Skip to:
Content

BuddyPress.org

Opened 4 years ago

Closed 4 years ago

#6842 closed defect (bug) (fixed)

Private Group @mention notifications should not go to non group members

Reported by: timeuser Owned by: boonebgorges
Milestone: 2.5 Priority: normal
Severity: normal Version: 2.4.0
Component: Activity Keywords: needs-patch needs-unit-tests
Cc:

Description

Posts in groups cause notification emails to be sent to all users @mentioned in the post. Notification emails should not be sent to @mentioned users that are not a member of the group if the group is private or hidden.

Change History (7)

#1 @timeuser
4 years ago

How do I submit a patch for this? I think it can be fixed by checking if user is a member of the group in bp_activity_filters.php function bp_activity_at_name_send_emails()

Insert at line #341 in bp_activity_filters.php


if (bp_is_group()) {
  $current_group = groups_get_current_group();
  // if the group is not public and mentioned user is not a member then don't send a notification
  if ('public' != $current_group->status && !groups_is_user_member( $user_id, $current_group->id )) {
    continue;
  }
}

#2 @boonebgorges
4 years ago

  • Component changed from API to Component - Activity
  • Milestone changed from Awaiting Review to 2.5

Good catch! Something along the lines of your fix will work - I'll rewrite it to keep some separation between our components.

#3 @boonebgorges
4 years ago

In 10467:

Pass $user_id and $activity params to 'bp_activity_at_name_do_notifications' filter.

These params make it easier to disable at-mention notifications for specific
users.

See #6842.

#4 @boonebgorges
4 years ago

  • Owner set to boonebgorges
  • Resolution set to fixed
  • Status changed from new to closed

In 10469:

Don't send notifications for activity in non-public group when mentioned user is not a member.

Props timeuser.
Fixes #6842.

#5 @timeuser
4 years ago

What if a user is an admin? It would be nice if they still received the notification in that case even if they are not a member. Technically they can view the posts anyway and our users are in the habit of @mentioning admin users for help.

#6 @boonebgorges
4 years ago

  • Keywords needs-patch needs-unit-tests added
  • Resolution fixed deleted
  • Status changed from closed to reopened

OK, we can make an exception for admins ('bp_moderate' cap check).

#7 @boonebgorges
4 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 10554:

Allow 'bp_moderate' users to get @-mention notifications from groups where they are not members.

See [10469] for the original introduction of the membership check.

Fixes #6842.

Note: See TracTickets for help on using tickets.