Sharing Files, secure cloud from spammers & brute force attack

In nextcloud software users are allowed to share/spam files with any group and user to just entering/guess the name in the sharing field even “Allow username auto-completion in share dialog” is disabled.

Group Level Sharing
That would be great if we stop X users to share files with it own/any group until user X is a member of group Z and members of group Z are allowed to share files within their group. We need a option where we can deploy user sharing policy on the group level.

User Level Sharing
Let say Alger like to share something with Anastasia then he must mention her email address rather than name/username.

We need to stop spammers keep guessing group and users usernames/names and spam others. I am not sure but maybe guessing other user name/username in sharing box will open a door to brute force attack.