I am planning to use Drupal Commons for an intranet but the fact that "Commons Groups module grants non-group members the ability to post content into groups where content in the group is public" would be a problem as effectively any staff member could post content to any group and thereby be given membership of any group which seriously affects its manageability and would undermine the trustworthiness of "employer-to-employee" content such as staff policies & procedures. My apologies if I have missed something but is this likely to change or do I have to use the 6.x version. The only way around that I have found is to comment out the * Implements hook_og_user_access_alter(). section of the commons_group.module which is probably not a good idea.

Comments

ezra-g’s picture

Title: It would be useful to be able to "turn off" the commons groups modules organic group permission override » Disable posting into public groups for non-members, auto group membership when posting
Version: 7.x-3.0 »

Seems like a great feature request. We'd also want to disable the bit of code that automatically adds a user as a member when she posts into a group.

Because hook_og_user_access() runs each time we check permission for an action, I believe this feature could be implemented simply as a site-wide setting within the Commons_groups module.

doors’s picture

I have created other groups content types which I don't want to allow non-members to be able to post in public groups.

When will this be fixed?

Topcheese’s picture

I'm not aware of the specifics, but it seems in the case of the Intranet you could still create a private group for the department and create a public group for the public channel. Yes, it is a little extra work, but you end up with a more secure dept with a public "channel" to track all kinds of wonderful things without a fear of really mixing the two.

If an employee has something to post to that channel/group, then yes they should be a member of it and not of the dept. Just one way of looking at it I suppose.

WebSinPat’s picture

Yes please for this feature request. any timeline on when it will be worked on?

meantime, should I comment out that function as mentioned by @Andrew Searl ? I dont usually mess with code too much and am not sure the implications of removing it.

If anyone is so inclined as to explain, i'm also just plain curious why groups membership has been structured in this way by design. It does make it easy for users to join a group, which is nice if that's what you want, but why no option to do otherwise?

TravisJohnston’s picture

Version: » 7.x-3.2

Please look into this.

This is not a feature request. This is something that needs to be fixed. What is the point of a member/non-member relation if anyone in the entire site can go around creating whatever they want when ever they want? You shouldn't have to set a bunch of Private groups in order to counteract this. Organic Groups has a permission setup that works perfectly, but for some reason Commons is deciding to overwrite it and give access to everyone. That should be left up to the Organic Groups permissions, not hardcoded. Looks like I now have to hack Commons core to get a basic setting back to how it should be...

TravisJohnston’s picture

Status: Active » Closed (duplicate)

Looks like more information is listed here: https://drupal.org/node/1971074

And it looks like there is talk about removing this in 3.3