Confirm the interest of the new feature: exception to the "Restrict users to only share with users from their groups" option so that users from certain groups cannot share with each other

[dorianne-arawa]

Author : Arawa company

Important

We would like to develop a new feature to Nextcloud (through a PR). If you want to go fast on this issue, please only tell us if you validate the benefit of this feature. If yes, we will submit it through a PR (we are not asking to develop a feature, we we propose to develop it ourselves).

Request for validation of a new feature

Location of the feature

We wish to add an additional option to the Sharing settings available for the instance admins (Settings > Administration > Sharing).

Description of the feature

• One of the current available option is Restrict users to only share with users from their groups
• If the box for this setting is checked, we would like to add a selection field + text below this setting:
  • the text explains what the selection field does:
    • if a group (or groups) is inserted in this field, e.g. the local group "Guests", then users in the Guest group will not be able to share with each other
      • we have suggested a text that can be changed later on, so that it can be as clear as possible (see the screenshots below)
  • the selection field will display all the user groups of the instance (local and directory/LDAP) and will allow admins to insert one or more groups in this field

Benefits of this feature

• more privacy
• more flexible and detailed sharing options
• make "waterproof": avoid that users see each other if they shouldn't

Use case to demonstrate a benefit

In this example, the organization checked the admin setting Restrict users to only share with users from their groups and use a “Guest” group in their directory (LDAP) to group all their external users. This LDAP Guest group would then be created in Nextcloud, meaning all the guests would be able to see each other, even though they are not from the same companies. This represents a loss of privacy.

This is one example among others.

Model / Mock-up

• New option when Restrict users to only share with users from their groups is checked
  

• Choice of groups affected by the exception
  

Do not hesitate if you have any questions regarding this subject.

Nextcloud form to request a new feature

Is your feature request related to a problem? Please describe.

• we use the sharing option Restrict users to only share with users from their groups (available in Settings > Administration > Sharing)
• however, we have one group that gathers users who must not see or share with each other
• problem: the option Restrict users to only share with users from their groups is useless because of this one group

Describe the solution you'd like

• If the box for this setting is checked, we would like to add a selection field + text below this setting:
  • the text explains what the selection field does:
    • if a group (or groups) is inserted in this field, e.g. the local group "Guests", then users in the Guest group will not be able to share with each other (we have suggested a text that can be changed later on, so that it can be as clear as possible (see the screenshots below))
  • the selection field will display all the user groups of the instance (local and directory/LDAP) and will allow admins to insert one or more groups in this field

Describe alternatives you've considered

• avoid groups containing users who should not see each other (lack of flexibility)

How to use GitHub

• Please use the 👍 reaction to show that you are interested into the same feature.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

As a reminder

We would like to develop a new feature to Nextcloud (through a PR). If you want to go fast on this issue, please only tell us if you validate the benefit of this feature. If yes, we will submit it through a PR (we are not asking to develop a feature, we we propose to develop it ourselves).

[maximelehericy]

@jancborchardt or @nimishavijay WDYT ?

[nimishavijay]

Makes sense to me! Good enhancement. I suggest that we can make the wording more simple:

"Exclude some groups from sharing with users in their group"

We can also change the layout such that it is a separate item, similar to the "Exclude groups from creating link shares" item above the section.

[Clementine46]

@nimishavijay Thanks for the feedback, your wording is definitely more understandable!

However, we don't think making this option separate makes sense since it's directly related to the users share's restriction.
This option is dependent on whether or not "Restrict users to only share with users in their group" is selected, so having it be visible all the time would be confusing.

We think it makes more sense if the option only appears when "Restrict users to only share with users in their group" is selected since that's the only time it would be relevant. It would work the same way as the "Exclude groups from sharing" option.

[nimishavijay]

we don't think making this option separate makes sense since it's directly related to the users share's restriction.

Completely agree! I meant to only not have it as a subline since then the input field can be mistaken to be a part of the "Restrict users..." section and not "Exclude groups..." section.

Rough idea of what I meant

[Clementine46]

@nimishavijay Alright, sorry for the misunderstanding !

Here's an example with the text above the selection field :

Do the concept and wording seem okay to you ?

[nimishavijay]

Nice! Works for me!

[dorianne-arawa]

Hi,

Thank you very much for your review @nimishavijay !
Do you confirm that this feature can be accepted once we develop it (as a PR)?

Dorianne from Arawa

[nimishavijay]

Do you confirm that this feature can be accepted once we develop it

Sounds great from my end! :) Thank you for the contribution! :)

[dorianne-arawa]

Perfect! We are launching the development and will link this issue to the future PR :)
Thank you very much for your time and work @nimishavijay !!

[zak39]

Hi everyone 🙂

We have created the PR that answers this issue : #38173