Private Topics Plugin

Plugin
82

Unrelated, but I’ve been asked several times if there’s a possibility in the future of giving a UI toggle to the groups specified in Private topics permitted groups so that they can see the filtered view themselves.

1 Like
83

This issue has been resolved in the latest commit.

To keep things (relatively) simple and performant, links from private topics will never generate a backlink now.

Thank you for reporting Stephen!

3 Likes
84

2 posts were merged into an existing topic: Rename “private topics” to “personal message topics”

85

Short term memory loss. I had seen this earlier. :man_facepalming:

Was wondering though, will this way of filtering topics from all topic lists cause any performance issues?

@RGJ

86

I have not heard any complaints so far. The plugin has been written with performance in mind.

3 Likes
87

If a post in the private topic is marked as solved, then that post appears in the solved tab of the post owner’s profile and is visible to all.

2 Likes
88

Thank you for reporting this. We’re going to address this ASAP.

3 Likes
90

The issue reported by @SubStrider has been addressed. Please update to version 1.5.12 of the plugin.

Thank you again for reporting this @SubStrider :rocket:

5 Likes
91

I stumbled over something I’d call a bug. It might not be a traditional issue in the code, maybe more a usability bug in the design. Still it caused some issues I’d like to prevent in future. Following context:

Discourse instance with three-digit number of users, used as a mailing list replacement. About 40 categories (= mailing lists) with a corresponding group for membership management. Some of the categories use the private topics plugin to mimic a mailing list where non members (but members of other lists) can write to. So far so good.

The issue:

Today the admin user wrote a topic in some of the lists to check-in with the list members about some settings. Everything fine for “normal”/closed categories where only the members of the corresponding group received the message. It did not work well for the categories using the private topics plugin. <edit> There, all hundreds of users, independently if they were members of that specific category/group or not, did receive an email with the message. :frowning: There, all hundreds of users, all being members of the category as category rights were given to everyone[1] but independently if they were members of the specific group defined in the category plugin settings to have visible rights or not, did receive an email with the message. :frowning: As recognized later, the website plugin setting Private topics permitted groups was still using the default Admin group. </edit>

(BTW we had this issue before, where a user, being an admin plus having their “normal” account, did send out (mistakenly by the email address associated with the admin user and no not normal user) an internal document to a category using the private topics plugin, resulting in information leakage. At that time I didn’t connect the dots to this plugin, only today it became clear to me what had happened at that time)

Expected behavior:

I can see the reasoning behind the design choice, that posts/emails of admins are always visible/sent by mail. But in this case the intention was to only inform the members of the category/group. That some hundred emails were sent out to everybody in this discourse instance was very intransparent (and unpleasant) to me.

Possible fix:

I’d wish to improve this situation. As mailin is available as well, a simple confirmation dialog will not work. Maybe this could be a global setting in the plugin or per category using the plugin, to either handle admin posts as visible to everybody or as visible to only category/group members? That would at least raise awareness during setting up a new category.

  1. which should not be used, but trust_level_0 should be used, see OP ↩︎

92

Can you please send me a PM with all the information you can think of that is relevant, including:

  • the versions of Discourse and the plugin

  • the plugin settings

  • other plugins you have installed

  • the category security settings and the category-specific plugin settings for an affected category

  • the notification settings

  • is mailing list mode enabled?

  • whether those users that inadvertedly received the email notification, are also able to see the topic when they visit the category

  • anything else that might matter in helping us reproduce

93

Thanks for your fast reply!

Done. And the questions helped me to find the root cause (website settings: plugin settings: Private topics permitted groups). So code-wise works as designed, IMHO a UX issue that would benefit from some improvement. :slight_smile:

94

One of the things that were counterintuitive is that the private topics do not work correctly when access is granted to ‘everyone’. This is mentioned in the OP but to be honest I have fallen for this myself more than once. I have added a warning in the settings that shows when private topics are enabled in a category that is accessible for ‘everyone’.

image
image1097×569 33.8 KB

2 Likes
95

Thanks again to @RGJ to take the time to debug and think trough the issue with me, helping me to spot my configuration error in using the everyone group. As in my installation only logged in users have access to discourse contents, I initially failed to understand the difference between everyone and trust_level_0 – but now learned, that Discourse handles these quite differently. So no issue with the plugin, and even more thankful for the added warning, as I fear, I would have fallend in that trap sooner or later again… :smiley:

2 Likes