Interesting issue with views arguments. I'm on the latest Activity -dev for 11/11 with commit #287944.
Take the default all_activity view, change the page path to activity/%/all, and add an argument. I used "Activity: Activity Actor", Provide Default Argument, User ID from URL, Basic validation.
Now let's say I am logged in as UID 16. The view works 100% fine for all UIDs OTHER than 16 (/activity/14/all, etc). When I use User ID 16, I see the first few activity messages and then just blanks for everything else. In other words, the argument only pulls in a few activity messages when looking at your own stuff.
I also tried an argument of User: UID but the same thing happened. To prove it wasn't a theming issue I did switch back to Garland with the same result.
Please let me know if you need more to reproduce it. Thanks!
Comments
Comment #1
sirkitree commentedCan you provide the query that Views is generating when logged in as uid16, one with the uid of another user as the argument and another one with yourself?
Comment #2
rjbrown99 commentedYes, here goes. In this case User ID 14 is a 'normal' authenticated user with no special privileges. To capture the query as the normal user I used the devel module and enabled collect query log and display query log. I grabbed both the count and query as they happen one before the other and I thought it might be relevant.
/activity/14/all (user that is the logged in user) - This returns partial results
/activity/16/all (user that is not the logged in user) - This works as expected in terms of returning results. Again this was logged in as user ID #14 and viewing the activity of user ID #16.
Now, here is the query when logged in as admin (UID1) and viewing /activity/14/all. This returns correct results.
Here is user ID 35 logged in and viewing /activity/14/all. This returns correct results.
Comment #3
rjbrown99 commentedI took a glance specifically at the first one (UID 14 not working) and the last one (UID 35 looking at UID14) and noticed one difference.
Here's the logged in UID #14 looking at their own stuff and not working.
Here's UID 35 looking at UID 14 and working.
Comment #4
Scott Reynolds commentedAhh ok so is any of the users seeing content that they don't have access too. See activity will not show activity around nodes that the current user doesn't have access too. This is a feature. All the activity that isn't showing up for the given user is because, if they were to visit that node, they would get an access denied message.
Comment #5
rjbrown99 commentedNot in my case. The problem is that the user can't see their own activity messages but they can see everyone else just fine. When looking at someone else's activity view, they can see 100% of the content. When looking at your own activity messages (where the logged in user is looking at /activity/MYUID/all), you only see partial content returned. When other users look at your activity messages, they can see them just fine. The user has access to their own messages and no other controls should prevent that from being viewed. You should be able to reproduce this with the default view if you modify it to add an argument per my initial post.
Comment #6
rjbrown99 commentedI switched this back to active. I think perhaps my description was not coming across cleanly. I do think there is a bug here.
It is not that users are seeing content they do not have access to. It is that a user only sees partial results when their own UID is the argument to the view. The user would inherently have access to all of their own stuff and nodes as they were the ones to create the content in the first place.
What it looks like is the user sees the first few results of their own activity messages, and then there is no more. But the pager is appearing, and you can click to each page but there are no messages. The query is returning partial results.
Try reproducing - just enable the default all_activity view, change the page to /activity/%/all, add an argument of Activity: Activity Actor of provide default argument, user ID from URL. Now with your own logged in user, visit /activity/MYOWNUID/all and you see partial results.
Comment #7
rjbrown99 commentedI had an 'ah-ha' moment and I think I figured this out. It still may be a bug but different from what I would have thought.
All of my activity publisher templates were blank in the "author message" field. So I am creating a "public" message but nothing to show to the author. My new theory is that what is happening is that the view is running as intended and returning results, but since there was nothing stored in those fields it is coming back with blank results since it pulls in what should be shown to the author. It still looks to the view output like all of the items are there and the pager shows up, but there's no content. To the other users it shows the public message which is why it shows up.
Perhaps that makes more sense. Thoughts? In the event that a view finds empty fields, perhaps it should not return results or use the public message instead?
Comment #8
rjbrown99 commentedPerhaps one solution is to make every activity publisher template field required before it will save? Even if they are all the same that would capture a message and make sure views outputs something. Another idea would be to modify the views output where it shows the public message in the event the result is empty, but I'm not sure if that's possible.
Comment #9
Scott Reynolds commentedHm I tested this out before. It should allow you to enter empty messages for all but the public message.
In activity_record()
..Strange, maybe it deals with the language stuff.
Comment #10
spp commentedI have a similar issue with a view, but which has nothing to do with arguments, that I can't seem to understand. I have a view which is a list of nodes of a specific CCK type (Instructor). If I am not logged in at all or if I am logged in as an authenticated user, the view works fine and I can see all of the instructors at our school. However, if I am logged in as the administrator account, I only see the first twenty one instructors. I can't imagine what kind of permission issue it could be if everyone except the administrator can see things. If only the admin could see it, I would understand, but not the other way around.
Comment #11
Scott Reynolds commented@rjbrown are you still seeing this with the latest ? I just tested it out and it did handle the case of an empty template just fine.
Tell me what templates you have and the values for them if it is still happening.
Comment #12
rjbrown99 commentedI am not having issues at this point with the latest -dev, so I'm going to close this out.