Announcement center "admins" can see every announcement #175

Shen · 2020-01-21T21:14:01Z

Steps to reproduce

add user 'user1' to group 'test'
add group 'test' in settings to announcement center admin-groups
post an announcement with user 'user2' to another group (not a group which user1 belongs to).
user1 is able to see the announcement

Expected behaviour

user1 should only see his own announcements and announcements of his groups.

Actual behaviour

user1 is able to see every announcement. It is a breach of privacy if a user can see announcements that are intended exclusively for another group.

Nextcloud version:
16.0.5.1

Announcement Center version:
3.5.1

nickvergessen · 2020-01-21T22:06:11Z

This won't really change for now, because you could otherwise post an announcement and have no way of deleting it again, in case you didnt set a group which you are part of.
Maybe the admin setting should adjusted a bit, but actually i didnt change the app really in a long time due to the lack of free time

Shen changed the title ~~Announcement center "admins" can see every accouncement~~ Announcement center "admins" can see every announcement Jan 21, 2020

nickvergessen added the enhancement label Mar 17, 2020

nickvergessen added feature: administration 🙆‍ feature: announcements 🗣️ 1. to develop labels Oct 7, 2020

nickvergessen added this to the 💔 Backlog milestone Jan 26, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Announcement center "admins" can see every announcement #175

Announcement center "admins" can see every announcement #175

Shen commented Jan 21, 2020

nickvergessen commented Jan 21, 2020

Announcement center "admins" can see every announcement #175

Announcement center "admins" can see every announcement #175

Comments

Shen commented Jan 21, 2020

Steps to reproduce

Expected behaviour

Actual behaviour

nickvergessen commented Jan 21, 2020