[buddypress-trac] [BuddyPress] #3857: Stop using hide_sitewide for privacy purposes

buddypress-trac at lists.automattic.com buddypress-trac at lists.automattic.com
Thu Dec 15 23:28:27 UTC 2011

#3857: Stop using hide_sitewide for privacy purposes
 Reporter:  boonebgorges  |      Owner:  boonebgorges
     Type:  enhancement   |     Status:  new
 Priority:  major         |  Milestone:  Future Release
Component:  Activity      |    Version:
 Severity:  normal        |   Keywords:  1.7-early
 We currently mark activity items as hide_sitewide in two cases:
 * The activity item is duplicated by another one that is *not*
 hide_sitewide, is in the case of "John is friends with Boone"
 (hide_sitewide = 0) and "Boone is friends with John" (hide_sitewide = 1).
 * The activity item is not supposed to be shown to all members because of
 a privacy setting. In practice, this means that it was created in a hidden
 or private group, but in theory it could be for any reason.

 We should stop using hide_sitewide for this purpose. It causes lots of
 problems. Here are just the few I could find in a couple minutes' search:

 The only real surefire way to protect content in hidden/private groups is
 to do the proper queries at runtime. We might use logic like this in the
 activity query:
 $non_public_group_ids = ids of all groups that are non-public
 if ( is_user_logged_in() ) {
   $this_user_group_ids = ids of all this user's groups
   select from activity table where ( component != 'groups' OR item_id NOT
 IN ($non_public_group_ids) OR item_id IN ($this_user_group_ids) )
 } else {
   select from activity table where ( component != 'groups' OR item_id NOT
 IN ($non_public_group_ids) )

 This is going to make our query a bit slower, unfortunately. But we can
 aggressively cache the values of $non_public_group_ids and
 $this_user_group_ids, so that persistent caching will mostly eliminate
 those two queries.

 Again, this is the only way to be really certain about this privacy stuff,
 so I think we have to do something like it. hide_sitewide has sorta worked
 up through now, but only just barely, and only through some hacks. Let's
 do it right, so that when and if we introduce finer-grained activity
 controls in BP core we will already have an example of how it ought to be

 Let's talk about this early in the 1.7 cycle. It's something that's
 bothered me since I started using BP, so I would be happy to take it on as
 one of my tasks.

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/3857>
BuddyPress <http://buddypress.org/>

More information about the buddypress-trac mailing list