Skip to content

feat(accounts): add admin-configurable per-property scope ceiling#60350

Draft
miaulalala wants to merge 1 commit into
masterfrom
feat/noid/admin-max-property-scope
Draft

feat(accounts): add admin-configurable per-property scope ceiling#60350
miaulalala wants to merge 1 commit into
masterfrom
feat/noid/admin-max-property-scope

Conversation

@miaulalala

@miaulalala miaulalala commented May 13, 2026

Copy link
Copy Markdown
Contributor

Summary

Admins can now enforce a maximum visibility scope per account property via config.php:

'account_manager.max_property_scope' => [
    'email'   => 'v2-local',   // users cannot make their email more visible than "Local"
    'website' => 'v2-local',
],
  • Backend (AccountManager::testPropertyScope): rejects any scope exceeding the configured ceiling — API returns Invalid scope (101)
  • Frontend (FederationControl.vue): reads maxPropertyScopes from accountParameters initial state and filters out disallowed options from the scope picker, so users only see choices their admin permits
  • PersonalInfo.php: sanitises and passes account_manager.max_property_scope to the frontend (only valid property/scope pairs are forwarded)
  • IAccountManager: adds SCOPE_ORDER constant documenting the visibility ordering used for ceiling comparisons

Also fixes a latent mutation bug in FederationControl.vue where supportedScopes was pushing into the inner arrays of the Object.freezed PROPERTY_READABLE_SUPPORTED_SCOPES_ENUM constant, causing duplicate entries to accumulate across re-renders.

Test plan

  • NOCOVERAGE=1 ./autotest.sh sqlite tests/lib/Accounts/AccountManagerTest.php — all 54 tests pass including 3 new ones
  • Add 'account_manager.max_property_scope' => ['website' => 'v2-local'] to config.php
  • Verify the website scope picker in personal settings only shows Private / Local
  • Verify PUT /ocs/v2.php/cloud/users/<uid> with websiteScope=v2-federated returns 400
  • Verify the same request with websiteScope=v2-local succeeds

🤖 Generated with Claude Code

@miaulalala miaulalala requested review from a team as code owners May 13, 2026 12:45
@miaulalala miaulalala requested review from ArtificialOwl, nfebe, salmart-dev, sorbaugh and susnux and removed request for a team May 13, 2026 12:45
@miaulalala miaulalala self-assigned this May 13, 2026
@miaulalala miaulalala added enhancement 2. developing Work in progress feature: profile PRs or issues related to the Profile feature (e.g. Profile page, API, etc.) 32-feedback 33-feedback AI assisted labels May 13, 2026
@miaulalala miaulalala force-pushed the feat/noid/admin-max-property-scope branch from 0882f51 to 2b68a36 Compare May 13, 2026 13:42
@miaulalala miaulalala marked this pull request as draft May 13, 2026 14:02
@miaulalala miaulalala force-pushed the feat/noid/admin-max-property-scope branch from 2b68a36 to 3b3cf6a Compare May 18, 2026 14:26
@miaulalala
feat(accounts): add admin-configurable per-property scope ceiling
3ba2eb7 
Admins can now set a maximum allowed visibility scope per account
property via the system config key `account_manager.max_property_scope`
(array of property name => max scope, e.g.
`['email' => 'v2-local', 'website' => 'v2-local']`).

Backend (`AccountManager::testPropertyScope`) rejects any scope that
exceeds the configured ceiling, returning `Invalid scope` via the API.
The frontend (`FederationControl.vue`) also filters out disallowed
scope options so users only see choices their admin permits.
`PersonalInfo.php` sanitises and passes the config to the frontend
via initial state.

`IAccountManager` adds `PROPERTY_SCOPE_ORDER` documenting the
visibility ordering used for ceiling comparisons.

Also fixes a latent mutation bug in `FederationControl.vue` where
`supportedScopes` was calling `.push()` on the inner arrays of the
`Object.freeze`d `PROPERTY_READABLE_SUPPORTED_SCOPES_ENUM` constant,
causing duplicate entries to accumulate across re-renders.

Signed-off-by: Anna Larch <anna@nextcloud.com>
AI-Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@miaulalala miaulalala force-pushed the feat/noid/admin-max-property-scope branch from 3b3cf6a to 3ba2eb7 Compare May 18, 2026 16:04
@susnux susnux added this to the Nextcloud 35 milestone Jun 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@susnux susnux Awaiting requested review from susnux susnux is a code owner automatically assigned from nextcloud/server-frontend

@nfebe nfebe Awaiting requested review from nfebe nfebe is a code owner automatically assigned from nextcloud/server-frontend

@sorbaugh sorbaugh Awaiting requested review from sorbaugh sorbaugh is a code owner automatically assigned from nextcloud/server-frontend

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl is a code owner automatically assigned from nextcloud/server-backend

@salmart-dev salmart-dev Awaiting requested review from salmart-dev salmart-dev is a code owner automatically assigned from nextcloud/server-backend

At least 2 approving reviews are required to merge this pull request.

Assignees

@miaulalala miaulalala

Labels

2. developing Work in progress 32-feedback 33-feedback AI assisted enhancement feature: profile PRs or issues related to the Profile feature (e.g. Profile page, API, etc.)

Projects

None yet

Milestone

Nextcloud 35

Development

Successfully merging this pull request may close these issues.

2 participants

@miaulalala @susnux