WordPress.org

Ready to get started?Download WordPress

Forums

CollabPress
Activity Wall: Only display activities linked to projects cuser is assigned to (9 posts)

  1. slashCreations
    Member
    Posted 11 months ago #

    Wow!

    As i keep going to say, this plugins really owns :) I'm a designer, and i like when plugins come with templates that i can really customize.

    However, i was really surprised when, while logged in with a new test-subscriber, i saw that i can see activity logs about projects im not assigned in!!!!

    Oh!!! What a conception mistake!
    As you bring us some functionnality to assign users to projects and task, users MUST NOT be able to see the whole site activities ..
    They only have to see activities assigned to projects that the current user is assigned to ...

    You really should implement this functionnality ( and, and i presume that the calendar also show the whole site calendar ? ).

    I can not wait for an update, so here is what i changed in content-activity.php to not allow user to see the whole site activity, but only theirs.
    It also deleted "corrupted activities" (which were concerning a deleted project) [ like: "user commented on activity".

    Unfortunaly, i did not implement pagination.. I think i will need later...
    To make pagination working, i have to rewrite it, as this script filter the activities, and does not display the full loops.

    Content-activity.php :

    <?php
    // [....]
    		// Get Current User
    		global $current_user, $cp;
    		get_currentuserinfo();
    
    		// Get Activities
    		// $paged = ( ! empty( $_GET['activity_page'] ) ) ? esc_html( $_GET['activity_page'] ) : 1;
    
    		// Load plugin options
    		$cp_options = get_option( 'cp_options' );
    
    		$activities_args = array(  'posts_per_page' => -1);
    
    		echo '<div class="cp-activity-list">';
    
    		if ( cp_has_activities( $activities_args ) ) :
    			$activityCount = 1;
    			while( cp_activities() ) : cp_the_activity();
    				    global $post;
    
    				    $row_class = ($activityCount % 2) ? 'even' : 'odd';
    
    				    // Avatar
    				    $activity_user = get_post_meta( get_the_ID(), '_cp-activity-author', true);
    
    				    $activity_user = get_userdata( $activity_user );
    				    $activity_action = get_post_meta(get_the_ID(), '_cp-activity-action', true);
    				    $activity_type = get_post_meta(get_the_ID(), '_cp-activity-type', true);
    				    $activity_id = get_post_meta(get_the_ID(), '_cp-activity-ID', true);
    
    				    /* Wanted to not allow to display activities from projects that the current_user is not assigned to.
    				       The projects on my site are private, so i don't want all user, to see projects name, or files name, posted by others users, in others project.
                   Cheking for each activity_types, if the user is assigned to the project
                */
                if($activity_type==__('project', 'collabpress') || $activity_type=="project" || $activity_type=="projet"){
                $activity_users = get_post_meta( $activity_id, '_cp-project-users', false);
                }else if($activity_type==__('task', 'collabpress')|| $activity_type=="tâche" || $activity_type==__('task list', 'collabpress') || $activity_type=="liste de tâches"){
                $activity_users = get_post_meta( get_post_meta($activity_id, '_cp-project-id',true), '_cp-project-users', false);
                }else{
                $activity_users = get_post_meta( get_post_field('post_parent',$activity_id) , '_cp-project-users', false);
                }
    
                if (is_array($activity_users[0])){
                $userTable = $activity_users[0];
                // Don't display unwanted activities
                if ( $activity_user  && in_array($current_user->ID,$userTable)) : ?>
    
    				    <div class="cp-activity-row <?php echo $row_class ?>">
    					    <a class="cp-activity-author" title="<?php $activity_user->display_name ?>" href="<?php echo CP_DASHBOARD; ?>&user=<?php echo $activity_user->ID ?>"><?php echo get_avatar($activity_user->ID, 32) ?></a>
    					    <div class="cp-activity-wrap">
    					    <p class="cp-activity-description"><?php echo $activity_user->display_name . ' ' . $activity_action . ' ' . __('a', 'collabpress') . ' '. $activity_type ?>: <a href="<?php echo cp_get_url( $activity_id, $activity_type ); ?>"><?php echo get_the_title( $activity_id ); ?></a></p>
    					    </div>
    				    </div>
    
    				    <?php
                // Activity count before endif, so we can use it to count the real page items number, as we don't display the full query results. Required for pagination
                $activityCount++;
                endif;
    				    }
    			endwhile;
    		else :
    			echo '<p>'.__( 'No Activities...', 'collabpress' ).'</p>';
    		endif;
    
       /*
    
    		// Pagination
    		if ( $cp->activities->max_num_pages > 1 ) {
    			echo '<p class="cp_pagination">';
    		    for ( $i = 1; $i <= $cp->activities->max_num_pages; $i++ ) {
    		        echo '<a href="' . CP_DASHBOARD . '&view=activity&activity_page=' . $i . '" '.( ( $paged == $i ) ? 'class="active"' : '' ) . '>' . $i . '</a> ';
    		    }
    		    echo '</p>';
    		} 
    
        */
    
    // [...]
     ?>

    http://wordpress.org/extend/plugins/collabpress/

  2. slashCreations
    Member
    Posted 11 months ago #

    (my code is bad, i'm not developper, i'm a designer. I only show you this to make you understand what i tried to accomplish. As i said, since you allow us to assign users to projects, Unassigned users shouldn't see any activities!!

    You should think about rewriting this idea, and implement a new option in panel, like "show public or private site activity ?")

  3. Eric Andrew Lewis
    Member
    Plugin Author

    Posted 11 months ago #

    Yep, I completely agree. It's a feature that was left over from a previous version of CollabPress that I'd like to suss out in an upcoming version, maybe 1.4.

  4. slashCreations
    Member
    Posted 11 months ago #

    Do you have a log of the next features coming ? or something to see what will be happenning in the future ?

    I tried a lot of plugins to create customers workspaces, and yours is really the best, even against premium ones.

    Really planning to use it for me and my customers every day, and will try to make it evolve .. so i'm curious to know what is coming ^^

  5. Eric Andrew Lewis
    Member
    Plugin Author

    Posted 11 months ago #

    We have a Github repo where we're doing our own project management, for the time being.

    Features slated for the next major release are in the 1.4 milestone and bug fixes coming in the next dot release are in the 1.3.1 milestone.

  6. slashCreations
    Member
    Posted 11 months ago #

    added this is in the adresse bar while logged as subscriber:

    ?user=1&cp=front&project=124882

    Mouhahaha, MEGA FAIL ! Evryone can access everyone's projects / files, etc ... Ok .. thought i add finished but na ^^ ... let's get back to work to add a little restriction functionnality on this ...

    Is there some others things like that, that i should change, to prevent users to see others user's projects if there are not assigned in ?

  7. slashCreations
    Member
    Posted 11 months ago #

    I didn't checked yet, but is there an easy way to restrict the use of the "user=X" in urls ?
    I mean, to not allow users to see anything in projects if there are no assigned to the project?

  8. slashCreations
    Member
    Posted 11 months ago #

    For now, i will use something like that in each header content file:

    <?php
    global $current_user;
    get_currentuserinfo();
    if(!empty($_GET['user']) && $current_user->ID!=1){
       die('oops');
    }
    if(!empty($_GET['project'])  && !cp_user_is_in_project( $_GET['project'], $current_user->ID )){
       die('oops');
    } 
    
    ?>

    And will replace the die() with an error message for users to let them now they don't have permission to view this project content... Maybe should i test for tasks & files also..

  9. Remko-Creative
    Member
    Posted 2 months ago #

    First of all, great Plug-in! Very good peace of work :D

    I was wondering if there any updates about this subject?

    At the moment different users are still able to see each others project without being assigned.

    Would be great if you could let me know how the development of this specific subject is going?

    Again, great work!

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.