search

esotalk / esoTalk

Fat-free forum software.
GNU General Public License v2.0
1.47k stars 236 forks source link

Moderators and Administrators can't change visibility of conversation #317

Open inliquid opened 10 years ago

inliquid commented 10 years ago

However, regular user who created this conversation does have this control in conversation. I think it should be just an other way round.

ciruz commented 10 years ago

If the admin or moderator change the visibility of another users conversation, i bet the user will change it back.

What should happen when you remove the user (who started this conversation) from the visibility list, or if you hide a conversation and later you remove yourself from visibility (and just leave the author there) or a mod removes the admin and so on?

With other words, if you change something wrong in the conversation visibility, you'll never see this conversation again (because it's private to the autor).

Right now you can change the visibility from your own stuff and if you remove yourself from the visibility list, everyone can see it. That really makes sense.

So i see no need for this feature, because if a user writes something tasteless you have the possibility to edit it and otherwise i would just change the conversations channel to a team only (moderators and admins) one, to hide it.

inliquid commented 10 years ago

Have you ever tried to do so?

You can't remove author from the list. You can't remove yourself from the list (if u'r the author) after conversation is created.

Administration means administration. It should be able to change the visibility.

And I have already posted on esoTalk forum, if you can change visibility this means that you can remove the conversation any time, just by leaving only yourself. Why should you hide "Delete" from the Controls in this case (after conversation answered)?

inliquid commented 10 years ago

btw, moderators can change visibility if they call url /conversation/edit/ - but it's not very good, the button 'change' and responsive modal window which is accesible by conversation author, is much better.

tobyzerner commented 10 years ago

This is a complicated issue which needs to be discussed, so thanks for submitting it.

My current opinion is that private conversations should behave just like private messages on other forum software, or on apps like Facebook:

Moderators being able to change visibility by manually using the conversation/edit/ URL is a bug. With the current intended behaviour, they should not be able to do this.

inliquid commented 10 years ago

I think the author is able to create NEW conversation if he wants to add anyone to it, or he can spend one more minute to carefully decide who is able to read the thread. I think even in private it's not good, just imagine - someone adds you to privite conversation, you write something very personal, and then author adds someone else, who you don't want to read this thread. Or you write something and after that author removes you and you have no idea what is happened to conversation, who is reading and etc.

Members can start PRIVATE conversations with groups Administrators, Moderators, and Members. I think it's one of the ways to hide conversation from Guests, by adding Members. System however recognizes it as private. I think it's one of the possibilities that Administrators can use.

On my site I have disabled:

jack-jack-jack commented 10 years ago

Hi, inliquid! How did you manage to do it? I wanted to prevent users from changing visibility and changing channel AFTER they post. Because it's not about ADDING someone to private conversation, it's about REMOVING everyone else except for those who you want to invite (or at least that's how it currently works on my site).

But I'm a designer, not a coder, so if you tell me which line should I edit, I'd highly appreciate that. Am I missing something? )

inliquid commented 10 years ago

Apply these fixes: (line numbers can be little different, cause I have also made few other fixes, so take a look)

a) /core/controllers/ETConversationController.class.php:680

    `// Do we have permission to do this? *** users do not have permission
    if (!$conversation["canModerate"] /*and $conversation["startMemberId"] != ET::$session->userId*/) {`

b) /core/controllers/ETConversationController.class.php:239:

// *** users do not have permission if ($conversation["canModerate"] /*or $conversation["startMemberId"] == ET::$session->userId*/) {

c) /core/controllers/ETConversationController.class.php:810:

    `// Do we have permission to do this? *** users do not have permission
    if (!$conversation["canModerate"] /*and ET::$session->userId != $conversation["startMemberId"]*/) {`

d) /core/controllers/ETConversationController.class.php:638:

    `// Do we have permission to do this? *** users do not have permission
    if (!$conversation["canModerate"] /*and $conversation["startMemberId"] != ET::$session->userId*/) {`

e) /core/views/conversation/index.php:190

Here I made only Admin able to change visibility (by default there is no control even for Admin)

<?php if (ET::$session->isAdmin()/*$conversation["startMemberId"] == ET::$session->userId*/): ?>

After you apply this, users will not be able to change visibility and channel of private conversations as well, but I found it even better as explained above. Users still can remove conversation which wasn't commented (including owner comments). Users still may change the title of conversation.

jack-jack-jack commented 10 years ago

Thanks, that worked for me. Preventing from moving conversation to another channel works too.

inliquid commented 10 years ago

Yeah forgot to mention that channel changing is also disabled (only moderators and admins can do).