Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

activity river and invisible group bug 1.7 (Trac #2029) #2029

Closed
elgg-gitbot opened this issue Feb 16, 2013 · 11 comments
Closed

activity river and invisible group bug 1.7 (Trac #2029) #2029

elgg-gitbot opened this issue Feb 16, 2013 · 11 comments
Labels

Comments

@elgg-gitbot
Copy link

@elgg-gitbot elgg-gitbot commented Feb 16, 2013

Original ticket http://trac.elgg.org/ticket/2029 on 40246381-11-30 by trac user Captain, assigned to unknown.

Elgg version: 1.7

clean install of Elgg 1.7 on DELL1950III CentOS 5.4 PHP 5.2.10 (cli) Apache 2.2.3-22 MySQL 5.1.39 using base/remi/epel repos

invisible groups working perfect by create group then edit group and set group access to group name

PROBLEM:

the river activity displays to public (and all other user levels) the discussion of the invisible group (group icon, group name, discussion title, first few lines of the discussion text) betraying the invisible status of the group and breaking the privacy of the group

no 3rd party plugins installed. the error can be reproduced with out of the box 1.7 curverider plugins only

http://community.elgg.org/mod/groups/topicposts.php?topic=472747&group_guid=179063/

@elgg-gitbot
Copy link
Author

@elgg-gitbot elgg-gitbot commented Feb 16, 2013

moosetrout wrote on 40246516-07-11

We're seeing this in 1.6.1 as well.

@elgg-gitbot
Copy link
Author

@elgg-gitbot elgg-gitbot commented Feb 16, 2013

Milestone changed to Elgg 1.7.2 by cash on 40305969-01-14

@elgg-gitbot
Copy link
Author

@elgg-gitbot elgg-gitbot commented Feb 16, 2013

trac user ugomatic wrote on 40475036-01-12

As a solution to this, I propose that in the case of invisible groups, the default access level is set to Group-only for all content posted on the group, over-riding both site and personal access levels. In order to keep things simple, users should be able to post in invisible groups only with the following access levels: (1) that Group, (2) private, (3) if possible, collections of friends where all friends are part of that invisible group

Group members should be made aware that they have joined an invisible group, perhaps with a pop-up notification upon accepting the invitation.

Apart from the current obvious problem with posting group activity on the river, there is a second one: even if I delete the original activity, it will still be listed on the river for all users to see.

@elgg-gitbot
Copy link
Author

@elgg-gitbot elgg-gitbot commented Feb 16, 2013

cash wrote on 40475216-06-30

Deleting content should remove entries from the river. If you are not seeing that, please open up a separate bug report (especially if you are using the latest from the 1.7 branch in svn).

@elgg-gitbot
Copy link
Author

@elgg-gitbot elgg-gitbot commented Feb 16, 2013

trac user ugomatic wrote on 40475393-01-01

You're right, this is a different issue - already covered by ticket #1856: http://trac.elgg.org/ticket/1856

@elgg-gitbot
Copy link
Author

@elgg-gitbot elgg-gitbot commented Feb 16, 2013

cash wrote on 40489064-04-14

Current 1.7 branch does not display the group name or group icon, but it does display the title of the topic. Interestingly enough, the icon displayed is that of the current logged in user when the user does not have permissions for the group.

The core issue is that Elgg's permission model does not work well with containers. Anything within a container should not have more permissive access than the container itself. The access library does not do anything like this right now. Fixing this is not a 1.7.2 issue so I pushing it back to 1.8.

@elgg-gitbot
Copy link
Author

@elgg-gitbot elgg-gitbot commented Feb 16, 2013

Milestone changed to Elgg 1.8 by cash on 40489064-04-14

@elgg-gitbot
Copy link
Author

@elgg-gitbot elgg-gitbot commented Feb 16, 2013

Milestone changed to Elgg 1.8.1 by ewinslow on 40895147-01-16

@elgg-gitbot
Copy link
Author

@elgg-gitbot elgg-gitbot commented Feb 16, 2013

Milestone changed to Near Term Future Release by cash on 42004300-01-04

@jdalsem
Copy link
Member

@jdalsem jdalsem commented Feb 7, 2014

@juho-jaakkola is this ticket not fixed by the fix of #6167 ?

@juho-jaakkola
Copy link
Member

@juho-jaakkola juho-jaakkola commented Feb 7, 2014

@jdalsem Yes it is. Thanks for reviewing the ticket!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Development

No branches or pull requests

3 participants