[buddypress-trac] [BuddyPress Trac] #6843: Activity @mentions in private groups for non members

buddypress-trac noreply at wordpress.org
Mon Jan 25 22:21:26 UTC 2016 

#6843: Activity @mentions in private groups for non members
----------------------------------+--------------------
 Reporter:  timeuser              |       Owner:
     Type:  defect (bug)          |      Status:  new
 Priority:  normal                |   Milestone:  2.5
Component:  Component - Activity  |     Version:  2.4.0
 Severity:  normal                |  Resolution:
 Keywords:                        |
----------------------------------+--------------------
Changes (by boonebgorges):

 * component:  API => Component - Activity
 * milestone:  Awaiting Review => 2.5


Comment:

 Thanks for the report, @timeuser. I'd like to bring @r-a-y in to think
 about this.

 As you note, `show_hidden=false` will have side effects. You'll no longer
 see mentions from private groups of which you *are* a member. That being
 said, this is the way most of our activity streams already work, so in the
 short term it's probably the best way forward.

 It's a complicated problem to solve more thoroughly, given the way that
 our activity queries work. The `mentions` scope is translated to a set of
 `BP_Activity_Query` args.

 The logic of the query should be something like this:

 {{{
 Get all activity items with @username where:
    'component' !== 'groups'
    OR
    'component' === 'groups' && the group is public
    OR
    'component' === 'groups' && the group is non-public && the user is a
 member of the group
 }}}

 But we don't have any group information available at the time of the
 activity query, and joining against these tables is going to cause lots of
 problems with existing filters on activity queries. This suggests that we
 could pull up a list of compatible groups before the main activity query,
 but it's hard to see what this would look like:

 {{{
 $user_private_groups = get all non-public groups of which the user is not
 a member
 $activity_query[] = array(
     'column' => item_id'
     'compare' => 'NOT IN',
     'value' => $user_private_groups,
 );
 }}}

 (obviously it needs to be more complicated than this, but you get the
 idea). The problem here is that `$user_private_groups` could be a mammoth
 number of groups.

 Alternatively, we could let the query go through, and then filter out off-
 limits items afterward. But this is asking for trouble - it'll break all
 `limit` and pagination parameters.

 It should be noted that any solution to this specific problem would be
 part of the larger question of activity stream privacy. So let's think
 about it in those terms. And maybe go with the 'show_hidden' band-aid in
 the short-term.
 Any ideas, @r-a-y or someone else?

--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6843#comment:2>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list