Nextcloud - Onlyoffice menu as user not like as admin?

Hi,
I would like to know if i have a wrong configuration?
The problem I face is the following:
As an Administrator, when I open a document, I have the following menu:
image
As a user, I do not have the menu, Why?


Here is my configuration:
For nextcloud:

version: "2.4"

services:

  nc:
    image: nextcloud:production-apache
#    image: nextcloud:fpm-alpine
    mem_limit: 2G
    container_name: nc
    restart: unless-stopped
    environment:
      - MYSQL_DB=nextcloud
      - MYSQL_USER=nc
      - MYSQL_PASSWORD=DB_PASSWORD
      - MYSQL_HOST=nc_mariadb
      - NEXTCLOUD_ADMIN_USER=ADMIN
      - NEXTCLOUD_ADMIN_PASSWORD=ADMIN_PASSWORD
      - NEXTCLOUD_TRUSTED_DOMAINS="YOUR NEXTCLOUD DOMAIN"
      - REDIS_HOST=nc_redis
      - REDIS_HOST_PORT=6379
      - SMTP_HOST=SMTP_HOST_IP_OR_NAME
      - SMTP_SECURE=ssl
      - SMTP_PORT=465
      - SMTP_AUTHTYPE=LOGIN
      - SMTP_NAME=SMTP_LOGIN
      - SMTP_PASSWORD=SMTP_LOGIN_PASSWORD
      - MAIL_FROM_ADDRESS=noreply-nc
      - MAIL_DOMAIN="YOUR NEXTCLOUD DOMAIN"
    depends_on:
      - nc-mariadb
      - nc-redis
    volumes:
      - nc_www:/var/www/html
      - $PWD/custom_apps/:/var/www/html/custom_apps/
      - $PWD/config/:/var/www/html/config/
      - $PWD/data/:/var/www/html/data/
      - $PWD/log/nextcloud.log:/var/log/nextcloud.log
      - /var/run/clamav/:/var/run/clamav/
    labels:
      - traefik.enable=true
      - traefik.docker.network=01_front
      - traefik.port=80
      # Entrypoint and TLS
      - traefik.http.routers.nc.entrypoints=http,https
      - traefik.http.routers.nc.rule=Host(`YOUR NEXTCLOUD DOMAIN`)
      - traefik.http.routers.nc.tls=true
      - traefik.http.routers.nc.tls.certresolver=le
      # Service
      - traefik.http.services.nc.loadbalancer.server.port=80
      # Middlewares
      - traefik.http.routers.nc.middlewares=force-https,nc,dav,webdav
      # Middlewares nc force https and adds additional headers
      - traefik.http.middlewares.force-https.redirectscheme.scheme=https
      - traefik.http.middlewares.force-https.redirectscheme.permanent=true
      - traefik.http.middlewares.nc.headers.customrequestheaders.Forwarded-Proto=https
      - traefik.http.middlewares.nc.headers.customFrameOptionsValue=SAMEORIGIN
      - traefik.http.middlewares.nc.headers.framedeny=true
      - traefik.http.middlewares.nc.headers.sslredirect=true
      - traefik.http.middlewares.nc.headers.stsincludesubdomains=true
      - traefik.http.middlewares.nc.headers.stspreload=true
      - traefik.http.middlewares.nc.headers.stsseconds=15552000
      - traefik.http.middlewares.nc.headers.contentTypeNosniff=true
      - traefik.http.middlewares.nc.headers.sslHost"=YOUR NEXTCLOUD DOMAIN"
      - traefik.http.middlewares.nc.headers.sslForceHost=true
      # Middleware nc-dav replaces .well-known paths for caldav and carddav with proper nextcloud path
      - traefik.http.middlewares.dav.replacepathregex.regex=^/.well-known/ca(l|rd)dav
      - traefik.http.middlewares.dav.replacepathregex.replacement=/remote.php/dav/
      - traefik.http.middlewares.webdav.replacepathregex.regex=^/.well-known/webdav
      - traefik.http.middlewares.webdav.replacepathregex.replacement=/remote.php/dav/

    networks:
      - 01_front
      - app
      - db

  nc-mariadb:
    image: mariadb:10.5
    container_name: nc_mariadb
    restart: always
    volumes:
      - /media/vm/database/nc/:/var/lib/mysql/
    environment:
      - MYSQL_ROOT_PASSWORD=ROOT_PASSWORD
      - MYSQL_PASSWORD=DB_PASSWORD
      - MYSQL_DATABASE=nextcloud
      - MYSQL_USER=nc
      #- MYSQL_ROOT_HOST=%
#    command: --skip-grant-tables
#    command: mysqld --innodb-buffer-pool-size=2048M
    networks:
      - db

  nc-cron:
    image: nextcloud:production-apache
    container_name: nc_cron
    entrypoint: /cron.sh
    volumes:
      - nc_www:/var/www/html
      - $PWD/custom_apps/:/var/www/html/custom_apps/
      - $PWD/config/:/var/www/html/config/
      - $PWD/data/:/var/www/html/data/
      - $PWD/log/nextcloud.log:/var/log/nextcloud.log
      - /var/run/clamav/:/var/run/clamav/
    depends_on:
      - nc-mariadb
      - nc-redis
    networks:
      - app
      - db
    labels:
        - "traefik.enable=false"

  nc-adminer:
    image: adminer
    restart: always
    container_name: nc_adminer
    ports:
      - 8080
    labels:
      - traefik.enable=true
      - traefik.port=8080
      # Entrypoint and TLS
      - traefik.http.routers.nc-adminer.entrypoints=http,https
      - traefik.http.routers.nc-adminer.rule=(Host(`YOUR NEXTCLOUD DOMAIN`) && PathPrefix(`/adminer`))
      - traefik.http.routers.nc-adminer.tls=true
      - traefik.http.routers.nc-adminer.tls.certresolver=le
      # service
      - traefik.http.services.nc-adminer.loadbalancer.server.port=8080
      # Middlewares
      - traefik.http.routers.nc-adminer.middlewares=force-https,nc-known-ip,nc-adminer,nc-adminer-chain
      # Middlewares nc force https and adds additional headers
      - traefik.http.middlewares.nc-adminer-chain.chain.middlewares=force-https,nc-known-ip,nc-adminer
      - traefik.http.middlewares.nc-known-ip.ipwhitelist.sourcerange=192.168.100.0/24, 192.168.200.0/24, 2a01:e34:ec45:c881::/64
      - traefik.http.middlewares.force-https.redirectscheme.scheme=https
      - traefik.http.middlewares.force-https.redirectscheme.permanent=true
      - traefik.http.middlewares.nc-adminer.headers.customrequestheaders.Forwarded-Proto=https
      - traefik.http.middlewares.nc-adminer.headers.customFrameOptionsValue=SAMEORIGIN
      - traefik.http.middlewares.nc-adminer.headers.framedeny=true
      - traefik.http.middlewares.nc-adminer.headers.sslredirect=true
      - traefik.http.middlewares.nc-adminer.headers.stsincludesubdomains=true
      - traefik.http.middlewares.nc-adminer.headers.stspreload=true
      - traefik.http.middlewares.nc-adminer.headers.stsseconds=15552000
    networks:
      - 01_front
      - db


  nc-redis:
    image: redis:alpine
    mem_limit: 50M
    mem_reservation: 20M
    container_name: nc_redis
    restart: unless-stopped
    volumes:
      - /media/vm/database/nc_redis:/data
    networks:
      - db

  nc-clamav:
    image: "quay.io/ukhomeofficedigital/clamav:latest"
    container_name: nc_clamav
    volumes:
      - /var/run/clamav/:/var/run/clamav/
    restart: unless-stopped
    environment:
      - CLAMD_SETTINGS_CSV="LocalSocket=/var/run/clamav/clamd.ctl"
 
networks:
  default:
    external:
      name: 01_front
  01_front:
    external: true
  app:
    external: true
  db:
    external: true

volumes:
  nc_www:

For OnlyOffice:

version: '2'
services:
  onlyoffice:
    container_name: onlyoffice
    image: onlyoffice/documentserver:latest
    stdin_open: true
    tty: true
    restart: always
    environment:
      - DB_TYPE=postgres
      - DB_HOST=onlyoffice-postgresql
      - DB_PORT=5432
      - DB_NAME=onlyoffice
      - DB_USER=onlyoffice
      - DB_PWD=PASSWORD
      - AMQP_TYPE=rabbitmq
      - AMQP_URI=amqp://rabbitmq:PASSWORD@onlyoffice-rabbitmq
      - REDIS_SERVER_HOST=onlyoffice-redis
      - REDIS_SERVER_PORT=6379
      # Uncomment strings below to enable the JSON Web Token validation.
      - JWT_ENABLED=true
      - JWT_SECRET=JWT_SECRET
      - JWT_HEADER=Authorization
      - JWT_IN_BODY=true
    networks:
      - 01_front
      - db
#    ports:
#      - 80
    volumes:
      - $PWD/data:/var/www/onlyoffice/Data
      - $PWD/log:/var/log/onlyoffice
      - $PWD/cache:/var/lib/onlyoffice/documentserver/App_Data/cache/files
      - $PWD/document_fonts:/usr/share/fonts/truetype/custom
    labels:
      - traefik.enable=true
      - traefik.docker.network=01_front
      - traefik.port=80
      # Entrypoint and TLS
      - traefik.http.routers.oo.entrypoints=http,https
      - traefik.http.routers.oo.rule=Host(`YOUR_OO_DOMAIN`)
      - traefik.http.routers.oo.tls=true
      - traefik.http.routers.oo.tls.certresolver=le
      # Service
      - traefik.http.services.oo.loadbalancer.server.port=80
      - traefik.http.services.oo.loadbalancer.passhostheader=true
      # Middlewares
      - traefik.http.routers.oo.middlewares=force-https,oo
      # Middlewares nc force https and adds additional headers
      - traefik.http.middlewares.force-https.redirectscheme.scheme=https
      - traefik.http.middlewares.force-https.redirectscheme.permanent=true
      - traefik.http.middlewares.oo.headers.customrequestheaders.X-Forwarded-Proto=https
      # Not mandatory, it work without the following headers.
      - traefik.http.middlewares.oo.headers.sslredirect=true
      - traefik.http.middlewares.oo.headers.stspreload=true
      - traefik.http.middlewares.oo.headers.stsseconds=15552000

  onlyoffice-redis:
    image: redis:alpine
    container_name: onlyoffice-redis
    mem_limit: 50M
    mem_reservation: 20M
    restart: unless-stopped
    volumes:
      - /media/vm/database/oo_redis:/data
    networks:
      - 01_front

  onlyoffice-rabbitmq:
    container_name: onlyoffice-rabbitmq
    image: rabbitmq
    restart: always
    environment:
      RABBITMQ_DEFAULT_USER: rabbitmq
      RABBITMQ_DEFAULT_PASS: PASSWORD
    networks:
      - 01_front

  onlyoffice-postgresql:
    image: postgres:12-alpine
    container_name: onlyoffice-postgresql
    restart: unless-stopped
    environment:
      POSTGRES_DB: onlyoffice
      POSTGRES_USER: onlyoffice
      POSTGRES_PASSWORD: PASSWORD
    volumes:
      - /media/vm/database/oo:/var/lib/postgresql/data
    networks:
      - db
networks:
  default:
    external:
      name: 01_front
  01_front:
    external: true
  db:
    external: true

Thanks