fix(comments): keep comment access_id in sync with container #8062
Conversation
|
Tested this manually by doing the following:
|
|
Travis makes me sad :( |
| @@ -1686,7 +1686,14 @@ protected function update() { | |||
| unset($persisted_entity); | |||
|
|
|||
| if ($allow_edit) { | |||
| $allow_edit = _elgg_services()->events->trigger('update', $this->type, $this); | |||
| $allow_edit = elgg_trigger_before_event('update', $this->type, $this); | |||
There was a problem hiding this comment.
Why not use _elgg_services()?
There was a problem hiding this comment.
Not sure these changes belong in this commit. It will be a major pain point for plugin upgrades and should have it's own entry in the logs.
There was a problem hiding this comment.
I thought the before/after functions were there for just this reason
This doesn't really work without the after hook, as a plugin/something could prevent the update, but then the comments would get changed to a different access_id - making the situation worse.
There was a problem hiding this comment.
It will be a major pain point for plugin upgrades
I wouldn't call it a major pain point - append ':before' or ':after' to the registration event. Minor inconvenience at best :)
Having it's own entry in the logs is a decent point though.
There was a problem hiding this comment.
So much for less intrusive deprecation behaviour ;) I don't think any of the older events would need to use :before, so maybe there is a way to make this work without deprecation warning.
There was a problem hiding this comment.
Technically all this needs to work is the after event. I could leave the old update event in place, it just seemed logical that if I was adding the after event it should have a matching before event
There was a problem hiding this comment.
I vaguely remember a good reason I didn't migrate entity "update" to before/after events, and I don't recall what it was!
There was a problem hiding this comment.
@beck24 I think leaving "update" as is and adding "update:after" is an OK compromise. We'd need to mention it in the RST docs
There was a problem hiding this comment.
ok, I'll remove the deprecation and leave 'update' as is with the added 'update:after'
|
I am wondering if we should create a new method (maybe |
|
Travis is complaining about lint: FILE: /home/travis/build/Elgg/Elgg/engine/lib/comments.phpFOUND 1 ERROR(S) AFFECTING 1 LINE(S)301 | ERROR | Missing @return tag in function comment |
|
I was thinking the same thing about a generic method to handle other types, wasn't sure about the best way to go about it and I wanted this fixed asap. |
| 'wheres' => array( | ||
| "e.access_id != {$entity->access_id}" | ||
| ), | ||
| 'limit' => 0, |
There was a problem hiding this comment.
I don't know about any convention, but I always use false.
There was a problem hiding this comment.
I looked at what the discussions batch for this did and it used 0, but I do prefer false
|
I wish this did not have to be an upgrade and instead was a computed property. This is bound to go out of sync again some time in someone's install because of some bad plugin or bug, no? |
|
The only way I can see it getting out of sync after this is if someone deliberately unregisters the event handler, or prevents the comment update with an event handler. Or a database interruption I suppose, but that's a risk on any operation. After the upgrade is complete we could occasionally run a global check/fix on cron. |
| $access_status = access_get_show_hidden_status(); | ||
| access_show_hidden_entities(true); | ||
|
|
||
| // don't want any event or plugin hook handlers from plugins to run |
There was a problem hiding this comment.
If we're going to disable all this stuff, wouldn't raw queries be a lot faster?
|
The access_id also needs to inherit into likes on the comments, so we probably have to call events, right? |
|
Yes, I have the event calls in the most recent iteration here |
| $comments = elgg_get_entities($options); | ||
|
|
||
| foreach ($comments as $comment) { | ||
| $container = $comment->getContainerEntity(); |
There was a problem hiding this comment.
Maybe check the container is actually loaded?
There was a problem hiding this comment.
ok, will do. This is run with hidden status and access overridden, so there shouldn't be any case where the container can't be loaded unless there's a data problem where the container is missing or broken. In that case what do you think we should do with it?
There was a problem hiding this comment.
Just decided to skip it and record it as an error. There's no good way to predict what should happen. Devs will have to sort out their own data corruption.
|
If someone makes a comment based on the entity is access_friends and then the entity gets changed to access_public how will that work? Will the comment still be access_friends? I guess my concern is that I don't want the comment to be less restrictive than the owner intended it to be... |
|
That's how it currently works, but with this the comment will change to be access_public - it will be kept in sync with the entity. |
|
So in this scenario if you commented on my post and then I change the access in effect I'm changing the access permission on a comment I don't own? I see the issue as it's not okay for a comment to be less restrictive than the entity but shouldn't it be okay for the comment to be more restrictive than the entity? I'm just looking to honor the privacy settings of the comment owner. Thanks... for example: I make a comment to my friends about my job and then the access gets changed and now my boss can see it? |
|
IMHO, comment owner should not even be able to control the privacy of a
|
|
@hypeJunction |
|
As was told earlier, if you are dealing with sensitive information,
|
i just made a fix for a client of our where i just catch the fact that the container (where the comment is on) is not accessable and make a different text. Will submit pr soon |
|
The admin could communicate with the user not through comments. Point being this is an extremely narrowly constructed hypothetical situation so counter arguments can weasel out of it. We should probably discuss on the community what the most common cases are and the behavior least surprising to most users. The answer may be syncing in some cases and not others. |
|
I never did get the question answered "do you want some website changing your privacy settings?". But as long as I have an unregister hook I'll deal with it. |
|
As I mentioned in an older ticket, from the perspective of the commentor's privacy, not altering the comment's access level is a feature. I think the desires of the content author to change access level have to come second. |
|
@mrclay what about a UI warning? Also consider the case of email -- you can forward a whole conversation to new people, or add people to the conversation and have them see the whole history. My opinion is that a UI warning about the social hazards of changing access levels would be a good compromise. |
|
@jeabakker This currently happens for replies to group discussions for the same reasons. |
|
Historical precedent doesn't hold much weight for me in general. Lots of things can be done wrong for a long time... |
|
Can I suggest that elgg owners take a vote to either pull this in or close?
|
|
I think a better way to go is if the logged in user can not see the entity then don't show the comments either. And still no one has answered the question "do you want some website changing your privacy settings?". I'm a privacy advocate, I just am. |
|
|
|
@beck24 You are correct on "that's exactly what this PR will do" as long as the entity owner is making the access_id more restrictive but not if they're making it less restrictive. Was that a yes or no to having a website changing your privacy settings? |
|
@twentyfiveautumn That was a no. |
|
Agreed that we need a vote. |
|
+1 on a vote |
|
Agreed - vote initiated at the top of the thread |
|
@mrclay - just saw your vote. I'm fine with both of those conditions - would you want the UI message added to this PR? |
|
Same PR seems fine; up to you. A generic message that appears on any access_id select change seems sufficient. |
|
This feels like a backdoor but letting the user know it's there is certainly a good step in the right direction. Thank you for that. My intention here has always been to look out for the interest of all users on all Elgg websites. Thanks again |
|
When you strip away the debate and opinions here the actual issue is simple: |
|
@twentyfiveautumn I may own that entity, but it's an Elgg system implementation detail that ElggComments have independent access control and ownership. If I comment on someone else's WordPress blog, they retain some rights to moderate my comment in various ways and I see that as reasonable. I think contextual help to explain features/site policies to users would be helpful but ultimately the demand from developers hasn't been that great for it. |
|
Sorry everyone, we can move our discussion to the community. |
|
I've created a new ticket for the UI feedback as this is ready to merge and I think we're all done with this thread! |
fix(comments): keep comment access_id in sync with container
Fixes #7807, Fixes #7984
Voting time
Yes let's pull this in:
Yes with more:
No let's do something else: