diff options
| author | nfebe <fenn25.fn@gmail.com> | 2025-06-03 08:08:49 +0100 |
|---|---|---|
| committer | nfebe <fenn25.fn@gmail.com> | 2025-06-03 09:05:31 +0100 |
| commit | b647ca6c2644914b2658194677690be67ae6007e (patch) | |
| tree | 7a703e5b957905ffee0000da9db35cd21bf0330d | |
| parent | b54803b476347c5e8b2834feca7f95a564d30cb3 (diff) | |
| download | nextcloud-server-fix/52617/fix-group-admin-delegation.tar.gz nextcloud-server-fix/52617/fix-group-admin-delegation.zip | |
fix(provisioning_api): Allow group details access for users with admin delegationfix/52617/fix-group-admin-delegation
This fixes an issue where users with "Administration privileges → Users" could not access
the groups details endpoint in the provisioning API, resulting in a 403 Forbidden error.
There is a problem with adding the `AuthorizedAdminSetting` attribute (middleware)
that only allows access to users with Sharing admin privileges.
Users with "`Users` admin" privileges should also be able to access group details.
Resolves: https://github.com/nextcloud/server/issues/52617
Signed-off-by: nfebe <fenn25.fn@gmail.com>
| -rw-r--r-- | apps/provisioning_api/lib/Controller/GroupsController.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/apps/provisioning_api/lib/Controller/GroupsController.php b/apps/provisioning_api/lib/Controller/GroupsController.php index 3d9fa6b1cfc..37af51419df 100644 --- a/apps/provisioning_api/lib/Controller/GroupsController.php +++ b/apps/provisioning_api/lib/Controller/GroupsController.php @@ -98,6 +98,7 @@ class GroupsController extends AUserDataOCSController { */ #[NoAdminRequired] #[AuthorizedAdminSetting(settings: Sharing::class)] + #[AuthorizedAdminSetting(settings: Users::class)] public function getGroupsDetails(string $search = '', ?int $limit = null, int $offset = 0): DataResponse { $groups = $this->groupManager->search($search, $limit, $offset); $groups = array_values(array_map(function ($group) { |