[buddypress-trac] [BuddyPress Trac] #6211: "Only Me" profile fields are searchable by other users

buddypress-trac noreply at wordpress.org
Mon Feb 23 02:45:25 UTC 2015

#6211: "Only Me" profile fields are searchable by other users
 Reporter:  srucwebmaster         |       Owner:
     Type:  defect (bug)          |      Status:  new
 Priority:  normal                |   Milestone:  2.3
Component:  Component - XProfile  |     Version:  1.6
 Severity:  normal                |  Resolution:
 Keywords:                        |
Changes (by boonebgorges):

 * milestone:  Awaiting Review => 2.3


 [attachment:6211.diff] is a prelimary attempt at fixing this. It works
 (please review the unit tests), but it's quite ugly. Problems:

 - User field visibility levels are stored in a serialized array in
 usermeta. This means it's impossible to solve this problem with a single
 SQL query. The only way I can make it work on the current schema is to
 prefetch the user IDs + field IDs that match the search terms, and then to
 run a separate loop to filter out the items that are not visible to the
 current user.
 - I've chosen to call `bp_get_user_meta()` inside the `foreach` loop. This
 will surely cause performance issues when there are large number of hits
 and the site has no persistent cache. Alternatively, I could do a single
 query to fetch it all at once - this will reduce both the number of
 queries required and the data stored in memory - but it's still going to
 hit a performance ceiling.

 The main change that could be made to improve this whole thing is to move
 visibility levels from usermeta into xprofile_meta, as "datameta". Then
 most of this work could be accomplished by a single table join.

 It seems to me that moving visibility data to datameta is worthwhile for
 other reasons - it will simplify other parts of the API as well - but I'd
 like to hear the thoughts of others before moving forward with it. As we
 did in the case of 'last_activity' migration, I'd probably want to
 continue to mirror it in usermeta, in case anyone is referencing it
 directly that way.

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6211#comment:2>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list