I believe I've distilled this a lot of this problem into this 7 x 4 matrix of cases. The takeaway is that, if a piece of content has an access level wider than the group, our current methods of hiding it from non-members (based on Closed membership & group_gatekeeper) are not very reliable and inconsistently applied across the bundled content types.

It would be easy to fix bugs #4790 and #4789, applying the gatekeeper consistently and allowing it to work when the group can't be seen by the user, but these changes would alter 5 of the 28 cases from allowing entity display to redirecting. It's pretty clear #4789 needs to be fixed, but starting to hide blogs and files outside the group might break current user expectations. A particular problem is that group images embedded in closed group profile descriptions would break.

There's also the issue of the Activity stream, where an item's display completely depends on its individual access level. Even if its group is closed, a public item--its title and excerpt--can be seen by users not in the group. Do we consider this a problem?

  • In 1.8, what do we fix and how do we document the corner cases?
  • What changes in 1.9?

For 1.9 it's pretty clear we'd like to unbind content restriction from membership policy (#4525), but if we haven't already solved #4790 in 1.8.x, what should we allow to change in a 1.9 upgrade?

The spreadsheet linked above has a 2nd sheet "1.9 proposed" that has what I consider ideal behavior. You can flip between them to see how access would change. The basic is that the user whould be forwarded to the group unless the user can't see the group.

  • I think that in groups with only-members content policy, should there be a way for the group owner (and everybody with ->canEdit() permisions or similar) to expose a content.

    I say, input access for a group member should allow private and group, while the same input access for the group owner should allow private, group, logged in and public.

    This will solve the problem with the images in the group description.

