[Bug]: Sub-admin cannot remove the member from the group

[nabim777]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

User cannot be removed from the group by the group sub-admin.

Steps to reproduce

1. As an admin, creates two user named Alice and Brian
2. As an admin, creates a group named groupA
3. As an admin, added to user Alice and Brian in the group groupA
4. As an admin, make user Alice a group sub-admin of groupA
5. When a user Alice, try to remove the user Brian from the group
6. Then a user Brian cannot remove user Brian from group groupA
7. And get the pop-up message Not viable to remove user from the last group you are sub-admin of

screen video demonstrating the issue:

Screencast.from.01-31-2025.10.02.52.AM.webm

Curl Command to remove the user:

curl -X DELETE -u <Group_sub_admin_username>:<Group_sub_admin_password> -H "OCS-APIRequest: true" "<base-url>/ocs/v1.php/cloud/users/<username_need_to_removed>/groups?groupid=<group_name>"

Output:

<?xml version="1.0"?>
<ocs>
  <meta>
    <status>failure</status>
    <statuscode>105</statuscode>
    <message>Not viable to remove user from the last group you are sub-admin of</message>
    <totalitems></totalitems>
    <itemsperpage></itemsperpage>
  </meta>
  <data/>
</ocs>

Expected behavior

When user Alice (sub-admin of group) removed user Brian from the group, then user Brian should be removed.

Actual behavior

When user Alice (sub-admin of group) removed user Brian from the group, then user Brian is not removed.

Analysis & Code Reference

However, after looking at the code I found a comment left describing what the sub-admin must do. Because of this reason, it seems like its an intentional feature instead of a bug.

if (count($userSubAdminGroups) <= 1) {
    // Subadmin must not be able to remove a user from all their subadmin groups.
    throw new OCSException($this->l10n->t('Not viable to remove user from the last group you are sub-admin of'), 105);
  }

This ⤴ basically does a check before removing a user from a group. The condition makes sure that if a user is in their last group of a sub-admin, if so, then a sub-admin cannot remove that user.

Clarification Needed

If this behavior is a feature or bug ?
If its a feature, could you clarify the reasoning behind it? What is the specific use case or logic that justifies preventing a sub-admin from removing a user from their last group?

Nextcloud Server version

31

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MySQL

Is this bug present after an update or on a fresh install?

None

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other