Notice

The forum is in read only mode.

Support Forum

Welcome! Support Forums have been reactivated
Welcome the Technical Support section. Help us in assisting you by providing us with a concise and descriptive elaboration of your issues. Be specific and if possible, provide us with a step-by-step instruction in replicating your problem.

js 3.2.1.6 - Activities stream displays private groups info !!!

9 years 11 months ago
  • Udi's Avatar
    Topic Author
  • Udi
  • Offline
  • Fresh Boarder
  • Posts: 52
  • Thank you received: 12
Licenses:
JomSocial Active

ISSUE SUMMARY:
Activites within Private group is displayed at the activity stream of any user, including users that are not members at that private group.

Pressing on the group name at the activity records takes the unauthorized user to see everything at that group.

Privacy violation !!!!

please advise.

regards,
Udi

STEPS TO REPLICATE:
1
2
3
4
5
RESULT
EXPECTED RESULT
BROWSER

9 years 11 months ago
Licenses:

Hi, Udi.

I'm sorry but here is no privacy violation. Take a look here:

- I created a private test group and upload photo to it. This is what I see on stream when viewing as group member: prntscr.com/7kc418
- and this is what I see when I'm logged in as group non-member: prntscr.com/7kc4l9

So I can't see post from private group. They are displayed ONLY for group member or Super User.

Please, make own test. Log in as group member, post something. Then log out and check with group non-member. No post should be visible.

- Instead of saying: 'it's not working', explain the problem in detail.
- Screenshots with the URL visible in them and the problem marked are more than welcome.
- Tell us how to replicate the problem, we can't fix it if we can't find it.
- Make sure that your site/server meets JomSocial System Requirements
- Make sure to setup JomSocial Cron Job
- Always provide us with access details to the backend and ftp. We need it to debug problems.
- If you have a similar problem, but a solution you found isn't working, open a new thread instead of 'merging' with an existing one.

- Use the "Thank You" feature on any post that helped you
The following user(s) said Thank You: Udi
9 years 11 months ago
  • Udi's Avatar
    Topic Author
  • Udi
  • Offline
  • Fresh Boarder
  • Posts: 52
  • Thank you received: 12
Licenses:
JomSocial Active

Hi Michal,

Thank you for your great support.

The example you sent is ok so I did the same:

- Created a new private group from the frontpage. png#1
- defined is as private.

Now login:

- as the group creator - see activity stream png#2
- as a non-member of the group png#3

No difference in activity stream.
Your sheep is displayed correctly at those png's

What do I do wrong?

Please advise.

regards,
Udi

Attachments:
9 years 11 months ago
Licenses:

Hi, Udi.

Your printscreens are correct. Super User is a private group member so he can see sheep photo (test.ghc.org3216-3.png).
But when you log in as other user - you may created new private group but will not see sheep photo (test.ghc.org3216-4.png)

When I log in as my user (private group non-member) I can see only this: prntscr.com/7kdfx5
But when I logged in as Super User I was able to see the same as you, then join group and upload photo: prntscr.com/7kddqz

Conclusion: stream privacy works perfectly on your site :) You can see activities from private group because you're Super User and have privileges to do so ;)

- Instead of saying: 'it's not working', explain the problem in detail.
- Screenshots with the URL visible in them and the problem marked are more than welcome.
- Tell us how to replicate the problem, we can't fix it if we can't find it.
- Make sure that your site/server meets JomSocial System Requirements
- Make sure to setup JomSocial Cron Job
- Always provide us with access details to the backend and ftp. We need it to debug problems.
- If you have a similar problem, but a solution you found isn't working, open a new thread instead of 'merging' with an existing one.

- Use the "Thank You" feature on any post that helped you
The following user(s) said Thank You: Udi
9 years 11 months ago
  • Udi's Avatar
    Topic Author
  • Udi
  • Offline
  • Fresh Boarder
  • Posts: 52
  • Thank you received: 12
Licenses:
JomSocial Active

Hi,

the following png:

You created private group; 1 pic (sheep)

Another user (type=organization) sees your private group activity.

In your example, the other user is Registered type.

Make sense?

Udi

Attachments:
9 years 11 months ago
Licenses:

Hi, Udi.

Please, upload printscreens here as they are too small on forum: prnt.sc/
You mean that user is in certain Joomla! user group?
My user is in Registered Joomla! group.

- Instead of saying: 'it's not working', explain the problem in detail.
- Screenshots with the URL visible in them and the problem marked are more than welcome.
- Tell us how to replicate the problem, we can't fix it if we can't find it.
- Make sure that your site/server meets JomSocial System Requirements
- Make sure to setup JomSocial Cron Job
- Always provide us with access details to the backend and ftp. We need it to debug problems.
- If you have a similar problem, but a solution you found isn't working, open a new thread instead of 'merging' with an existing one.

- Use the "Thank You" feature on any post that helped you
The following user(s) said Thank You: Udi
9 years 11 months ago
  • Udi's Avatar
    Topic Author
  • Udi
  • Offline
  • Fresh Boarder
  • Posts: 52
  • Thank you received: 12
Licenses:
JomSocial Active

Hi Michal,

We did many tests, verified the user type and it seems privacy ok.

Thank you.

Udi

Moderators: Piotr Garasiński
Powered by Kunena Forum

Join 180,000 websites creating Amazing communities

JomSocial is the most complete, easy-to-use addon that turns Joomla CMS into a
full -fledged, social networking site

TRY NOW BUY NOW

About Us

Our product

Support

Contact Us

Site Policies

Elsewhere

© JomSocial.com All Rights Reserved