Skip to:
Content

Opened 2 years ago

Last modified 8 weeks ago

#3857 new enhancement

Stop using hide_sitewide for privacy purposes

Reported by: boonebgorges Owned by: boonebgorges
Milestone: Future Release Priority: major
Severity: normal Version:
Component: Activity Keywords:
Cc: chrisclayton, zane@…

Description

We currently mark activity items as hide_sitewide in two cases:

  • The activity item is duplicated by another one that is *not* hide_sitewide, is in the case of "John is friends with Boone" (hide_sitewide = 0) and "Boone is friends with John" (hide_sitewide = 1).
  • The activity item is not supposed to be shown to all members because of a privacy setting. In practice, this means that it was created in a hidden or private group, but in theory it could be for any reason.

We should stop using hide_sitewide for this purpose. It causes lots of problems. Here are just the few I could find in a couple minutes' search:
http://buddypress.trac.wordpress.org/ticket/2678
http://buddypress.trac.wordpress.org/ticket/3463
http://buddypress.trac.wordpress.org/ticket/2293

The only real surefire way to protect content in hidden/private groups is to do the proper queries at runtime. We might use logic like this in the activity query:

$non_public_group_ids = ids of all groups that are non-public
if ( is_user_logged_in() ) {
  $this_user_group_ids = ids of all this user's groups
  select from activity table where ( component != 'groups' OR item_id NOT IN ($non_public_group_ids) OR item_id IN ($this_user_group_ids) )
} else {
  select from activity table where ( component != 'groups' OR item_id NOT IN ($non_public_group_ids) )
}

This is going to make our query a bit slower, unfortunately. But we can aggressively cache the values of $non_public_group_ids and $this_user_group_ids, so that persistent caching will mostly eliminate those two queries.

Again, this is the only way to be really certain about this privacy stuff, so I think we have to do something like it. hide_sitewide has sorta worked up through now, but only just barely, and only through some hacks. Let's do it right, so that when and if we introduce finer-grained activity controls in BP core we will already have an example of how it ought to be done.

Let's talk about this early in the 1.7 cycle. It's something that's bothered me since I started using BP, so I would be happy to take it on as one of my tasks.

Change History (5)

comment:1 boonebgorges21 months ago

  • Keywords 1.7-early removed

I have a feeling that this is going to take way more than we have time for in the 1.7 release, so I'm going to preemptively punt it (much as it pains me to do so).

comment:2 chrisclayton16 months ago

  • Cc chrisclayton added

comment:3 dcavins7 months ago

Boone, I agree with doing this query based on the user's capabilities and memberships rather than some combination of group visibility and hide_sitewide. How many classes of activity are there? I'm guessing, here:

Public activity
Friendships, new members, activity in public groups

Limited audience activity
Activity in private and hidden groups, activity to be seen only by friends

Private activity
User-only, like creation of a private bp-doc

From your comments on other tickets, it seems you think a single "hide_sitewide" isn't enough to work with? What are you thinking, a "this is private" and "this is a duplicate of another activity"?

Please let me know if there's anything I can do to help out on this ticket.

-David

comment:4 boonebgorges7 months ago

To be honest, I don't have any bright ideas about how to solve this very large problem. The taxonomy of activity types you've laid out is a start, but the idea of "limited audience" is itself very complicated, because the "limited audience" will differ with each piece of data (depending on group membership and stuff like that). At the moment, I don't think BP has any concept of user-only activity, though I can see the use for it and how it fits into the larger picture.

What are you thinking, a "this is private" and "this is a duplicate of another activity"?

I think this is probably too simple, but yes, at a bare minimum I think that these should be handled separately.

Ultimately, I think we should also be thinking about finer-grained visibily stuff as we pick apart the puzzle at hand. It may never be the case that BP itself allows you to set per-activity visibility - show this activity item only to my friends, show this one publicly, etc - but whatever new system is developed should be theoretically compatible with a plugin that'd add the additional functionality.

Any ideas or sketches would be most welcome.

comment:5 Zane8 weeks ago

  • Cc zane@… added
Note: See TracTickets for help on using tickets.