Cotonti / Open Source PHP Content Management FrameworkContent Management Framework

Forums / Cotonti / Core Labs / Archive / Hidden Groups Issue

Kort
#1 2010-10-16 00:29
Ok, we got them hidden groups. The way this feature works is abit strange. When I create a group and mark it "Hidden", I assume that the group won't be visible in the users.php (list, filters & search), and its members won't be visible either. This, however, is not quite so: instead of the clickable groupname I get "Hidden". And all users that belong to this group are visible in the list, and their details are accessible by non-admins. I would expect the following behavior:
- hidden groups are hidden in the list, their members also
- clicking on a hidden group username (comments, pages, forums or elsewhere) by a non-admin shall give you "not enough rights" message
- admins view hidden groups/users as normal
Imo this would be a nice way to hide / separate clients or customers where it is required. What do you guys think?
Seditio.by - создание сайтов, разработка плагинов и тем для Котонти
GHengeveld
#2 2010-10-16 01:26
What version of Cotonti are you using? I was unable to reproduce this with Genoa 0.6.8. If you're using Siena you should report it in the right topic.

Are you sure the account you're using to call the userlist isn't administrator? Admins are able to see hidden groups and users (obviously). It depends on the rights setting for 'Core: Users', if 'admin' is enabled, that group will be able to see hidden users.

As for viewing the user's profile, I think you're right. The profile of a user who is only in a hidden group can be viewed as normal, even by a guest (unless of course guests can't view profiles at all. Only the name of the group he is in is hidden. I agree that this is slightly unexpected behavior.

Update: Ok, I was able to reproduce it. It's not a problem with the filters, those work fine. The list however, only hides the user group, not the users inside.

I think the feature was only meant to hide a user's membership to a certain group (basically hiding the fact that the group exists). We could change this behavior to what you're describing, but I don't think everyone will agree. Perhaps a plugin can fix this, so it becomes optional.

By the way, why do you want to hide a user? You could just pick some random username and nobody will know who the person behind the account is.

This post was edited by Koradhil (2010-10-16 01:41, 9 years ago)
Kort
#3 2010-10-16 02:25
This has nothing to do with 0.6.8, Siena, filters or using random names. And I have no problem viewing anything as admin. What I am trying to say is: 'Hide group' makes no sense for me at all.
1. It doesn't work as expected
2. Hiding membership makes no sense at all
3. Nobody uses this because it's hard to understand the purpose
If someone does use this feature, I'd like to know what the benefit is and why it should not be modified.
Why would I need to hide a group? Ok, I got a site with a forum and an eshop, and the requirement is to autoregister a buyer upon successful purchase putting it to the Buyers group. And this is the group I'd like to hide. Other potential use is hiding clients or vip groups and protecting their user details.
Seditio.by - создание сайтов, разработка плагинов и тем для Котонти

This post was edited by Kort (2010-10-16 02:37, 9 years ago)
pieter
#4 2010-10-16 04:12
I would use hidden group for banned users.

They are not users you want to display in user overview.
But you don't want to delete them, because they can re-register.

This problem was already mentioned at seditio a long time ago.
http://www.neocrome.net/forums.php?m=posts&p=127330#127330
... can we help you ...
Kort
#5 2010-10-17 14:22
Good point (same with inactive users). I'm sure there will be more benefits in real hiding groups that with what exists now.
Seditio.by - создание сайтов, разработка плагинов и тем для Котонти
esclkm
#6 2010-10-17 17:46
Idea is quite good, but it has some questions: Hide member only in main grp or all grp & and others
littledev.ru - мой маленький зарождающийся блог о котонти.
снижение стоимости программирования и снижение стоимости производства разные вещи. Первое можно скорее сравнить с раздачей работникам дешевых инструментов, чем со снижением зарплаты
Kort
#7 2010-10-18 19:24
As normal: as long you're a member of a hidden group (primary or sec), you're hidden.
Seditio.by - создание сайтов, разработка плагинов и тем для Котонти
esclkm
#8 2010-10-18 19:35
member of the group or main grp is?
littledev.ru - мой маленький зарождающийся блог о котонти.
снижение стоимости программирования и снижение стоимости производства разные вещи. Первое можно скорее сравнить с раздачей работникам дешевых инструментов, чем со снижением зарплаты
GHengeveld
#9 2010-10-18 20:08
Should be configurable I think:

- Hide group name only (current method)
- Hide users in userlist when their main group is hidden (should be default)
- Hide users in userlist when any of their subgroups is hidden

What goes for userlist also goes for whosonline plugin.

Now the question is to make this configurable site-wide, or per group. Obviously the 2nd option will require an extra db column in cot_groups and a lot more code too. I think site-wide will be flexible enough.

I think we should take out the current implementation of hidden groups and rewrite it in a plugin.

Added 8 minutes later:

Ok, created a ticket for this: http://trac.cotonti.com/ticket/559

This post was edited by Koradhil (2010-10-18 20:32, 9 years ago)
Kort
#10 2010-10-19 02:07
Siena is not going to backward compatible, so why shall we keep all these options until we know of at least one person who uses the hidden group feature? I do not understand how you're going to integrate a plugin into the admin area, but I hope you know what you're doing.
Seditio.by - создание сайтов, разработка плагинов и тем для Котонти
GHengeveld
#11 2010-10-19 16:36
Plugin to admin panel is possible (and if its not possible where I need it I can always add a hook..).
As admin I know Cotonti.com uses hidden groups (although not actively), so there's your user. It's also a way to set rights for a specific user, without publicly putting him inside a group (he's the only member of a hidden group).

In fact it's not a problem making it configurable, because it's only a matter of enabling/disabling pieces of code. There's no need to rewrite parts just to get a different setting. The three levels add up to eachother.

Added 13 days later:

I've just committed a changeset which moves the hidden groups functionality to a plugin. Right now there's nothing new yet, but this clears the way for adding configuration options. See ticket 559 for details.

Added 12 hours 39 minutes later:

Changeset 1484 adds three hiding modes:

1. Hide only groups (original method)
2. Hide groups and members whose maingroup is hidden (now the default method)
3. Hide groups and members which have any of their subgroups hidden

Note that members are only hidden in the userlist. Their activity on the site is still visible.
It's possible to allow groups other than administrators to see hidden groups. Authentication level '1' is used for that.

This post was edited by Koradhil (2010-11-02 19:24, 9 years ago)