Skip to:
Content

Opened 6 months ago

Last modified 4 months ago

#7655 new defect (bug)

User activity updates created in Private/Hidden Groups can be replied to after leaving the Group

Reported by: DJPaul Owned by:
Milestone: Up Next Priority: normal
Severity: normal Version:
Component: Activity Keywords: reporter-feedback
Cc: contato@…

Description

User activity updates (activity_update) created in Private/Hidden Groups can be replied to by that User after leaving the Group.

I think this is a bug because it would give the impression that the user hasn't actually left the group, to the people who are still in the group. Especially so if the user was kicked out the group by a moderator.

To clarify, the user only sees items authored by them after leaving the group. I assume this is because of the duplicated row and the hide_sidewide column. Given this seems to be the intended behaviour, we should:

1) Disable the Favourite and Delete buttons...
2) Disable the (add) "Comment" button on activity types that support commenting...
3) Disable the "reply" button on activity_comments, related to the above...

...if the activity item relates to a Group, and the Group is *not* Public, and the user is not a member of that Group.

Fix this after #7048

Change History (3)

#1 @espellcaste
6 months ago

  • Cc contato@… added

#2 @DJPaul
5 months ago

  • Milestone changed from 3.0 to Up Next

I'll look at this for one of the next releases, unless someone beats me to it!

#3 @r-a-y
4 months ago

  • Keywords reporter-feedback added

See my related comment on ticket:7048#comment:31.

I fixed an issue in changeset r11881 where an unauthenticated user could access private activity updates made in private or hidden groups, so this issue should no longer be a problem.

@DJPaul, can you verify?

Note: See TracTickets for help on using tickets.