[buddypress-trac] [BuddyPress Trac] #6843: Activity @mentions in private groups for non members

buddypress-trac noreply at wordpress.org
Tue Sep 6 04:18:17 UTC 2016

#6843: Activity @mentions in private groups for non members
 Reporter:  timeuser      |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  Future Release
Component:  Activity      |     Version:  2.4.0
 Severity:  normal        |  Resolution:
 Keywords:  needs-patch   |
Changes (by boonebgorges):

 * keywords:   => needs-patch


 @r-a-y I like your idea about breaking mentions out into structured data,
 and to query against that rather than doing a LIKE query against the
 content. (This would also be a good use case for a relationship API.) But
 I'm not sure I understand this bit:

 >  We would only add this meta key if it passes all privacy checks such as
 group privacy and group membership.

 I guess you mean that if user A mentions user B in a private group PG,

 if ( PG is public || B is a member of PG ) {
     bp_activity_record_mention( $activity_id, $b );

 meaning that if the `if` condition fails, this particular activity item
 won't show up in @-mention queries for B. Am I understanding this
 correctly? I think it's clever. But I worry about data syncing and
 invalidation - it's going to be challenging to ensure that we catch all
 invalidation scenarios (activity edit, group membership changes, group
 status changes, etc). There would probably also be backward compatibility
 concerns for non-core cases that are expecting mention queries to include
 non-public data (like if you're running internal analytics or something
 like that).

 > I don't want to go too far off-topic here, but the question is how
 granular do we want activity privacy to be? Twitter's is relatively
 simple, but if we move (closer) towards a Facebook model (per-activity
 privacy with options such as "My Groups Only", "Friends of friends",
 etc.), the activity SQL query will become more complex and slower.

 What people want, and have always wanted since BP 1.0, is extremely fine-
 grained privacy control. But a full-fledged ACL system, intended for use
 in many different kinds of BP environments, is probably going to be quite
 slow. I think that, for the time being, it's probably OK to have a system
 of stopgaps like the mention-meta that you've described here.

Ticket URL: <https://buddypress.trac.wordpress.org/ticket/6843#comment:15>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac

More information about the buddypress-trac mailing list