We have a Discourse site which includes lots of public discussion, but we also have some categories where we discuss private NDA’d materials.
The category itself seems fine… people trying to access it without permission are rejected.
The issue is that the group we use to secure that category is visible to everyone. People outside that group can not only see that the group exisits, but also see the members of the group.
It seems to me that groups need as much privacy as categories do.
AFAIK, this only shows public posts of users in that group, not actual posts within the group.
But anyway, I would also like to be able to hide a group from the group list.
I just retested and there is not information leak on the groups page. Only thing leaking out is the cast list for a group (which is by design)
Open to adding a flag on Group that marks it as “only visible to admins”. PR welcome. (that could 404 the /groups page to non members and hide from user page)
Unfortunately my limited web development skills are in PHP/MySQL… so I can’t make a PR for this.
I guess we’ll have to move our private discussions to another solution… probably a mailing list (yuck!). We can’t have the group name or members be public as it would out unannounced projects/teams.
@codinghorror I agree with @tomspilman about the desire to have the names/existence of private groups hidden from non-members. I’d like to use Discourse to communicate between multiple clients, but I don’t want the clients to know of each other. I considered code names, but I could see things getting messy if we have 20 clients and they see a category list with all sorts of cryptic names, not to mention the difficultly for us to remember which code name maps to which client:
@eviltrout fixed this for us already. You now have a “Group is visible to all users” checkbox in the group settings. If you uncheck this then the group is only visible to members.
This solved the issue for us. Give it a try… does it work for your case?