Limit Apps to Groups still displays settings in all users' settings

[72Zn]

Limiting an installed App, that adds settings to users' settings pages, to groups, still shows the app's settings in the settings pane of all users of all groups.

Steps to reproduce

Tested with two apps.

App 'TOTP second-factor auth'

1. As admin user goto Apps -> Security and enable 'Two Factor TOTP Provider'
2. Goto Apps -> Enabled apps
   • find 'Two Factor TOTP Provider'
   • check 'limit to groups', choose group 'admin'
3. Login as normal user
4. Goto settings -> security page
   • scroll down, find 'TOTP second-factor auth' and click '[ ] Enable TOTP'

App 'Two Factor U2F'

1. As admin user goto Apps -> Security and enable 'Two Factor U2F'
2. Goto Apps -> Enabled apps
   • find 'Two Factor U2F'
   • check 'limit to groups', choose group 'admin'
3. Login as normal user
4. Goto settings -> security page
   • scroll down, find 'U2F second-factor auth', click 'Add U2F device'
   • observe error 'Cannot read property 'appId' of undefined'

Expected behaviour

The settings of the limited app should not be shown for users in other groups.

Actual behaviour

The settings of the limited app are visible on the settings pane of all users, regardless of group. Editing settings leads to undefined behavior.

Server configuration

Operating system:
Distributor ID: Ubuntu
Description: Ubuntu 18.04 LTS
Release: 18.04
Codename: bionic

Web server:
Server version: Apache/2.4.29 (Ubuntu)
Server built: 2018-04-25T11:38:24

Database:
mysql Ver 15.1 Distrib 10.1.29-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

PHP version:
PHP 7.2.5-0ubuntu0.18.04.1 (cli) (built: May 9 2018 17:21:02) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.2.5-0ubuntu0.18.04.1, Copyright (c) 1999-2018, by Zend Technologies

Nextcloud version: (see Nextcloud admin page)
Nextcloud 13.0.4

Updated from an older Nextcloud/ownCloud or fresh install:
updated from Nextcloud 12

Where did you install Nextcloud from:
wget https://download.nextcloud.com/server/releases/latest-${NC_MAJOR_VERSION}.tar.bz2

Signing status:

Signing status

No errors have been found.

List of activated apps:

App list

Enabled: - activity: 2.6.1 - admin_audit: 1.3.0 - calendar: 1.6.1 - comments: 1.3.0 - contacts: 2.1.5 - dav: 1.4.7 - federatedfilesharing: 1.3.1 - federation: 1.3.0 - files: 1.8.0 - files_external: 1.4.1 - files_pdfviewer: 1.2.1 - files_sharing: 1.5.0 - files_texteditor: 2.5.1 - files_trashbin: 1.3.0 - files_versions: 1.6.0 - files_videoplayer: 1.2.0 - firstrunwizard: 2.2.1 - gallery: 18.0.0 - logreader: 2.0.0 - lookup_server_connector: 1.1.0 - nextcloud_announcements: 1.2.0 - notifications: 2.1.2 - oauth2: 1.1.1 - password_policy: 1.3.0 - provisioning_api: 1.3.0 - richdocuments: 2.0.9 - serverinfo: 1.3.0 - sharebymail: 1.3.0 - systemtags: 1.3.0 - theming: 1.4.5 - twofactor_backupcodes: 1.2.3 - twofactor_totp: 1.4.1 - twofactor_u2f: 1.5.5 - updatenotification: 1.3.0 - user_pwauth: 2.5.1 - workflowengine: 1.3.0

Nextcloud configuration:

Config report

{ "system": { "instanceid": "***REMOVED SENSITIVE VALUE***", "passwordsalt": "***REMOVED SENSITIVE VALUE***", "secret": "***REMOVED SENSITIVE VALUE***", "trusted_domains": [ "***REMOVED SENSITIVE VALUE***" ], "datadirectory": "***REMOVED SENSITIVE VALUE***", "overwrite.cli.url": "https:\/\/***REMOVED SENSITIVE VALUE***", "dbtype": "mysql", "version": "13.0.4.0", "dbname": "***REMOVED SENSITIVE VALUE***", "dbhost": "***REMOVED SENSITIVE VALUE***", "dbport": "", "dbtableprefix": "oc_", "dbuser": "***REMOVED SENSITIVE VALUE***", "dbpassword": "***REMOVED SENSITIVE VALUE***", "installed": true, "maintenance": false, "memcache.local": "\\OC\\Memcache\\APCu", "loglevel": 1, "theme": "" } }

Are you using external storage, if yes which one: local/smb/sftp/...
no

Are you using encryption: yes/no
no

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/...
no

Client configuration

Browser:
Mozilla Firefox 60.0.2
Vivaldi 1.15.1147.36

Operating system:
Distributor ID: Ubuntu
Description: Ubuntu 18.04 LTS
Release: 18.04
Codename: bionic

[ChristophWurst]

Hey @72Zn,

I just tried to reproduce your issue since we're about to release yet another beta of the upcoming Nextcloud 14 (#10502) and I cannot reproduce this anymore.

I have

• Create a new user
• Created a new group
• Enabled TOTP for the new group
• Loggged in as the new user
• Visited security settings

-> There were no TOTP settings. Also, I've attached a debugger and our core correctly detects that the app is not enabled for that user and so it does not load the settings pages.

It's possible that this is only a bug in Nextcloud 13. I think @blizzz has changed the registration of settings a bit in this release, so this might have resolved this bug magically.

I'm closing this ticket as being fixed. Please test Nextcloud 14 (either beta if you're eager or when it's officially released). Please notify me if the bug still occurs for you.

Thanks for reporting!