How does visibility of automatic groups work?

I’m a bit confused as to how the visibility of automatic groups works. At this point, I am just talking about the /groups directory.
Here is what I am seeing in a pretty fresh install of 2.7.0.beta4:

  • If an user with admin or moderator bits looks at /groups, they see all 8 automatic groups (admins, moderators, staff, trust_level_[0-4]).
  • If a non-admin, non-moderator user (no matter the trust_level) looks at /groups, they see only the moderators group.

But, all of these groups have the same, default Visibility settings:

  • Who can see this group? Logged on users
  • Who can see this group’s members? Everyone

Is this how it is supposed to work? Or is there something wrong with the handling of the Visibility parameters for these groups?

5 Likes

There is a comment in the code that explains what is going on: “hide automatic groups from all non stuff to de-clutter page.” That happens here: discourse/app/controllers/groups_controller.rb at main · discourse/discourse · GitHub.

What the code is doing is overriding the group visibility settings for automatic groups when the groups page is viewed by a non-staff users. Only the moderators group will be displayed.

Unrelated to the issue, but when I tried to onebox the Github link that I posted above, the code was displayed in the onebox without any formatting in the preview:

3 Likes

Well, that does explain it. And I’m sure that code was written with the best intentions, but it is broken because:

  1. Maybe I want other automatic groups (besides Moderators) to be visible.
  2. The management interface for automatic groups does allow me to set the visibility of non-Moderator automatic groups, but this setting is ignored.

It would be pretty easy to just delete that block of code (and the cute typographical error that has survived the last 6 years).

The tricky thing, if one thought it were necessary, would be to change the current visibility setting for automatic groups to “Group owners” so that these groups don’t inadvertently appear for all the installations that are used to them being forced to be invisible. I don’t know if Discourse has some kind of mechanism to make such changes during an upgrade — but it’s the kind of thing one needs to during schema changes, so there must be something.

Also: this “lets-just-hide-the-automatic-groups-on-the-Groups-catalog-despite-the-visibility-setting” behavior is bad because it obscures the other aspects of visibility_level that are still meaningful. E.g.,

  • Admin X tries out visibility settings and realizes that non-staff users cannot see trust_level_0 in the Groups catalog no matter what.
  • So… Admin X leaves visibility_level and member_visibility_level set to “Everyone”, since those settings don’t appear to have any effect.
  • Anonymous User Z browses to /groups/trust_level_0 and grabs a list of all users on the site.

Maybe Admin X cares, maybe not, but either way Admin X would be surprised that it was possible.

Irrelevant Fun Facts I Did Not Know Before Now

Distribution of meta.discourse users by trust level:

Level # users
TL0 45,942
TL1 29,226
TL2 3,620
TL3 124
TL4 102

Hi mdoggydog :slight_smile:

Some points seem valid to me, such as:

Which is confusing.

I invite you to create a feature topic with your suggestions :slight_smile:

Done!

2 Likes

Conversation continued in: Respect the visibility settings of all automatic groups