Security problem / sharing options
In my opinion. I am not a software developer, but admin and user.
When combining the options
"Restrict users to share only with users in their group"
and
"Allow username autocompletion in share dialog." If this is disabled
the full username or email address needs to be entered "
If I enter the name with autocomplete when sharing, all hits for all users are displayed. Also the users of groups with whom I may not share. With it I can find out all users (with email) about all groups.
I would expect autocomplete to show only the users allowed to share.
Is this a security bug or how can I prevent it?