[buddypress-trac] [BuddyPress Trac] #6843: Activity @mentions in private groups for non members

buddypress-trac noreply at wordpress.org
Fri Jan 29 04:47:31 UTC 2016


#6843: Activity @mentions in private groups for non members
----------------------------------+--------------------
 Reporter:  timeuser              |       Owner:
     Type:  defect (bug)          |      Status:  new
 Priority:  normal                |   Milestone:  2.5
Component:  Component - Activity  |     Version:  2.4.0
 Severity:  normal                |  Resolution:
 Keywords:                        |
----------------------------------+--------------------

Comment (by r-a-y):

 > There are other reasons users @mention someone than to let them know.
 Users @mention somone just to discuss them with other private group
 members, so there is a link to the @mentioned user.

 I agree with @dontdream here.

 If you are using at-mentions, you are intending to let the mentioned user
 know of that particular piece of content.

 ----

 That being said, at-mentions from private content should not show up in
 public feeds.

 There are primarily two places where at-mentions are filtered in the
 Activity component:
 1. Activity Directory: Click on the "Mentions" tab.
 (example.com/activity/)
 2. User Profile page: Click on the "Activity > Mentions" tab.
 (example.com/members/USER/activity/mentions/).  (Personally, I would love
 to remove this page or make it so this page is only accessible if
 `bp_is_my_profile()` is true.)

 Our current method for querying at-mention content is by doing a text
 search for `@USERNAME<`, which is all kinds of ugly.

 Perhaps, when an activity item has an @-mention, we record an activity
 meta item with `'bp_mentioned_user'` as key and user ID as the value.  We
 would only add this meta key if it passes all privacy checks such as group
 privacy and group membership.

 Then, when pulling up a user's activity mentions we do an activity meta
 query for the mentions activity scope.

 The positives with this is we do not have to do another query, but the
 negative is we would definitely need a backfill routine.  An upgrader as
 described in #6841 would be a great example usecase.  In the case of the
 Groups component, we would also have to watch for group membership status
 and group privavy changes.  We would also have to make a displayed user's
 "Activity > Mentions" page accessible only for the logged-in user as
 stated above.

 If this is too much, we could roll with @boonebgorges'
 `$user_private_groups` idea as well, but Boone's point about the number of
 groups is a potential problem.

 > It should be noted that any solution to this specific problem would be
 part of the larger question of activity stream privacy.

 I was thinking we would tack on activity scopes as needed (member
 blocking, for example).  But, this can complicate the SQL query immensely
 if other plugins tacked on their activity scopes.

 I don't want to go too far off-topic here, but the question is how
 granular do we want activity privacy to be?  Twitter's is relatively
 simple, but if we move (closer) towards a Facebook model (per-activity
 privacy with options such as "My Groups Only", "Friends of friends",
 etc.), the activity SQL query will become more complex and slower.

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6843#comment:12>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac


More information about the buddypress-trac mailing list