Admin.groups.manage.membership.automatic not replaced

Moin · August 30, 2024, 5:21pm

Should this be visible for everyone?

discourse/discourse/blob/main/config/locales/client.en.yml#L5203-L5204


      
          view_table: "table"
          view_graph: "graph"

HamMan2118 · August 30, 2024, 5:37pm

I see it on the Admins group page as well.

Moin · August 30, 2024, 5:42pm

I think it appears at all automatic group pages. I chose “moderators” as the example for my screenshot, but staff, admins, and the trust level groups are also affected

Moin · September 20, 2024, 12:23pm

On mobile, if you can message the group, the broken text moves the message button.

sam · December 4, 2024, 9:24pm

note… added a priority tag here so we will have a look in the upcoming few weeks.

Moin · December 4, 2024, 11:49pm

I think it’s quite easy to fix.

At the moment, the tooltip is visible for everyone, but it uses a string for the admin section:

github.com

discourse/discourse/blob/f75c43713b03ba17c6e5bee84d9d0b50c842ee0a/app/assets/javascripts/discourse/app/templates/group.hbs#L44-L54


      
          {{#if this.model.automatic}}
            <DTooltip class="admin-group-automatic-tooltip">
              <:trigger>
                {{d-icon "gear"}}
                {{i18n "admin.groups.manage.membership.automatic"}}
              </:trigger>
              <:content>
                {{i18n "admin.groups.manage.membership.automatic_tooltip"}}
              </:content>
            </DTooltip>
          {{/if}}

I think the information is only relevant to those who can add group members. This can include admins, group owners, and, depending on the moderators manage categories and groups setting, moderators. I believe that automatic groups cannot have owners, so anyone allowed to manage the automatic group should also be able to access the admin section string, and it could be hidden for everyone else.

+       {{#if this.canManageGroup}}
          {{#if this.model.automatic}}
            <DTooltip class="admin-group-automatic-tooltip">
              <:trigger>
                {{d-icon "gear"}}
                {{i18n "admin.groups.manage.membership.automatic"}}
              </:trigger>
              <:content>
                {{i18n "admin.groups.manage.membership.automatic_tooltip"}}
              </:content>
            </DTooltip>
          {{/if}}
+       {{/if}}

zogstrip · December 6, 2024, 8:52am

Feel free to PR away @Moin

Moin · December 6, 2024, 8:54am

I am not able to write tests

zogstrip · December 6, 2024, 1:30pm

No worries, I’ll take it then

Moin · December 6, 2024, 1:34pm

github.com/discourse/discourse

UX: hide automatic group admin tooltip from users

discourse:main ← moin-Jana:auto-group-tooltip

opened 01:33PM - 06 Dec 24 UTC

moin-Jana

+12 -10

The tooltip introduced in [#28630](https://github.com/discourse/discourse/pull/2…8630) was displayed to all users, but it relied on text only available to staff. This resulted in a broken tooltip being shown to non-staff users. See the report for more details: [Meta Topic](https://meta.discourse.org/t/admin-groups-manage-membership-automatic-not-replaced/324215). Fix Details: * I think automatic groups do not have group owners, so users who can manage the group are always staff. * The tooltip is now hidden for users, who cannot manage the group. * Staff users, who can manage the group, still see the tooltip as expected. Before: Non-staff users saw a broken tooltip: ![broken tooltip for user](https://github.com/user-attachments/assets/03e0e800-2a02-4758-a1e1-db1422a40163) After: Tooltip is hidden for non-staff users: ![hidden tooltip for user](https://github.com/user-attachments/assets/9a2494b2-cc25-45ba-b175-ef4486b64ee9) Tooltip is still visible for admin: ![tooltip still visible for staff](https://github.com/user-attachments/assets/ffa43eeb-f679-4911-a8d3-502400e01b7a)

zogstrip · December 6, 2024, 2:08pm

Thanks, this will be fixed once this gets merged

Moin · December 6, 2024, 2:22pm

It was missing a check to ensure the current user is an admin, since only admins can manage automatic groups.

Interesting. I thought moderators could too if moderators manage categories and groupsis enabled. The “manage” tab is visible for them.

That’s why I thought explaining why they cannot add members like they are able at other groups is helpful.

zogstrip · December 6, 2024, 7:36pm

Automatic groups are handled differently I think, I saw some checks in the code that required admin, though that might be leftovers…

@hugh / @martin do either of you know who is able to manage automatic groups?

zogstrip · December 7, 2024, 7:00am

This topic was automatically closed after 16 hours. New replies are no longer allowed.

martin · December 9, 2024, 1:41am

I think the site setting Moin mentioned does allow this, here is the relevant guardian check:

github.com

discourse/discourse/blob/4ddf7e61f99d42e22ad5ae36832882c734623614/lib/guardian/group_guardian.rb#L18-L24


      
          def can_admin_group?(group)
            is_admin? ||
              (
                SiteSetting.moderators_manage_categories_and_groups && is_moderator? && can_see?(group) &&
                  group.id != Group::AUTO_GROUPS[:admins]
              )
          end

But in the client, we are sending mixed messages

github.com

discourse/discourse/blob/4ddf7e61f99d42e22ad5ae36832882c734623614/app/assets/javascripts/discourse/app/models/user.js#L1091-L1095


      
          canManageGroup(group) {
            return group.get("automatic")
              ? false
              : group.get("can_admin_group") || group.get("is_group_owner");
          }

github.com

discourse/discourse/blob/4ddf7e61f99d42e22ad5ae36832882c734623614/app/assets/javascripts/discourse/app/controllers/group.js#L117-L124


      
          @discourseComputed("model", "model.automatic")
          canManageGroup(model, automatic) {
            return (
              this.currentUser &&
              (this.currentUser.canManageGroup(model) ||
                (model.can_admin_group && automatic))
            );
          }

Here is a followup PR to change to check canManageGroup, and also update the user model version of canManageGroup to be more sensible (the only place using that is from this group controller):

github.com/discourse/discourse

FIX: Allow anyone who can manage groups to see Automatic tooltip

discourse:main ← discourse:issue/manage-groups-followup

opened 01:40AM - 09 Dec 24 UTC

martin-brennan

+55 -30

Followup 35ecd0335c70e4f008ae86ec5804dc60dbf41101 Since we have the moderator…s_manage_categories_and_groups setting, more than admins can manage groups, so we need to allow others to see this Automatic tooltip as well. Also fixes an inconsistency with canManageGroup between the User model and Group controller, the latter is correct, allowing management of automatic groups if can_admin_group permission is true

Topic		Replies	Views
Improved Group Members Management Feature rfc , spec	31	11050	January 7, 2016
Adding owners/members UX is inconsistent and misleading UX	26	2891	April 20, 2018
Default admin doesn’t receive ‘staff’ or ‘admin’ group memberships at first Bug	13	714	October 10, 2022
Improving the Groups page for 1.7 Feature feedback	71	10295	January 18, 2017
Admins can still read anyone's PM's by downloading the database Feature privacy	19	5695	March 26, 2015

Related topics