[buddypress-trac] [BuddyPress] #3462: Hidden groups are accessible via url
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Sun Oct 9 16:28:29 UTC 2011
#3462: Hidden groups are accessible via url
--------------------------+-----------------------
Reporter: modemlooper | Owner:
Type: defect (bug) | Status: assigned
Priority: normal | Milestone: 1.6
Component: Core | Version: 1.5
Severity: normal | Resolution:
Keywords: |
--------------------------+-----------------------
Changes (by DJPaul):
* owner: DJPaul =>
Comment:
Having reviewed the code and my earlier assumption when working on #3669.
My point about the above links is still valid, but I've learnt the groups
do redirect to the first URL and display a "you don't have access"
message, so it's not as simple as removing an !empty() check, which is
what I thought the problem was originally.
As Public and Private groups can be read by any user, I think the current
behaviour is fine; especially for Private groups, as the user needs to be
able to request membership somehow (a site may not use the groups
directory, for example).
For Hidden groups, I think we should change the behaviour so that if you
don't have access, (all of) the link(s) 404. At the minute, you can see a
"this is a hidden group and only invited members can join" message, but
you can view the group title, description, and see the admin/moderator
avatars.
This would be the same behaviour as if you try to access the group admin
page URL without authorisation (it 404s), and I think it would be more
consistent, as well as having the benefit of keeping the hidden group's
title and description hidden.
The latter could be achieved by updating the templates but that means
putting core logic into the default theme(!).
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/3462#comment:3>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list