Groups with visibility_level 'owner' are not visible for staff

RGJ · July 15, 2019, 11:31am

It seems that groups with visibility level owner are not visible for staff.

Visibility level staff does provide a mechanism to ensure visibility (using the left join instead of join and the extra where clause) but visibility level owner does not.

https://github.com/discourse/discourse/blame/stable/app/models/group.rb#L122-L134

(hmm oneboxing Github source does not work anymore?)

  SELECT g.id FROM groups g
  LEFT JOIN group_users gu ON gu.group_id = g.id AND
                         gu.user_id = :user_id AND
                         gu.owner
  WHERE g.visibility_level = :staff AND (gu.id IS NOT NULL OR :is_staff)
  UNION ALL
  SELECT g.id FROM groups g
  JOIN group_users gu ON gu.group_id = g.id AND
                         gu.user_id = :user_id AND
                         gu.owner
  WHERE g.visibility_level = :owners

Is this intentional?

codinghorror · July 16, 2019, 12:00am

Didn’t we work on this recently @eviltrout?

eviltrout · July 16, 2019, 6:40pm

This code is 2 years old so it was not changed recently.

It does seem intentional because even the case of restricting a group to its members does not make an exception for staff:

https://github.com/discourse/discourse/blob/stable/app/models/group.rb#L115-L118

(BTW github oneboxes fine, but the blame URL is not handled.)

outofthebox · August 6, 2019, 5:22pm

Hi,

It seems there has been a reversion here? Since starting with Discourse, as admin, I’ve had access to all groups. In the past couple of weeks, I have been unable to view many of them.

This is difficult because the group owners will ask me to do bulk invites through the admin interface to invite new groups of members to their group (and the associated private Categories).

In light of this, I would strongly advocate for all groups being visible to admins.

justin · August 6, 2019, 5:43pm

I also reported this here: Admins can't see a group set to `group owner` only visibility

This does seem like a regression to me as prior to 2.4.beta2 I was able to see all groups as an admin.

justin · August 8, 2019, 8:46pm

@RGJ please see the post on this topic: Admins can't see a group set to `group owner` only visibility

It’s possible this is related to Babble or any other plugin which modifies the Group model.

RGJ · August 8, 2019, 10:02pm

Yes, that makes sense, both forums where we saw this have the Babble plugin installed. Nice find!

Topic		Replies	Views
Babble: Admins can't see a group set to `group owner` only visibility support	22	1960	October 29, 2019
Add new group visibility option: owners, members, and staff feature	7	956	September 11, 2020
Non-admin group owners can't edit members of non-visible groups bug	10	2760	March 9, 2017
Group owners cannot see group if "Group is visible to all users" is off bug groups	11	2607	February 20, 2017
Group owners and members can't see their own group unless "Group is visible to all users" bug	3	1641	January 25, 2016

Groups with visibility_level 'owner' are not visible for staff

Related Topics