open_social icon indicating copy to clipboard operation
open_social copied to clipboard

Published 20 hours ago verified publisher icon goalgorilla

Issue #3314447 by rolki: Fix flexible group visibility checking

Open rollki opened this issue 2 years ago • 1 comments

Problem

So, the problem is that a flexible group can be created with public visibility and group visibility for content, as a result the group is not available to anonymous users.

The visibility check does not work correctly, as the visibility of the group is checked on the wrong field (on the visibility of the content of the group, not the group itself).

Solution

Check access to the group by field_flexible_group_visibility, not field_group_allowed_visibility.

Issue tracker

  • https://www.drupal.org/project/social/issues/3314447
  • https://getopensocial.atlassian.net/browse/PROD-22582

Theme issue tracker

NONE.

How to test

  • [ ] Create a flexible group with public visibility and group content visibility options
  • [ ] Go to this group under the anonymous user
  • [ ] You should be able to view the group

Definition of done

Before merge

  • [ ] Code/peer review is completed
  • [ ] All commit messages are clear and clean. If applicable a rebase was performed
  • [ ] All automated tests are green
  • [ ] Functional/manual tests of the acceptance criteria are approved
  • [ ] All acceptance criteria were met
  • [ ] New features or changes to existing features are covered by tests, either unit (preferably) or behat
  • [ ] Update path is tested. New hook_updates should respect update order, right naming convention and consider hook_post_update code
  • [ ] Module can be safely uninstalled. Update/implement hook_uninstall and make sure that removed configuration or dependencies are removed/uninstalled
  • [ ] This pull request has all required labels (team/type/priority)
  • [ ] This pull request has a milestone
  • [ ] This pull request has an assignee (if applicable)
  • [ ] Any front end changes are tested on all major browsers
  • [ ] New UI elements, or changes on UI elements are approved by the design team
  • [ ] New features, or feature changes are approved by the product owner

After merge

  • [ ] Code is tested on all branches that it has been cherry-picked
  • [ ] Update hook number might need adjustment, make sure they have the correct order
  • [ ] The Drupal.org ticket(s) are updated according to this pull request status

Screenshots

Знімок екрана 2022-10-10 о 13 33 52 Знімок екрана 2022-10-10 о 13 34 38

Release notes

From now on, the functions: social_group_flexible_group_public_enabled, social_group_flexible_group_community_enabled and social_group_flexible_group_members_enabled are checked on the field_flexible_group_visibility field, not field_group_allowed_visibility.

Change Record

From now on, the functions: social_group_flexible_group_public_enabled, social_group_flexible_group_community_enabled and social_group_flexible_group_members_enabled are checked on the field_flexible_group_visibility field, not field_group_allowed_visibility.

Translations

NONE.

rollki avatar Oct 10 '22 10:10 rollki

Thanks for contributing towards Open Social! A maintainer from the @goalgorilla/maintainers group might not review all changes from all teams/contributors. Please don't be discouraged if it takes a while. In the meantime, we have some automated checks running and it might be that you will see our comments with some tips or requests to speed up the review process. :blush:

mergeable[bot] avatar Oct 10 '22 10:10 mergeable[bot]

Hi guys, this PR was created due to an issue on Sparkblue (https://getopensocial.atlassian.net/browse/PROD-22582), I'm not sure about the changes made in this PR, but from the names of the methods they seem logical to me, check by group visibility, not group content visibility. These changes were also added to the production of one of the projects, and it seems that they work normally there, so I would like to hear your opinion, maybe the check by group content visibility was written deliberately, but then why is it not aligned with the name of the methods.

cc @ronaldtebrake, @tbsiqueira, @ribel

rollki avatar Nov 22 '22 12:11 rollki

@nechai Please update and finalise this PR so we can merge it.

ribel avatar Jan 27 '23 12:01 ribel

Hi all, I have found the following issue, could you please check?

Summary: Stream content is not displayed even though the users can see that some content that was created on other tabs Pre-contition: to have access the site, to have a public content, like a topic, created on a public flexible group Steps:

  1. Access the site as any user, logged or not, that is not member of the public group.
  2. Open the stream of a public flexible group that has public content created (like a topic)

Expected result: Stream of the group should show the creation of the content that the user viewing has access to view Actual result: nothing, not even a warning message of no content is displayed on the stream page

Evidences Page URL: https://pr3150-mvuphpkjmdrnxqqhd7eurxr8qby71izq.tugboatqa.com/group/6/stream test it with the user michelleclark / michelleclark image image

BiaInacio avatar Feb 13 '23 10:02 BiaInacio

On a further note, the bug mentioned by Bia is also present on a clean installation, we can close this PR, and open a follow up issue :D

tbsiqueira avatar Feb 13 '23 12:02 tbsiqueira

🍒 -picked to 11.6.x and 11.7.x

ribel avatar Feb 13 '23 12:02 ribel