore --convert-to png --outdir ",
"enabledPreviewProviders": [
"OC\\Preview\\PNG",
"OC\\Preview\\JPEG",
"OC\\Preview\\GIF",
"OC\\Preview\\BMP",
"OC\\Preview\\XBitmap",
"OC\\Preview\\MP3",
"OC\\Preview\\TXT",
"OC\\Preview\\MarkDown",
"OC\\Preview\\PDF",
"OC\\Preview\\Illustrator",
"OC\\Preview\\Movie",
"OC\\Preview\\MSOffice2003",
"OC\\Preview\\MSOffice2007",
"OC\\Preview\\MSOfficeDoc",
"OC\\Preview\\OpenDocument",
"OC\\Preview\\Photoshop",
"OC\\Preview\\Postscript",
"OC\\Preview\\StarOffice",
"OC\\Preview\\SVG",
"OC\\Preview\\TIFF"
],
"apps_paths": [
{
"path": "\/var\/www\/nextcloud\/apps",
"url": "\/apps",
"writable": true
}
],
"defaultapp": "apporder",
"xframe_restriction": true,
"activity_expire_days": 30,
"versions_retention_obligation": "disabled",
"minimum.supported.desktop.version": "1.7.0",
"memcache.locking": "\\OC\\Memcache\\Redis",
"memcache.local": "\\OC\\Memcache\\APCu",
"asset-pipeline.enabled": true,
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"dbtype": "mysql",
"version": "18.0.3.0",
"installed": true,
"forcessl": true,
"default_language": "de",
"maintenance": false,
"filelocking.enabled": true,
"loglevel": 2,
"logfile": "\/media\/DATA\/data\/nextcloud.log",
"logtimezone": "Europe\/Berlin",
"log_rotate_size": 10485760,
"trusted_domains": [
"**REMOVED**"
],
"appstoreenabled": true,
"appstore.experimental.enabled": true,
"blacklisted_files": [
"._*",
".DS_Store",
".DS_STORE",
".ds_store",
"*.vvv",
"*.cerber",
"*.desktop",
"*.tmp",
"*.aesir",
"*.odin"
],
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trashbin_retention_obligation": "auto, 30",
"updater.release.channel": "stable",
"mail_smtpmode": "smtp",
"mail_smtpauthtype": "LOGIN",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "587",
"session_lifetime": 10800,
"session_keepalive": true,
"mail_smtpsecure": "tls",
"mail_smtpauth": 1,
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"filesystem_check_changes": 0,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"overwrite.cli.url": "https:\/\/**FQDN**.de",
"instanceid": "***REMOVED SENSITIVE VALUE***",
"theme": "",
"data-fingerprint": "0fde090144b8dadc7eafe99aeadc6828",
"skeletondirectory": "\/media\/DATA\/data\/skeletondir",
"mysql.utf8mb4": true
}
There is no mentions in the logs. The browser also reports normal behaviour.