fix(settings): save the guest allowlist again and add a default quota selector

README.md

@@ -23,7 +23,7 @@ The app is published in the [app store](https://apps.nextcloud.com/apps/guests).
 
 ## Development
 
-Development is ongoing. A [CHANGELOG](https://github.com/nextcloud/guests/blob/master/CHANGELOG.md) covers the highlights. [New releases are also published](https://github.com/nextcloud-releases/guests/releases) on GitHub.
+Development is ongoing. A [CHANGELOG](https://github.com/nextcloud/guests/blob/main/CHANGELOG.md) covers the highlights. [New releases are also published](https://github.com/nextcloud-releases/guests/releases) on GitHub.
 
 ## Usage
 
@@ -43,12 +43,12 @@ Optionally, when creating a guest the following values may also be specified:
 
 Admins/Group admins also may:
 
-* specify the group(s) to put the guest user in (see [Guest specific behavior and configuration](https://github.com/nextcloud/guests/blob/master/README.md#guest-specific-behavior-and-configuration) for details).
+* specify the group(s) to put the guest user in (see [Guest specific behavior and configuration](https://github.com/nextcloud/guests/blob/main/README.md#guest-specific-behavior-and-configuration) for details).
 
 ![image](https://github.com/nextcloud/guests/assets/1731941/68edbd4f-fedc-45f0-8241-2e1cd12d04de)
 
 > [!WARNING]
-> While it is easy to create a new Guest, it's important to understand the default behavior and how guests interact with other features in Nextcloud. See [Guest specific behavior and configuration](https://github.com/nextcloud/guests/blob/master/README.md#guest-specific-behavior-and-configuration) for details.
+> While it is easy to create a new Guest, it's important to understand the default behavior and how guests interact with other features in Nextcloud. See [Guest specific behavior and configuration](https://github.com/nextcloud/guests/blob/main/README.md#guest-specific-behavior-and-configuration) for details.
 
 ### Deleting a guest
 
@@ -150,6 +150,24 @@ to list users within that group (and, for example, share files with those users)
 
 As a result, guests will be able to see each other as they are part of the same `guest` group. To prevent that behavior, you can add the `guest` group to the "Exclude groups from sharing" settings. You can find more information in [our documentation about sharing](https://docs.nextcloud.com/server/21/admin_manual/configuration_files/file_sharing_configuration.html).
 
+### Default quota for new guests
+
+New guest accounts are created with a default storage quota. This default comes from the **Quick presets** configuration (*Administration → Quick presets*), where it is listed as *"set default disk quota assigned to guest account at its creation"* (`guest_quota`). Its value depends on the selected preset: the **Default** preset uses `0 B`, while organization or family presets use a non-zero quota such as `1 GB` or `10 GB`. As a result, on many instances guests no longer receive `0 B` automatically.
+
+Administrators can review and override this default under **Administration settings → Guests → "Default quota for new guest accounts"**: pick a preset (the *Default* entry shows the current preset value), *Unlimited*, or enter a custom size such as `500 MB`.
+
+It can also be set on the command line:
+
+```
+occ config:app:set guests guest_quota --value "500 MB"
+```
+
+Remove the override to fall back to the Quick presets default again:
+
+```
+occ config:app:delete guests guest_quota
+```
+
 ### Converting guest users to full users
 
 Guest users can be automatically converted into full users (provided by any other user back end like SAML, LDAP, OAuth, database...) on their **first** login. When this happens they will retain their shares.

lib/Config.php

@@ -9,6 +9,7 @@
 
 namespace OCA\Guests;
 
+use OCA\Guests\AppInfo\Application;
 use OCP\AppFramework\Services\IAppConfig;
 use OCP\Group\ISubAdmin;
 use OCP\IAppConfig as IGlobalAppConfig;
@@ -51,6 +52,47 @@ public function setHideOtherUsers(bool $hide): void {
 		$this->appConfig->setAppValueBool(ConfigLexicon::HIDE_OTHER_ACCOUNTS, $hide);
 	}
 
+	/**
+	 * Currently configured default quota for new guest accounts. Returns the
+	 * explicit override if one is set, otherwise the preset-derived default.
+	 */
+	public function getGuestQuota(): string {
+		return $this->appConfig->getAppValueString(ConfigLexicon::GUEST_DISK_QUOTA);
+	}
+
+	/**
+	 * Whether an explicit default quota is stored, as opposed to falling back
+	 * to the preset-derived default from the config lexicon.
+	 */
+	public function hasGuestQuotaOverride(): bool {
+		return $this->globalAppConfig->hasKey(Application::APP_ID, ConfigLexicon::GUEST_DISK_QUOTA);
+	}
+
+	/**
+	 * The preset-derived default quota, regardless of any override. This is the
+	 * value the instance's configuration preset assigns to guests.
+	 */
+	public function getGuestQuotaDefault(): string {
+		// getDetails() only works once a value is stored; when no override is
+		// set, the app config already returns the preset-derived lexicon default.
+		if (!$this->hasGuestQuotaOverride()) {
+			return $this->appConfig->getAppValueString(ConfigLexicon::GUEST_DISK_QUOTA);
+		}
+		return (string)($this->globalAppConfig->getDetails(Application::APP_ID, ConfigLexicon::GUEST_DISK_QUOTA)['default'] ?? '0 B');
+	}
+
+	/**
+	 * Store the default guest quota. An empty value or 'default' removes the
+	 * override so the preset-derived default applies again.
+	 */
+	public function setGuestQuota(?string $quota): void {
+		if ($quota === null || $quota === '' || $quota === 'default') {
+			$this->appConfig->deleteAppValue(ConfigLexicon::GUEST_DISK_QUOTA);
+			return;
+		}
+		$this->appConfig->setAppValueString(ConfigLexicon::GUEST_DISK_QUOTA, $quota);
+	}
+
 	public function getHome(string $uid): string {
 		return $this->config->getSystemValue('datadirectory', \OC::$SERVERROOT . '/data') . '/' . $uid;
 	}

lib/Controller/SettingsController.php

@@ -18,6 +18,7 @@
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Services\IAppConfig;
 use OCP\IRequest;
+use OCP\Util;
 
 /**
  * Class SettingsController is used to handle configuration changes on the
@@ -55,13 +56,15 @@ public function getConfig(): DataResponse {
 			'whiteListableApps' => $this->appWhitelist->getWhitelistAbleApps(),
 			'sharingRestrictedToGroup' => $this->config->isSharingRestrictedToGroup(),
 			'createRestrictedToGroup' => $this->config->getCreateRestrictedToGroup(),
+			'guestQuota' => $this->config->hasGuestQuotaOverride() ? $this->config->getGuestQuota() : 'default',
+			'guestQuotaDefault' => $this->config->getGuestQuotaDefault(),
 		]);
 	}
 
 	/**
 	 * @param list<string> $whitelist
 	 */
-	public function setConfig(bool $useWhitelist, array $whitelist, bool $allowExternalStorage, bool $useHashedEmailAsUserID, bool $hideUsers, array $createRestrictedToGroup): DataResponse {
+	public function setConfig(bool $useWhitelist, array $whitelist, bool $allowExternalStorage, bool $useHashedEmailAsUserID, bool $hideUsers, array $createRestrictedToGroup, string $guestQuota = 'default'): DataResponse {
 		$newWhitelist = [];
 		foreach ($whitelist as $app) {
 			$newWhitelist[] = trim((string)$app);
@@ -73,10 +76,26 @@ public function setConfig(bool $useWhitelist, array $whitelist, bool $allowExter
 		$this->config->setUseHashedEmailAsUserID($useHashedEmailAsUserID);
 		$this->config->setHideOtherUsers($hideUsers);
 		$this->config->setCreateRestrictedToGroup($createRestrictedToGroup);
+		if ($this->isValidQuota($guestQuota)) {
+			$this->config->setGuestQuota($guestQuota);
+		}
 
 		return new DataResponse();
 	}
 
+	/**
+	 * A quota value is acceptable if it is the "default" sentinel, "none"
+	 * (unlimited) or a human-readable size such as "500 MB".
+	 */
+	private function isValidQuota(string $quota): bool {
+		if ($quota === 'default' || $quota === 'none') {
+			return true;
+		}
+		// Require an explicit unit so the stored value is unambiguous (e.g. "500 MB").
+		return preg_match('/^\d+(\.\d+)?\s*[KMGTP]?B$/i', trim($quota)) === 1
+			&& Util::computerFileSize($quota) !== false;
+	}
+
 	/**
 	 * AJAX handler for getting the whitelisted apps
 	 * We do not set the whitelist to null when it is unused. This is by design.