Question Posts in private / restricted boards visible to general public through User Activity and Recent Post

I understand the situation. Indeed, there isn't a lot we can do when people have private sub-categories and, at the same time, remove the evidence of topics being posted in them (even if people can't view the contents of the actual messages, themselves) appearing on the Recent Topics view. This is a limitation in the current version of Kunena. I agree with you that it's something the Kunena development team should take an interest in. However, for the time being, the only relief I can suggest is to go about setting up your sections and categories in the way that I suggested.

You should not be surprised to know that we have several private categories here at this forum, too, but you don't see the categories listed anywhere. It's a bit tricky to explain in detail in a discussion like the one we've been having in this topic, but the way we've approached the issue is as I've outlined in my earlier replies to you.

In short, the appearance of messages posted into restricted sub-categories can't be resolved unless you make those sub-categories into categories. I agree with you that you would like to minimise the amount of screen real-estate but it really comes down to a question of privacy and what measures you're prepared to invest in obtaining the relevant degree of privacy on your forum.

I noticed that private posts are also hidden in the Recent Topics listing, as well as a user's profile - this means it's possible to hide them, and the code is already implemented in other parts of the Kunena component. It just needs to be applied to the "Last Post" portion of the Index.

GJSchaller wrote: I noticed that private posts are also hidden in the Recent Topics listing, as well as a user's profile - this means it's possible to hide them, and the code is already implemented in other parts of the Kunena component. It just needs to be applied to the "Last Post" portion of the Index.

Actually that's not wholly correct.

Let's say you have three groups of users:

Group name	Definition
Type 1	Guests
Type 2	└    Registered-normal
Type 3	└    Registered-Special

Let's suppose you have a category structure like this:

Section/Category Name	"Restricted" to
Section A	Type 1 users
├    Category A1	Type 1 users
└    Category A2	Type 2 users
└    Sub-category A2.1	Type 3 users

This table shows who "sees" what:

User group	Category names indexed/displayed	last post shown	can view topics in
Type1	A1	A1	A1
Type 2	A1 + A2	A1 + A2 + A2.1	A1 + A2
Type 3	A1 + A2 + A2.1	A1 + A2 + A2.1	A1 + A2 + A2.1

So, in one sense there is an issue in what the last post column displays where sub-categories are involved, or where sub-sub-categories are involved and further down the category structure tree. There's a security weakness, yes. There's not a major compromise in security, however, if you apply the simple remedy to the problem that we've already discussed that earlier in this topic. The application of the remedy does, I admit, compromise a bit of screen real-estate.

I think that 31 categories for administration (!) is a little unusual but, it may interest you to know, the forum here at this site has over 180 categories in total and there's a wide mixture of accessibility to all of those. I think it's fair to say that the objective is attainable and that the cost of achieving the objective is a very low one within the current constraints.

We agree that this is an area where the project team needs to take some interest. The matter will not be resolved (with a technically ideal solution) before the release of K 2.0 in a couple of months' time.

Yes, I know we've remedied it, but it's still a potential flaw that should be fixed in a future release. I would still like to move my sub-categories back under a main category, to conserve screen usage.

Saying "The door is stuck, use another one" is not an excuse to avoid un-sticking the stuck door.

I attempted to install Community Builder 1.8 and GroupJive on my site, and integrate it with Kunena 1.7.2 - this problem is preventing CB and GJ from working as intended.

Because GroupJive automatically creates new Kunea Categories (for new Groups) as Sub-Categories under a parent Category, this problem comes back up. If I create a private, invite-only Group using CB and GJ, everyone (including people not in the group) can see the last post made, EVEN IF IT WAS IN A PRIVATE GROUP.

Community Builder & GroupJive do not allow me to change how the groups are nested - new groups are always created under their parent Category.

The simplest solution for this problem is for Kunena to fix the flaw that allows people to see posts that are in Categories they do not have access to. Simply put, this is not a case of "you're doing it wrong," this is a bug in Kunena that allows users to see posts they should not be able to see.

I realize 2.0 is on the way - will this be fixed in 2.0? Can this be addressed in an update for 1.7.2? This is a fairly serious security issue in that it allows people to see posts they should not have access to.

Will this be fixed in K 2.0? That's a difficult question to answer. At this time we do not have a public beta version available for release. It is my understanding that Joomlapolis is interested in working to integrate Community Builder with K 2.0 but they are not able to work on K 2.0 until a public beta version is available. So, at this time, we're in a bit of a catch-22 scenario (no beta version and no CB integration with K 2.0 at all).

This discussion has been quite far-ranging and, as I review what has been written before, we've covered many different subjects: Joomla ACLs, Community Builder, GroupJive among others.

There is a lot of work that needs to be done to test the correct operation of Kunena in tightly regulated environments like yours. We recognise that K 1.7.2 may not fully "fit the bill" in every case but the project team is working hard to build K 2.0.0 beta; that's our first objective. I, personally, have two major problems:

(1) Finding any time, at all, to test K 2.0 while I spent 4-8 hours per day attending to issues raised on the forum about K 1.7. I'm not complaining; I enjoy the task but it leaves me little time for much else.

(2) Ensuring that the testing team has conducted a comprehensive range of tests so that, when K 2.0.0 beta is released, people will not rush on to the forum to complain about a range of errors that would take an army of volunteers from now until Christmas to answer.

This means that we need to remain clearly focused on the task at hand. We ask for everyone's patience and co-operation, please, no matter how urgently or seriously people may view their specific needs. If matters are genuinely urgent then arrangements can be always be made on a fee-for-service basis.