ISSUE SUMMARY:
I would like to remove the "public" and "site_members" privacy settings from posting options

There are at least two locations where this setting is used:
1. When posting to your stream, there is a privacy button which allows you to select the options "public", "site_members", "friends", or "me"
2. When you select a post from your stream that you own, you may change the privacy option to one of the four listed above.

Could you please point me in the direction (tell me the files involved) to do the two following things:
1. remove the public and site_members option
2. default the post to "me" option rather than "friends" option

The site we're developing is more about creating a private journal which you can then publicize certain posts rather than sharing all things with all people.

I can reverse engineer everything with netbeans, but if you could point me in the right direction, I can start in the right files and save a bunch of time.

I've attached pictures of the options I'd like to change. I do know that this is likely a jomsocial core modfication that I would need to change, although I could see this being a nice configurable feature that you could add later.

Such as:
- Allowed Posting Privacies:

• public
• site_members
• friends
• me

Hi,

please edit:
/templates/socialize/css/custom.css and put this code at the bottom of page

.joms-postbox-dropdown.privacy-dropdown .joms-list > li:nth-child(1), .joms-postbox-dropdown.privacy-dropdown .joms-list > li:nth-child(2), .joms-popup.joms-popup--whiteblock.joms-popup--privacy .joms-popup__content.joms-popup__content--single > a:nth-child(1), .joms-popup.joms-popup--whiteblock.joms-popup--privacy .joms-popup__content.joms-popup__content--single > a:nth-child(2) {
  display: none;
}

Thanks for the help, however, the default privacy is still set to Site Members by default. Which would circumvent this css trick, although the css does work to remove the options from the dropdown lists.

So the issue still stands:
I must default the postbox to something other than site members
and
also eliminate the public and site members options.

It appears this can be done by finding the correct code in the minified bundle.js located under release_32 and release directories of assets. It takes a bit to find since it's minified, but it can be done.

The corresponding source code files are the following:
From the source file: privacy.js - components\com_community\assets\_source\js\views\dropdown\privacy.js
privacies: {
//'public': [ 10, 'globe' ],
//'site_members': [ 20, 'users' ],
'friends': [ 30, 'user' ],
'me': [ 40, 'lock' ]
},

privmaps: {
//'public': '10',
//'site_members': '20',
'friends': '30',
'me': '40',
'0': 'public',
//'10': 'public',
//'20': 'site_members',
'30': 'friends',
'40': 'me'
},
this.defaultPrivacy = this.privkeys[1];
if ( typeof options.defaultPrivacy !== 'undefined' ) {
options.defaultPrivacy = '' + options.defaultPrivacy;
if ( options.defaultPrivacy.match(/^\d+$/) )
options.defaultPrivacy = this.privmaps[ options.defaultPrivacy ] || this.defaultPrivacy;
this.defaultPrivacy = this.privkeys[1];
}

From the source file stream.selectprivacy.js - components\com_community\assets\source\js\popups\stream.selectprivacy.js
privacies = [
//[ 'public', 10, window.joms_lang.COM_COMMUNITY_PRIVACY_PUBLIC, 'earth' ],
//[ 'site_members', 20, window.joms_lang.COM_COMMUNITY_PRIVACY_SITE_MEMBERS, 'users' ],
[ 'friends', 30, window.joms_lang.COM_COMMUNITY_PRIVACY_FRIENDS, 'user' ],
[ 'me', 40, window.joms_lang.COM_COMMUNITY_PRIVACY_ME, 'lock' ]
];

Hi,

for default privacy, you need to changing at jomsocial backend > configuration > privacy > default user privacy.

Regards

1. Default Privacy in the backend doesn't allow you to select self. (see attachment) Selecting "me" only is the requirement for status posts.

2. Using the security trick is vulnerable to css modification which would give the user the power to post on all users' stream. The javascript modifcation however, doesn't generate the code in the first place so no such attack is possible.

3. When posting photos to the stream, the default privacy settings in the backend are ignored and the permissions of the photo album ("Stream Photos") are used.

4. **BUG** If you move a photo which has private ("me" only) permissions (40 in the #_community_photos - permissions column) into a photo album that is viewable by others (0, 10, 20, or 30 in the #_community_photo_albums - permissions column), the permissions of the photo are ignored and the photo can be viewed within the album.

It looks like you're using gruntjs to minify your javascript code. Do you have any quick instructions you can send me so I can just modify the code in a nice manner and build my own javascript bundle.js libraries?

Hi

you can find "package.json" and "Gruntfile.js" at /components/com_community/assets/
those files needed to build bundle.js

all grunt configuration on that files.

you need to learn grunt by your self.

here the grunt doc:
gruntjs.com/getting-started

Regards

Hi,

for "BUG" issue, please open new topic for that.

Regards

Hi Albertus,

You can close this ticket since JomSocial is not designed in a way to limit the users' ability to post publicly (i.e. blasting out messages to all users or site members). I have been able to modify the .js files to limit this and set the defaults in a way which closes this hole, although not ideal since it modifies the core JomSocial files which I then have to merge any time a change is made.

I would be interested to understand if in the future revisions of JomSocial, you are planning to use the ACL development to better restrict privileges.

For example, will you be able to prevent a user from posting to public or site members settings and only allowing "only me" or "friends" settings?

Hi,

you can put user voice at:
www.jomsocial.com/uservoice

Regards