Private group activities show in feed to other users

I have a private group and a user who is not a member of that group.
 
That user is able to see that their friend posted in the private group.  When the post is clicked on, the user is properly shown that they don't have permission to the group.
 
If the user doesn't have permission to the group, that group's activity should not be showing up in their activity feed.
 
It looks like the _checkPermission function only exists at the Controller level, but maybe if it was at the Model level this check would be easier.  I'm not a CakePHP guru, so not sure if there's an easy way to instantiate the Controller object on the fly, but that feels pretty "heavy."
 
Anyone have thoughts on how I can accomplish?
 
Any Moo folks able to get this on the roadmap and fix it for real so these sorts of things don't erroneously show up in a user's activity feed?
scotchgypsy Basic on 11/17/20 at 22:16 in mooSocial plugins
Add comment comment
1 Answer(s)

For improving speed loading activity feed  , we don't check group permission when fetching the activities . However , if you don’t care performance , you can make the customization by checking the group permission for  the “get” function in file …/app/Controller/Component/FeedsComponent.php  or getActivities function in  …/app/Model/Activity.php. By the way , if you want to modify the condition of activity model , you need to get familiar with Cakephp model  : https://book.cakephp.org/2/en/models/retrieving-your-data.html

Duy Duy (mooTechnicalTeam) Basic on 11/17/20 at 22:45
Add comment comment
arrow_forward
Cookies on mooCommunity - Social Networking Script.
This site uses cookies to store your information on your computer.
Read more east Accept done