On a live site I've noticed that answers posted to questions in a private group are visible to non-members in the 'recent site activity' stream and the answer itself is also visible. I think that anyone 'liking' the answer also appears in the site activity stream to non-members.
Note that the questions themselves show 'access denied' message correctly.
I've just updated to all of the latest modules which I thought might be relevant, but problem still persists, namely:
commons groups 7.x-3.3
organic groups 7.x-2.3
commons activity streams 7.x-3.3
message notify 7.x-2.5
message subscribe 7.x-1.0-alpha5
commons q & a 7.x-3.3
I also set the new 3.3 privacy setting on the groups to 'invite only', in place of the earlier 'private' setting.
Comment | File | Size | Author |
---|---|---|---|
#7 | commons-trusted-contacts-hide-audience-2063289-7-b.patch | 706 bytes | ezra-g |
#7 | commons-qa-hide-audience-answers-2063289-7.patch | 799 bytes | ezra-g |
#3 | What_up____CL12.png | 48.26 KB | ezra-g |
Comments
Comment #1
ezra-g CreditAttribution: ezra-g commentedAdding to the 7.x-3.3 radar. Thanks for the bug report.
Comment #2
andyingham CreditAttribution: andyingham commentedMany thanks for picking this up Ezra.
Comment #3
ezra-g CreditAttribution: ezra-g commentedI'm not able to reproduce this with Commons packaged from build-commons.dev.make.
However, I do see that the Groups audience/trusted contacts form elements display on answer nodes, when they shouldn't display at all.
Comment #4
andyingham CreditAttribution: andyingham commentedHi Ezra,
Ok, I've now re-tested this. It looks as though answers created prior to recent module updates are still visible to non-group members. However, if I create a new question and answer, after having updated modules, then a non-group member is (correctly) prevented from seeing the answer, so that's all good.
However, the posting of the answer does still show in the non-group member's 'Recent site activity' stream (view = Commons Activity Streams - Activity (Site-wide) (Message)). Presumably the filter criteria '(Content entity referenced from field_target_nodes) Content access: Access' should be filtering this out, rather than my having to add an additional filter?
Andy
Comment #5
ezra-g CreditAttribution: ezra-g commentedWhat version of Commons were you using when you created the answers?
Comment #6
andyingham CreditAttribution: andyingham commentedAll the answers were posted whilst using Commons 7.x-3.2.
Comment #7
ezra-g CreditAttribution: ezra-g commented@andyingham, please file a new issue so that we can look into this.
Regarding the present issue, one challenge to fixing the present behavior is that both Commons Trusted Contacts and Commons Q_A use hook_module_implements_alter() to change their hook_form_alter() implementations to run last.
I propose we take an approach similar to what QuickTabs module does to address the same challenge with weights. The proposed one-liner patches to Commons_Trusted_contacts and Commons_QA define a $form_state['hide_audience_toggle'] value that allows us to set #access to false on the audience toggle.
Comment #8
japerryThese two patches work for me. I was able to reproduce the problem, apply the patch, and it went away. Answers submit as expected as well.
Comment #9
japerryComment #10
ezra-g CreditAttribution: ezra-g commentedCommitted.
http://drupalcode.org/project/commons_q_a.git/commit/bf261d2
http://drupalcode.org/project/commons_trusted_contacts.git/commit/bbce82c