[buddypress-trac] [BuddyPress] #3857: Stop using hide_sitewide for privacy purposes
buddypress-trac at lists.automattic.com
buddypress-trac at lists.automattic.com
Thu Dec 15 23:28:27 UTC 2011
#3857: Stop using hide_sitewide for privacy purposes
--------------------------+----------------------------
Reporter: boonebgorges | Owner: boonebgorges
Type: enhancement | Status: new
Priority: major | Milestone: Future Release
Component: Activity | Version:
Severity: normal | Keywords: 1.7-early
--------------------------+----------------------------
We currently mark activity items as hide_sitewide in two cases:
* The activity item is duplicated by another one that is *not*
hide_sitewide, is in the case of "John is friends with Boone"
(hide_sitewide = 0) and "Boone is friends with John" (hide_sitewide = 1).
* The activity item is not supposed to be shown to all members because of
a privacy setting. In practice, this means that it was created in a hidden
or private group, but in theory it could be for any reason.
We should stop using hide_sitewide for this purpose. It causes lots of
problems. Here are just the few I could find in a couple minutes' search:
http://buddypress.trac.wordpress.org/ticket/2678
http://buddypress.trac.wordpress.org/ticket/3463
http://buddypress.trac.wordpress.org/ticket/2293
The only real surefire way to protect content in hidden/private groups is
to do the proper queries at runtime. We might use logic like this in the
activity query:
{{{
$non_public_group_ids = ids of all groups that are non-public
if ( is_user_logged_in() ) {
$this_user_group_ids = ids of all this user's groups
select from activity table where ( component != 'groups' OR item_id NOT
IN ($non_public_group_ids) OR item_id IN ($this_user_group_ids) )
} else {
select from activity table where ( component != 'groups' OR item_id NOT
IN ($non_public_group_ids) )
}
}}}
This is going to make our query a bit slower, unfortunately. But we can
aggressively cache the values of $non_public_group_ids and
$this_user_group_ids, so that persistent caching will mostly eliminate
those two queries.
Again, this is the only way to be really certain about this privacy stuff,
so I think we have to do something like it. hide_sitewide has sorta worked
up through now, but only just barely, and only through some hacks. Let's
do it right, so that when and if we introduce finer-grained activity
controls in BP core we will already have an example of how it ought to be
done.
Let's talk about this early in the 1.7 cycle. It's something that's
bothered me since I started using BP, so I would be happy to take it on as
one of my tasks.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/3857>
BuddyPress <http://buddypress.org/>
BuddyPress
More information about the buddypress-trac
mailing list