Skip to content

feat(accounts): add admin-configurable per-property scope ceiling#60350

Draft
miaulalala wants to merge 1 commit into
masterfrom
feat/noid/admin-max-property-scope
Draft

feat(accounts): add admin-configurable per-property scope ceiling#60350
miaulalala wants to merge 1 commit into
masterfrom
feat/noid/admin-max-property-scope

Conversation

@miaulalala
Copy link
Copy Markdown
Contributor

@miaulalala miaulalala commented May 13, 2026

Summary

Admins can now enforce a maximum visibility scope per account property via config.php:

'account_manager.max_property_scope' => [
    'email'   => 'v2-local',   // users cannot make their email more visible than "Local"
    'website' => 'v2-local',
],
  • Backend (AccountManager::testPropertyScope): rejects any scope exceeding the configured ceiling — API returns Invalid scope (101)
  • Frontend (FederationControl.vue): reads maxPropertyScopes from accountParameters initial state and filters out disallowed options from the scope picker, so users only see choices their admin permits
  • PersonalInfo.php: sanitises and passes account_manager.max_property_scope to the frontend (only valid property/scope pairs are forwarded)
  • IAccountManager: adds SCOPE_ORDER constant documenting the visibility ordering used for ceiling comparisons

Also fixes a latent mutation bug in FederationControl.vue where supportedScopes was pushing into the inner arrays of the Object.freezed PROPERTY_READABLE_SUPPORTED_SCOPES_ENUM constant, causing duplicate entries to accumulate across re-renders.

Test plan

  • NOCOVERAGE=1 ./autotest.sh sqlite tests/lib/Accounts/AccountManagerTest.php — all 54 tests pass including 3 new ones
  • Add 'account_manager.max_property_scope' => ['website' => 'v2-local'] to config.php
  • Verify the website scope picker in personal settings only shows Private / Local
  • Verify PUT /ocs/v2.php/cloud/users/<uid> with websiteScope=v2-federated returns 400
  • Verify the same request with websiteScope=v2-local succeeds

🤖 Generated with Claude Code

@miaulalala miaulalala requested review from a team as code owners May 13, 2026 12:45
@miaulalala miaulalala requested review from ArtificialOwl, nfebe, salmart-dev, sorbaugh and susnux and removed request for a team May 13, 2026 12:45
@miaulalala miaulalala self-assigned this May 13, 2026
@miaulalala miaulalala added enhancement 2. developing Work in progress feature: profile PRs or issues related to the Profile feature (e.g. Profile page, API, etc.) 32-feedback 33-feedback AI assisted labels May 13, 2026
@miaulalala
feat(accounts): add admin-configurable per-property scope ceiling
2b68a36 
Admins can now set a maximum allowed visibility scope per account
property via the system config key `account_manager.max_property_scope`
(array of property name => max scope, e.g.
`['email' => 'v2-local', 'website' => 'v2-local']`).

Backend (`AccountManager::testPropertyScope`) rejects any scope that
exceeds the configured ceiling, returning `Invalid scope` via the API.
The frontend (`FederationControl.vue`) also filters out disallowed
scope options so users only see choices their admin permits.
`PersonalInfo.php` sanitises and passes the config to the frontend
via initial state.

`IAccountManager` adds `PROPERTY_SCOPE_ORDER` documenting the
visibility ordering used for ceiling comparisons.

Also fixes a latent mutation bug in `FederationControl.vue` where
`supportedScopes` was calling `.push()` on the inner arrays of the
`Object.freeze`d `PROPERTY_READABLE_SUPPORTED_SCOPES_ENUM` constant,
causing duplicate entries to accumulate across re-renders.

Signed-off-by: Anna Larch <anna@nextcloud.com>
AI-Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@miaulalala miaulalala force-pushed the feat/noid/admin-max-property-scope branch from 0882f51 to 2b68a36 Compare May 13, 2026 13:42
@miaulalala miaulalala marked this pull request as draft May 13, 2026 14:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@susnux susnux Awaiting requested review from susnux susnux is a code owner automatically assigned from nextcloud/server-frontend

@nfebe nfebe Awaiting requested review from nfebe nfebe is a code owner automatically assigned from nextcloud/server-frontend

@sorbaugh sorbaugh Awaiting requested review from sorbaugh sorbaugh is a code owner automatically assigned from nextcloud/server-frontend

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl is a code owner automatically assigned from nextcloud/server-backend

@salmart-dev salmart-dev Awaiting requested review from salmart-dev salmart-dev is a code owner automatically assigned from nextcloud/server-backend

At least 2 approving reviews are required to merge this pull request.

Assignees

@miaulalala miaulalala

Labels

2. developing Work in progress 32-feedback 33-feedback AI assisted enhancement feature: profile PRs or issues related to the Profile feature (e.g. Profile page, API, etc.)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@miaulalala