-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restrict poll functions to user's group. #658
Comments
Not at the moment. Restriction to polls for invited groups will be possible after the 1.0 release. |
Thank you for answering. Good to hear this point is in mind. I'd like to add that an option for the global administrator would be handy that polls do not leave the creating users group. The user itself should not be able to select the group(s) because the group names alone can be a security issue.Think of a setup where groups represent user domains. |
Why are group names a security risk? Can you clarify? With 1.0 a creator of a poll is able to invite groups and restrict the access to this group, if he wants. It is not intended to restrict the creators of a poll to create polls restricted to their groups. Please have in mind, that a user can be member of unlimited groups. What is developed: Poll owners will have the possibility to create hidden or visible polls with invitations and public links for site users, groups and external users. External users will create their own share link after providing their user name. |
We are hosting several domains. All users are members of their respective domain represented as a group named like the domain. We try to isolate the groups from each other as good as we can. It makes no sense in our environment that a member of domain A can invite a member of Domain B. If an account in one domain gets hacked it would be dead simple to find all hosted domains if there is some function where all the groups are shown. This opens up the possibility to find new to-be-hacked accounts. |
As we have no global admin settings for polls right now, this is something to implement first. And there are a couple of checks to be added and to test, so it is not that trivial. So don't expect this feature very soon. |
We also have trouble with this behavior. I think other apps like the forms app using this setting to prevent this behavior. |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
What is going wrong?
As far as I can see there is no option at all (for global administrator) to restrict polls created by users to their own group.
Expected behavior
A general config option to restrict polls to their creating user group.
Information about your polls installation
0.10.4
Fresh installation or update from a prior version (from which one)?
fresh
How did you install this version?(Appstore or describe installation)
appstore
Information about your Instance of Nextcloud/ownCloud
Nextcloud 14.0.14
The text was updated successfully, but these errors were encountered: