nextcloud
Provide a way to hide / remove the system address book globally
Describe the solution you'd like
The latest version v27 introduces the system address book or more specifically exposes it to every user as a separate address book named "accounts". This addressbook is also synced to client devices, like iOS, via CardDAV, which is something I don't want.
I'm missing a global switch to not expose this system address book for all users.
Ref https://github.com/nextcloud/server/issues/19575
To further elaborate on that point: I don't need this system address book on end devices and under iOS it has an undesired side effect: As the system address book is read-only, iOS no longer offers to use the Nextcloud CardDAV Account as default account for storing new contacts.
As the system address book is read-only, iOS no longer offers to use the Nextcloud CardDAV Account as default account for storing new contacts.
Do you not have any other writable address books?
https://docs.nextcloud.com/server/27/admin_manual/release_notes/upgrade_to_27.html#exposed-system-address-book doesn't disable the address book but the contents.
As the system address book is read-only, iOS no longer offers to use the Nextcloud CardDAV Account as default account for storing new contacts.
Do you not have any other writable address books?
I do have another, writable address book. E.g. for my own user, I currently have https://XXXX/remote.php/dav/addressbooks/users/michael/default/ (rw) https://XXXX/remote.php/dav/addressbooks/users/michael/z-server-generated--system/ (ro)
https://docs.nextcloud.com/server/27/admin_manual/release_notes/upgrade_to_27.html#exposed-system-address-book doesn't disable the address book but the contents.
How do I apply/restrict those enumeration settings? Will the read-only, system address book be gone completely or just empty? Does this break auto-completion when using sharing?
What I'm basically asking here is a way to not expose the system address book via CardDAV.
I do have another, writable address book. E.g. for my own user, I currently have https://XXXX/remote.php/dav/addressbooks/users/michael/default/ (rw) https://XXXX/remote.php/dav/addressbooks/users/michael/z-server-generated--system/ (ro)
And iOS won't allow you to use default as AB for storing new contacts?
The system AB uses sharing enumeration settings as privacy control. If you turn off enumeration the AB will only show the user's own contact. Autocompletion will be limited to what's allowed for the enumeration.
Hiding the full AB from the user's address book home is currently not supported.
And iOS won't allow you to use
defaultas AB for storing new contacts?
Correct. You can only select full CardDAV accounts, not individual address books. And the existence of a (single) ro address book makes iOS disregard that particular CardDAV account
Ouch. Do you know if that also happened before the system AB when someone shared an AB read-only with you?
Ouch. Do you know if that also happened before the system AB when someone shared an AB read-only with you?
I think so, yes. But I can double check with v26 if needed.
It would be interesting to know. If you have an instance at hand I'd appreciate clarity on that. I don't have an iOS device to test.
If this is relevant for this feature request, I'll try to setup a v26 later today.
Ok, so I had an older v26 instance still lying around. It shows the same problem if one activates the "recently contacted address book".
I "fixed" that in v26 by uninstalling the "Contacts Interaction" app.
After that, I can again select the Nextcloud CardDAV account as default account for new contacts on iOS.
That is unfortunate but good to know. I wonder if that is a bug in iOS or if this behavior actually makes sense. Could this be worth a new topic at https://discussions.apple.com/? I could not find existing discussion about it.
I guess this is a separate discussion to have and I do not want to derail this issue too much.
The issue with iOS is not the only reason why I want to not expose the system address book (via CardDAV).
The system AB uses sharing enumeration settings as privacy control. If you turn off enumeration the AB will only show the user's own contact. Autocompletion will be limited to what's allowed for the enumeration.
Ok, thanks. So this mechanism will not work for me as I do want to have autocompletion work for file sharing.
The system AB uses sharing enumeration settings as privacy control. If you turn off enumeration the AB will only show the user's own contact. Autocompletion will be limited to what's allowed for the enumeration.
Ok, thanks. So this mechanism will not work for me as I do want to have autocompletion work for file sharing.
fwiw, I tried that for a user: I switched all profile settings to hidden, but the contact still showed up in the global SAB (even after running occ dav:sync-system-addressbook). So it appears this mechanism doesn't actually work.
The scope is the one next to the heading of the property, not the profile visibility:
Interesting and thanks for the hint. A bit confusing that there are two ways to control this functionality.
That said, if I e.g. want to hide an email address, that is not possible:
Also, this approach is not going to work for me anyway, so I'll leave it at that, to keep the RFE focussed on the original issue.
To further elaborate on that point: I don't need this system address book on end devices and under iOS it has an undesired side effect: As the system address book is read-only, iOS no longer offers to use the Nextcloud CardDAV Account as default account for storing new contacts.
So I can choose Nextcloud as default address book in iOS (16.5) even if I have activated recently contacted adress book (as a read-only-address-book).
I added Nextcloud CardDav "account" as main "List" in my iPhone I created a new contact from iPhone, found it on the Nextcloud WebUi Then deleted the contact on the iPhone and it got deleted from Nextcloud too I used IOS 16.5 and nc.cloud.com
Nextcloud 26 without Contacts Integration:
Nexcloud with Contacts Integration enabled (i.e. it has a read-only address book now)
The same problem shows with Nextcloud 27, only there I can't disable the SAB
There is another issue with a globally visible system address book: duplicate contacts.
I'm running a small Nextcloud instance for my family and friends. I sync my iPhone/Mac/... address book with my instance via CardDAV, having a contact "Erika Mustermann" with several phone numbers, email addresses etc.
"Erika Mustermann" also has an account on my Nextcloud to do the same, so now I see two contacts with the same name on my devices. (I can manually link them, at least on iOS, but I don't think that's a good solution.)
I even thought about using only the contacts based on Nextcloud accounts for people affected by this issue, but you can't put several phone numbers or a street address into the Nextcloud profile. Also, you have to rely on the account owners to maintain their profiles since these entries are read-only for everyone else.
TL;DR: I strongly support a solution to hide/disable the system address book again.
We can add a config switch to disable the system address book globally.
Just to understand @ChristophWurst – this is not a fix for the read-only system address book not working on iOS, correct? Any idea what we could do there? Maybe @marinofaggiana @Ivansss do you have insight here?
I even thought about using only the contacts based on Nextcloud accounts for people affected by this issue, but you can't put several phone numbers or a street address into the Nextcloud profile.
@accolon could you open an issue about that on https://github.com/nextcloud/server/issues/ ? It would be an enhancement to the Nextcloud profile cc @Pytal
Any idea what we could do there?
Since iOS is closed source, I don't think you can actually do anything about the iOS issue regarding read-only address books.
That said, the wish for having a switch to turn off the SAB is not only this iOS behaviour. As was mentioned elsewhere, in some cases, you simply don't want to export the SAB for other reasons.
So, in conclusion: simply provide a switch to turn off SAB (via CardDAV), and I'd be happy
Really looking forward to switch this off. No idea for what reason / on which purpose it has been implemented (there might be good reasons for collaboration), but for a well-managed instance the downsides are just too much, also if it's "only" duplicate/redundanct contacts not being able to deduplicate. Quite annoying, at least it was listed at https://docs.nextcloud.com/server/latest/admin_manual/release_notes/upgrade_to_27.html - so someone writing that already thought "well, this might be not for everyone... let's tell the people" - and he was absolutely right :-)
- Any workaround?
- I don't want all users to temporarily set all their profile information to private (as this would also have an impact on auto-completion, usage in file sharing or Talk etc. etc.)...
- Would the deletion of the "Accounts" addressbook (URL
/remote.php/dav/addressbooks/users/Username/z-server-generated--system/) work? Not confident enough for the moment as I'm not sure if it will have side effects...
- Any estimation for the global SAB turn-off switch?
Maybe as compromise would be to have a per user configuration option for the SAB so one could easily disable this address book. That feature is already implemented so this could potentially speed-up the "get rid of redundant SAB generated contacts on all my synced endpoints", couldn't it?
There needs to be a way to hide/disable the system address book, it just does not make any sense in some cases. Especially since it is not a „global address book“ but a list of user accounts which cannot be altered in any way.
On iOS this causes an additional contact list „Accounts“ which all user account names without any additional data (profiles are disabled), and even with some users twice in the list (I have no clue why). So in the unified contacts view these contacts are listed 3 times, which is very annoying and confusing.
I see that for some users this features might be helpful, but it really should be optional.
