diff options
| author | nfebe <fenn25.fn@gmail.com> | 2025-06-03 08:08:49 +0100 |
|---|---|---|
| committer | backportbot[bot] <backportbot[bot]@users.noreply.github.com> | 2025-06-03 14:41:56 +0000 |
| commit | bebe8377b4d2e878935d3a313c5f8e38078c0371 (patch) | |
| tree | f00c96e7ddd1ba9f3812366ca1686914769d19e9 | |
| parent | dfcac1057b0d6c0f028024acad810af0b7f8f382 (diff) | |
| download | nextcloud-server-backport/53275/stable31.tar.gz nextcloud-server-backport/53275/stable31.zip | |
fix(provisioning_api): Allow group details access for users with admin delegationbackport/53275/stable31
This fixes an issue where users with "Administration privileges → Users" could not access
the groups details endpoint in the provisioning API, resulting in a 403 Forbidden error.
There is a problem with adding the `AuthorizedAdminSetting` attribute (middleware)
that only allows access to users with Sharing admin privileges.
Users with "`Users` admin" privileges should also be able to access group details.
Resolves: https://github.com/nextcloud/server/issues/52617
Signed-off-by: nfebe <fenn25.fn@gmail.com>
| -rw-r--r-- | apps/provisioning_api/lib/Controller/GroupsController.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/apps/provisioning_api/lib/Controller/GroupsController.php b/apps/provisioning_api/lib/Controller/GroupsController.php index 3d9fa6b1cfc..37af51419df 100644 --- a/apps/provisioning_api/lib/Controller/GroupsController.php +++ b/apps/provisioning_api/lib/Controller/GroupsController.php @@ -98,6 +98,7 @@ class GroupsController extends AUserDataOCSController { */ #[NoAdminRequired] #[AuthorizedAdminSetting(settings: Sharing::class)] + #[AuthorizedAdminSetting(settings: Users::class)] public function getGroupsDetails(string $search = '', ?int $limit = null, int $offset = 0): DataResponse { $groups = $this->groupManager->search($search, $limit, $offset); $groups = array_values(array_map(function ($group) { |