Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
When a private group is visited by a non-member user, the user will not see the status form to add new statuses to the group (as expected, since the group is private), but howeveruser will see the statuses previously shared in that group, and so breaking the privacy of the group.
I wonder if I'm missing somthing here.
Comments
Comment #1
IceCreamYou CreditAttribution: IceCreamYou commentedWell there's an easy work-around, which is to not show the status update block on group nodes for users who aren't in the group. But this shouldn't be happening anyway. There is an access check on line 91 of includes/utility/statuses.form.inc which ultimately calls access_stream() on line 283 of statuses.contexts.inc. It's not immediately obvious to me what the problem could be and I don't have time right now to test. Can you debug a little and see what might be going on?
Comment #2
IceCreamYou CreditAttribution: IceCreamYou commentedAny update here?
Comment #3
IceCreamYou CreditAttribution: IceCreamYou commented