Nextcloud version (eg, 20.0.5) : 25.0.7
Operating system and version (eg, Ubuntu 20.04) : Debian 11
PHP version (eg, 7.4) : 8.1
I’m trying to make more restrictive our default privacy settings without having to disable profiles, but I’m failing. What I want to achieve is hide any user details by default, so if a non logged user access https://mynextcloudinstance.com/u/[user_id] just found a page with no details.
From user profile page is as simple as set all visibility settings as “Show only to users” and works fine. But the problem comes when I try to set it as default for every new user. I’ve followed the instructions indicated on admin_manual and set this in my config.php file
'account_manager.default_property_scope' => [
\OCP\Accounts\IAccountManager::PROPERTY_DISPLAYNAME => \OCP\Accounts\IAccountManager::SCOPE_PRIVATE,
\OCP\Accounts\IAccountManager::PROPERTY_ADDRESS => \OCP\Accounts\IAccountManager::SCOPE_PRIVATE,
\OCP\Accounts\IAccountManager::PROPERTY_WEBSITE => \OCP\Accounts\IAccountManager::SCOPE_PRIVATE,
\OCP\Accounts\IAccountManager::PROPERTY_EMAIL => \OCP\Accounts\IAccountManager::SCOPE_PRIVATE,
\OCP\Accounts\IAccountManager::PROPERTY_AVATAR => \OCP\Accounts\IAccountManager::SCOPE_PRIVATE,
\OCP\Accounts\IAccountManager::PROPERTY_PHONE => \OCP\Accounts\IAccountManager::SCOPE_PRIVATE,
\OCP\Accounts\IAccountManager::PROPERTY_TWITTER => \OCP\Accounts\IAccountManager::SCOPE_PRIVATE,
\OCP\Accounts\IAccountManager::PROPERTY_ORGANISATION => \OCP\Accounts\IAccountManager::SCOPE_PRIVATE,
\OCP\Accounts\IAccountManager::PROPERTY_ROLE => \OCP\Accounts\IAccountManager::SCOPE_PRIVATE,
\OCP\Accounts\IAccountManager::PROPERTY_HEADLINE => \OCP\Accounts\IAccountManager::SCOPE_PRIVATE,
\OCP\Accounts\IAccountManager::PROPERTY_BIOGRAPHY => \OCP\Accounts\IAccountManager::SCOPE_PRIVATE
]
But when I create a new user all visibility settings are the same than before: avatar, biography, headline, organization. role… are visible to anyone. Is just ignoring those scope settings.
I dive in database and found 2 different tables related to this topic: oc_accounts (which seems to store the “scope” related settings by user) and oc_profile_config (with seems to store user profile “visibility” settings
oc_accounts value for the new user stores “correct” settings, at least as I defined in config.php
{"displayname":{"value":"My new user name","scope":"v2-local","verified":"0"},"address":{"value":"","scope":"v2-private","verified":"0"},"website":{"value":"","scope":"v2-private","verified":"0"},"email":{"value":"mynewuser@email.com","scope":"v2-local","verified":"1"},"avatar":{"value":"","scope":"v2-private","verified":"0"},"phone":{"value":"","scope":"v2-private","verified":"0"},"twitter":{"value":"","scope":"v2-private","verified":"0"},"organisation":{"value":"","scope":"v2-private","verified":"0"},"role":{"value":"","scope":"v2-private","verified":"0"},"headline":{"value":"","scope":"v2-private","verified":"0"},"biography":{"value":"","scope":"v2-private","verified":"0"},"profile_enabled":{"value":"1","scope":"v2-local","verified":"0"}}
But oc_profile_visibilty stores a different one. The ones that make publicy available some private information.
{"talk":{"visibility":"show_users_only"},"email":{"visibility":"show_users_only"},"address":{"visibility":"show_users_only"},"avatar":{"visibility":"show"},"biography":{"visibility":"show"},"displayname":{"visibility":"show"},"headline":{"visibility":"show"},"organisation":{"visibility":"show"},"role":{"visibility":"show"},"phone":{"visibility":"show_users_only"},"twitter":{"visibility":"show"},"website":{"visibility":"show"}}
Maybe I’m missing some important concept? Is profile visibly a different setting from profile scope? Is it possible to set default visibility settings without having to completely disable profiles?
