[QA] guests have access to customgroups without whitelisting

[jnweiger]

Seen with core 10.11.0-beta.2 (and rc.1) while testing owncloud/core#40257
guests 0.11.0
customgroups 0.6.2 and also 0.7.0

Follow the reproducer steps in the 'How has this been tested`section:

• Enable customgroups. Make sure its not listed as whitelisted apps in guest configuration.
  • the guests whitelist under Settings -> Sharing is: [settings,avatar,files_external,files_trashbin,files_versions,files_sharing,files_texteditor,activity,firstrunwizard,gallery,notifications,password_policy,oauth2,files_pdfviewer,files_mediaviewer,richdocuments,onlyoffice,wopi,oco_selfservice,twofactor_totp]
• As guest user navigate to the settings page.
• The settings page should not show customgroups. And it does not.
  • ⛔ guest user sees customgrous and can create customgroups

[jnweiger]

@pmaier1 reproduced with guests-0.11.0 customgroups-0.7.0 and core-10.11.0-rc.1

I recommend to remove this item from the Releasenotes, or have someone doublecheck the implementation.

[phil-davis]

@jnweiger I can't get it to work for me now. I thought that I checked it back when I cherry-picked and rebased the code from PR #36258 to PR #40257

I looked through the code, and I don't really understand how it fits together. The core code adds a specific reference to "whitelistedAppsForGuests" that should be in the array returned by $user->getExtendedAttributes() - but I don't see anywhere that will set that. Guests app has code that processes the guests app setting called "whitelist".

@jvillafanez do you remember about PR #36258 ? Is there supposed to be some guests app code that is also needed to make this work?

Found it - #371 - I will rebase and see if I can get it working...

[phil-davis]

It is looking good so far. PR #518 is a rebase of PR #371 - after merging that, we will need to release guests 0.12.0 to go with core 10.11.

@jnweiger is the guests app bundled in the core tarball these days?

[jnweiger]

It is looking good so far. PR #518 is a rebase of PR #371 - after merging that, we will need to release guests 0.12.0 to go with core 10.11.

@jnweiger is the guests app bundled in the core tarball these days?

Yes, I'll roll 10.11.0-rc.2 with the updated guests app.