Opened 7 years ago
Closed 6 years ago
#7655 closed defect (bug) (worksforme)
User activity updates created in Private/Hidden Groups can be replied to after leaving the Group
| Reported by: |
DJPaul
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Activity | Keywords: | reporter-feedback |
| Cc: | contato@… |
Description
User activity updates (activity_update) created in Private/Hidden Groups can be replied to by that User after leaving the Group.
I think this is a bug because it would give the impression that the user hasn't actually left the group, to the people who are still in the group. Especially so if the user was kicked out the group by a moderator.
To clarify, the user only sees items authored by them after leaving the group. I assume this is because of the duplicated row and the hide_sidewide column. Given this seems to be the intended behaviour, we should:
1) Disable the Favourite and Delete buttons...
2) Disable the (add) "Comment" button on activity types that support commenting...
3) Disable the "reply" button on activity_comments, related to the above...
...if the activity item relates to a Group, and the Group is *not* Public, and the user is not a member of that Group.
Fix this after #7048
Change History (5)
@
#3
@
6 years ago
- Keywords reporter-feedback added
See my related comment on ticket:7048#comment:31.
I fixed an issue in changeset r11881 where an unauthenticated user could access private activity updates made in private or hidden groups, so this issue should no longer be a problem.
@DJPaul, can you verify?
I'll look at this for one of the next releases, unless someone beats me to it!