Group History does not respect group security

[azturner]

Prerequisites

• Put an X between the brackets on this line if you have done all of the following:
  • Did you perform a search at https://github.com/issues?q=is%3Aissue+user%3ASparkDevNetwork+-repo%3ARock to see if your bug or enhancement is already reported?
  • Can you reproduce the problem on a fresh install or the demo site?
  • Did you include your Rock version number and client culture setting?

Description

The Group History block shows groups even though current person does not have view access to that group. In screenshot below, Ted Decker does not have view access to the "Abuse Care" group. The Group List block correctly does not show that group, but the group history block does:

Ted can also see in Jenny's history when she was added to that group:

Steps to Reproduce

1. Create/Edit group (using group type configured for history) and secure so not all people can view the group
2. Add someone to that group.
3. Run the Process Group History job
4. Log in as someone who should not be able to view the group and view the group tab on the profile of person added to group.

Expected behavior:

User is not able to see anything related to the group they do not have View access to.

Actual behavior:

The person can see the group in the group history chart and in the person's history.

Versions

• Rock Version: v13.3
• Client Culture Setting: en-US

[azturner]

@ethan-sparkdevnetwork, this is marked as fixed in v13.7, but I'm not sure the commit is in that branch. Will it be included in 13.7?