Report a Bug
#BugReportDecidim Let's test Decidim and report bugs together
Searching a private content can be possible not being a allowed user to that content
Withdrawn
As an authenticated user I can search, using the search bar in the top bar, a content of a private process and the result of the search is visible also to users not allowed to see that content which is not good. Can you please check?
Report inappropriate content
Is this content inappropriate?
10 comments
Hi @JeanLuc_1974. Searching a private content is possible. "Private" means that only "private participants" can participate. The bug will come if it's a no-transparent assembly, which means only private participants can see the content.
Hello Pau, thanks a lot for your quick reply. It seems to not work as described by you, or at least this is what I see. To summarize: there is a private process not defined by me and I'm not on the list of private partecipants but I can search and see the private content. I've also made some screenshots to let you see and check if there is something wrong in my approach, let me know how can I let you have them, maybe there is something I'm missing out.
...or maybe Administrators are always allowed to see all the private contents?
Conversation with Gian Luca Corso
Ok, I've done some more tests.
The result is:
1) Administrators seem to have full visibility to private processes, no matter if they are private participants, and that's good;
2) Users which are not private participants and search for a private content can receive (at least) a result of the search in (at least) a card summarizing the private content. The card has a link which, in this case, is not allowed to take the user to the full content. Now, if possible, our request is, in this case, not to show that card at all.
Yep @JeanLuc_1974, you are right with 1). What I am not sure is the 2). What I comment in the first comment is, in Decidim, we must differentiate between private and transparent.
Private: Affects participation. No to visualization. That is, a private process is visible to all users, but they can only take participation actions if they are a private user. (
Transparent: Affects the visualization. To visualize a non-transparent assembly, the condition is to be a private user. (it's not possible to make a non-transparent process nowadays)
OK, thanks.
Conversation with Carol Romero
Hi @JeanLuc_1974, sorry that I'm late to reply. You're absolutely right, this is a bug.
To clarify:
- Private processes: only private participants (invited by an admin) can see and participate.
- Transparent processes: only private participants (invited by an admin) can participate and the rest of participants can see (and therefore search).
We'll openan issue in github, thanks for reporting it!
OK, thanks :-)
Hi @carol, currently don't exist transparent processes. That's the problem. What you comment does not coincide with assemblies. If we want to keep the logic:
Private: It affects the participation
Transparent: It affects visualization
Hi Pau, you're right that for processes there is no option to make them transparent, only assemblies. In any case, and as far as the original report is concerned, the way it works is what I have said for both of them. In the case of being private, only the invited participants can see and participate in those spaces.
Add your comment
Sign in with your account or sign up to add your comment.
Loading comments ...