fix(Collaboration\UserPlugin): ensure full match is included in results

When searching we need to:
1. check if sharing is limited to groups
  - if yes only include those
  - otherwise continue
2. check if there are restrictions to groups or phonebook
3. check if full match is included

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

Author: susnux

apps/settings/lib/Settings/Admin/Sharing.php

@@ -37,6 +37,8 @@ public function getForm() {
 		$excludedPasswordGroups = $this->config->getAppValue('core', 'shareapi_enforce_links_password_excluded_groups', '');
 		$onlyShareWithGroupMembersExcludeGroupList = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', '');
 
+		/** @var \OC\Share20\Manager */
+		$share20Manager = $this->shareManager;
 		$parameters = [
 			// Built-In Sharing
 			'enabled' => $this->getHumanBooleanConfig('core', 'shareapi_enabled', true),
@@ -49,7 +51,7 @@ public function getForm() {
 			'restrictUserEnumerationToGroup' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_to_group'),
 			'restrictUserEnumerationToPhone' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_to_phone'),
 			'restrictUserEnumerationFullMatch' => $this->shareManager->allowEnumerationFullMatch(),
-			'restrictUserEnumerationFullMatchUserId' => $this->shareManager->matchUserId(),
+			'restrictUserEnumerationFullMatchUserId' => $share20Manager->matchUserId(),
 			'restrictUserEnumerationFullMatchEmail' => $this->shareManager->matchEmail(),
 			'restrictUserEnumerationFullMatchIgnoreSecondDN' => $this->shareManager->ignoreSecondDisplayName(),
 			'enforceLinksPassword' => Util::isPublicLinkPasswordRequired(false),

lib/private/Collaboration/Collaborators/UserPlugin.php

@@ -62,8 +62,10 @@ public function search($search, $limit, $offset, ISearchResult $searchResult): b
 		$users = [];
 		$hasMoreResults = false;
 
-		$currentUserId = $this->userSession->getUser()->getUID();
-		$currentUserGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
+		/** @var IUser */
+		$currentUser = $this->userSession->getUser();
+		$currentUserId = $currentUser->getUID();
+		$currentUserGroups = $this->groupManager->getUserGroupIds($currentUser);
 
 		// ShareWithGroupOnly filtering
 		$currentUserGroups = array_diff($currentUserGroups, $this->shareWithGroupOnlyExcludeGroupsList);
@@ -75,7 +77,7 @@ public function search($search, $limit, $offset, ISearchResult $searchResult): b
 				foreach ($usersInGroup as $userId => $displayName) {
 					$userId = (string)$userId;
 					$user = $this->userManager->get($userId);
-					if (!$user->isEnabled()) {
+					if (!$user?->isEnabled()) {
 						// Ignore disabled users
 						continue;
 					}
@@ -85,37 +87,43 @@ public function search($search, $limit, $offset, ISearchResult $searchResult): b
 					$hasMoreResults = true;
 				}
 			}
+		}
 
-			if (!$this->shareWithGroupOnly && $this->shareeEnumerationPhone) {
-				$usersTmp = $this->userManager->searchKnownUsersByDisplayName($currentUserId, $search, $limit, $offset);
-				if (!empty($usersTmp)) {
+		// not limited to group only sharing
+		if (!$this->shareWithGroupOnly) {
+			if (!$this->shareeEnumerationPhone && !$this->shareeEnumerationInGroupOnly) {
+				// no restrictions, add everything
+				$usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
+				foreach ($usersTmp as $user) {
+					if ($user->isEnabled()) { // Don't keep deactivated users
+						$users[$user->getUID()] = $user;
+					}
+				}
+			} else {
+				// make sure to add phonebook matches if configured
+				if ($this->shareeEnumerationPhone) {
+					$usersTmp = $this->userManager->searchKnownUsersByDisplayName($currentUserId, $search, $limit, $offset);
 					foreach ($usersTmp as $user) {
 						if ($user->isEnabled()) { // Don't keep deactivated users
 							$users[$user->getUID()] = $user;
 						}
 					}
-
-					uasort($users, function ($a, $b) {
-						/**
-						 * @var \OC\User\User $a
-						 * @var \OC\User\User $b
-						 */
-						return strcasecmp($a->getDisplayName(), $b->getDisplayName());
-					});
 				}
-			}
-		} else {
-			// Search in all users
-			if ($this->shareeEnumerationPhone) {
-				$usersTmp = $this->userManager->searchKnownUsersByDisplayName($currentUserId, $search, $limit, $offset);
-			} else {
-				$usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
-			}
-			foreach ($usersTmp as $user) {
-				if ($user->isEnabled()) { // Don't keep deactivated users
-					$users[$user->getUID()] = $user;
+
+				// additionally we need to add full matches
+				if ($this->shareeEnumerationFullMatch) {
+					$usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
+					foreach ($usersTmp as $user) {
+						if ($user->isEnabled() && mb_strtolower($user->getDisplayName()) === mb_strtolower($search)) {
+							$users[$user->getUID()] = $user;
+						}
+					}
 				}
 			}
+
+			uasort($users, function (IUser $a, IUser $b) {
+				return strcasecmp($a->getDisplayName(), $b->getDisplayName());
+			});
 		}
 
 		$this->takeOutCurrentUser($users);
@@ -147,11 +155,14 @@ public function search($search, $limit, $offset, ISearchResult $searchResult): b
 
 
 			if (
-				$this->shareeEnumerationFullMatch &&
-				$lowerSearch !== '' && (strtolower($uid) === $lowerSearch ||
-				strtolower($userDisplayName) === $lowerSearch ||
-				($this->shareeEnumerationFullMatchIgnoreSecondDisplayName && trim(strtolower(preg_replace('/ \(.*\)$/', '', $userDisplayName))) === $lowerSearch) ||
-				($this->shareeEnumerationFullMatchEmail && strtolower($userEmail ?? '') === $lowerSearch))
+				$this->shareeEnumerationFullMatch
+				&& $lowerSearch !== ''
+				&& (
+					strtolower($uid) === $lowerSearch
+					|| strtolower($userDisplayName) === $lowerSearch
+					|| ($this->shareeEnumerationFullMatchIgnoreSecondDisplayName && trim(strtolower(preg_replace('/ \(.*\)$/', '', $userDisplayName))) === $lowerSearch)
+					|| ($this->shareeEnumerationFullMatchEmail && strtolower($userEmail ?? '') === $lowerSearch)
+				)
 			) {
 				if (strtolower($uid) === $lowerSearch) {
 					$foundUserById = true;