Non-member editing a group doc will break group association.

boonebgorges / buddypress-docs

GNU General Public License v3.0

106 stars 44 forks source link

Non-member editing a group doc will break group association. #627

Closed dcavins closed 6 years ago

dcavins commented 6 years ago

If a doc is set to be associated with a group but is editable by any logged-in user, when a non-group member edits the doc, the group association (and maybe the folder association) will be lost. I thought we had addressed this already, or maybe just a similar situation.

boonebgorges commented 6 years ago

Yeah, it sounds vaguely familiar. Maybe 68ae526cf100162e9eeaf05044bc158bf702e3fd ?

This kind of check https://github.com/boonebgorges/buddypress-docs/blob/f90c4258cd18dbe100a208f8e853026faa5f8256/includes/functions.php#L1130 is meant to prevent unlinking. But I'm guessing that what's happening is that associated group dropdown is being shown, but the current group is not showing up in the dropdown since the logged-in user is not a member. If this is the case, we should have a special case that includes the currently associated group in the dropdown even if the user doesn't have the associate_with_group right within that group. Does that seem right?

dcavins commented 6 years ago

I think you're exactly right. The user sees the other groups he can associate to, and "none" is selected. Yes, I think either including the current group in the select or making the selected option "no change" rather than "none" makes sense.

This gets a little fussy because the user is then able to disassociate items from a group he can't associate items to, so the other option is not showing the association at all if the user couldn't associate to the current group.

Ha, I can imagine problems (people not seeing the behavior they expect) with both approaches.

boonebgorges commented 6 years ago

Yeah, that occurred to me as well. Another possibility: Show the dropdown and the group, but mark it disabled.

dcavins commented 6 years ago

Per conversation with Boone, we've decided to allow the group association to be changed if the current editor can associate items to the group that currently houses this item.

Change will be that the group association meta box will be displayed, though the select will be disabled. On the back end, a check will be made before allowing the association to be updated.

dcavins commented 6 years ago

Ha, we solved this years ago and I have no idea what I saw that made me think this was broken. I can't reproduce, so I'm closing this issue.