fix: Unify handling of exclude groups in contacts menu and sharing

If the current user belongs to both one or more groups excluded from
sharing and one or more groups not excluded from sharing the user is
allowed to share. However, in the contacts menu, as soon as the current
user belonged to a group excluded from sharing the user could not search
for local contacts. This has been unified now with the sharing
behaviour, so local contacts can still be searched if the user also
belongs to a group not excluded from sharing (or to no group at all,
which was also allowed before).

Signed-off-by: Daniel Calviño Sánchez <[email protected]>

Author: danxuliu

build/integration/features/contacts-menu.feature

@@ -103,7 +103,7 @@ Feature: contacts-menu
     And searching for contacts matching with "test"
     Then the list of searched contacts has "0" contacts
 
-  Scenario: users can not be searched by display name when searcher belongs to both a group excluded from sharing and another group
+  Scenario: users can be searched by display name when searcher belongs to both a group excluded from sharing and another group
     Given user "user0" exists
     And group "ExcludedGroup" exists
     And user "user0" belongs to group "ExcludedGroup"
@@ -118,9 +118,10 @@ Feature: contacts-menu
       | value | Test name |
     When Logging in using web as "user0"
     And searching for contacts matching with "test"
-    Then the list of searched contacts has "0" contacts
+    Then the list of searched contacts has "1" contacts
+    And searched contact "0" is named "Test name"
 
-  Scenario: users can not be searched by email when searcher belongs to both a group excluded from sharing and another group
+  Scenario: users can be searched by email when searcher belongs to both a group excluded from sharing and another group
     Given user "user0" exists
     And group "ExcludedGroup" exists
     And user "user0" belongs to group "ExcludedGroup"
@@ -135,7 +136,8 @@ Feature: contacts-menu
       | value | test@example.com |
     When Logging in using web as "user0"
     And searching for contacts matching with "test"
-    Then the list of searched contacts has "0" contacts
+    Then the list of searched contacts has "1" contacts
+    And searched contact "0" is named "user1"
 
   Scenario: users can not be searched by display name when searcher does not belong to a group allowed to share
     Given user "user0" exists

lib/private/Contacts/ContactsMenu/ContactsStore.php

@@ -149,7 +149,7 @@ public function getContacts(IUser $user, ?string $filter, ?int $limit = null, ?i
 	 *  1. if the `shareapi_allow_share_dialog_user_enumeration` config option is
 	 * enabled it will filter all local users
 	 *  2. if the `shareapi_exclude_groups` config option is enabled and the
-	 * current user is in an excluded group it will filter all local users.
+	 * current user is only in excluded groups it will filter all local users.
 	 *  3. if the `shareapi_only_share_with_group_members` config option is
 	 * enabled it will filter all users which doesn't have a common group
 	 * with the current user.
@@ -184,8 +184,8 @@ private function filterContacts(
 			$excludeGroupsList = $decodedExcludeGroups ?? [];
 
 			if ($excludeGroups != 'allow') {
-				if (count(array_intersect($excludeGroupsList, $selfGroups)) !== 0) {
-					// a group of the current user is excluded -> filter all local users
+				if (count($selfGroups) > 0 && count(array_diff($selfGroups, $excludeGroupsList)) === 0) {
+					// all the groups of the current user are excluded -> filter all local users
 					$skipLocal = true;
 				}
 			} else {

tests/lib/Contacts/ContactsMenu/ContactsStoreTest.php

@@ -195,18 +195,18 @@ public static function dataGetContactsWhenUserIsInExcludeGroups(): array {
 			['yes', '["excludedGroup1"]', ['anotherGroup1'], ['user123', 'user12345']],
 			['yes', '["excludedGroup1"]', ['anotherGroup1', 'anotherGroup2', 'anotherGroup3'], ['user123', 'user12345']],
 			['yes', '["excludedGroup1"]', ['excludedGroup1'], []],
-			['yes', '["excludedGroup1"]', ['anotherGroup1', 'excludedGroup1'], []],
-			['yes', '["excludedGroup1"]', ['excludedGroup1', 'anotherGroup1', 'anotherGroup2', 'anotherGroup3'], []],
+			['yes', '["excludedGroup1"]', ['anotherGroup1', 'excludedGroup1'], ['user123', 'user12345']],
+			['yes', '["excludedGroup1"]', ['excludedGroup1', 'anotherGroup1', 'anotherGroup2', 'anotherGroup3'], ['user123', 'user12345']],
 			['yes', '["excludedGroup1", "excludedGroup2", "excludedGroup3"]', [], ['user123', 'user12345']],
 			['yes', '["excludedGroup1", "excludedGroup2", "excludedGroup3"]', ['anotherGroup1'], ['user123', 'user12345']],
 			['yes', '["excludedGroup1", "excludedGroup2", "excludedGroup3"]', ['anotherGroup1', 'anotherGroup2', 'anotherGroup3'], ['user123', 'user12345']],
 			['yes', '["excludedGroup1", "excludedGroup2", "excludedGroup3"]', ['excludedGroup1'], []],
 			['yes', '["excludedGroup1", "excludedGroup2", "excludedGroup3"]', ['excludedGroup2'], []],
 			['yes', '["excludedGroup1", "excludedGroup2", "excludedGroup3"]', ['excludedGroup3'], []],
 			['yes', '["excludedGroup1", "excludedGroup2", "excludedGroup3"]', ['excludedGroup1', 'excludedGroup2', 'excludedGroup3'], []],
-			['yes', '["excludedGroup1", "excludedGroup2", "excludedGroup3"]', ['anotherGroup1', 'excludedGroup1'], []],
-			['yes', '["excludedGroup1", "excludedGroup2", "excludedGroup3"]', ['anotherGroup1', 'excludedGroup2', 'anotherGroup2', 'anotherGroup3'], []],
-			['yes', '["excludedGroup1", "excludedGroup2", "excludedGroup3"]', ['excludedGroup3', 'anotherGroup1', 'anotherGroup2', 'anotherGroup3'], []],
+			['yes', '["excludedGroup1", "excludedGroup2", "excludedGroup3"]', ['anotherGroup1', 'excludedGroup1'], ['user123', 'user12345']],
+			['yes', '["excludedGroup1", "excludedGroup2", "excludedGroup3"]', ['anotherGroup1', 'excludedGroup2', 'anotherGroup2', 'anotherGroup3'], ['user123', 'user12345']],
+			['yes', '["excludedGroup1", "excludedGroup2", "excludedGroup3"]', ['excludedGroup3', 'anotherGroup1', 'anotherGroup2', 'anotherGroup3'], ['user123', 'user12345']],
 			['allow', '[]', [], []],
 			['allow', '["allowedGroup1"]', [], []],
 			['allow', '["allowedGroup1"]', ['anotherGroup1'], []],