subadmin cannot disable member of his group

[paurakhsharma]

This works fine using userprovisioning API but it is the case in webUI

Steps to reproduce

1. As an admin create a new group newgroup
2. As an admin create new user newuser
3. As an admin make the newuser subadmin of newgroup
4. As an admin assign anotheruser to newgroup
5. As an newuser try to disable anotheruser from newgroup

Expected behaviour

Should be able to disable the user

Actual behaviour

Cannot disable the user

Server configuration

Operating system: 17.10

Web server: Apache

Database: MySQL

PHP version: 7.1

ownCloud version: (see ownCloud admin page) 10.0.8.5

Where did you install ownCloud from: git

Client configuration

Browser:

Operating system:

Logs

Browser log

Request URL: http://localhost/core/index.php/settings/users/user3/enabled
Request Method: POST
Status Code: 403 Forbidden

Screenshot

[ownclouders]

GitMate.io thinks possibly related issues are #31016 (subadmin should be able to remove users from the group), #20282 (Allow non-admin users to see members of their groups), #31279 (Cannot see members of a group having special characters(@,/,&) in their name), #30558 (FIx wording if you are not a member of any groups), and #30551 (Fix wording if you are not a member of any groups).

[phil-davis]

IMO this is a missing feature for sub-admins. A sub-admin can delete any of the users in the group that they manage, so it seems logical that they should be able to do the "lesser" task of disabling a user and enabling them again.

Actually they can do it if they are nerds and sit at a command prompt and do curl commands to the Provisioning API.

This issue is about making it happen for subadmins in the webUI.

[phil-davis]

@paurakhsharma let's look at the current UI tests for the user's page and see how we can extend them to cover more of the "obvious" things that should have basic automated smoke tests.

[phil-davis]

Fixed in core stable10 by #31489
and user_management by owncloud-archive/user_management#30

Leaving this open for making some tests.

[paurakhsharma]

Yes I will look into it after some remaining tests on API sharing

[ownclouders]

Hey, this issue has been closed because the label status/STALE is set and there were no updates for 7 days. Feel free to reopen this issue if you deem it appropriate.

(This is an automated comment from GitMate.io.)

[phil-davis]

@individual-it you and @paurakhsharma could have a look at how to test this?

[phil-davis]

#33046 implements the test scenario in core stable10.
user_management PR owncloud-archive/user_management#86 implements the scenario or the up-coming user_management app, and skips it because it is currently broken there.