River privacy

I would like to modify a default Elgg behavior, but I do not know how to do it.

When a user creates a relationship of friendship with another user an entry in the 'River' is created which is public, I would like to set up access to this property. I created a 'Plugin Hook' to establish access to FRIENDS (I checked that well stores the value in the database), yet when I access the 'River' is still watching the entry. Also, when I call the 'elgg_get_river' function also returns me these entries. How I can resolve this behavior?

Thanks all

  • Despite having an access_id column, river items really don't have access levels. The system relies on the access levels of their object/target elements.

    So you have to link each river item to a separate object that has the desired access_id and owner_guid. Then users can only see the river item if they can see the object.

  • I have developed in my plugin the following plugin-hook to solve the problem:

     * Filter the visibility of the no-objects that appear on the River like:
     *     - New relationships, new members joined or profile updates
     * @param  string $hook   'creating'
     * @param  string $type   'river'
     * @param  array  $return  
     * @param  array  $params  
     * @return array
    function visibility_filter_of_river_items($hook, $type, $return, $params) {
        $completely_public = false;
        if ($return['items'] && is_array($return['items'])) {
            foreach ($return['items'] as $key => $item) {
                $access = $item->access_id;
                $user_guid = elgg_get_logged_in_user_guid();
                if (!($item instanceof \ElggRiverItem) || elgg_is_admin_logged_in() ||
                    ($completely_public && in_array($access, array(ACCESS_PUBLIC, ACCESS_LOGGED_IN))) ||
                    $item->subject_guid == $user_guid || elgg_get_ignore_access()) {
                $views = array(
                # Check all the possibilities for accessibility
                $Ive_access = (((
                        # (1) Check no completely-public and public accessibility (for friend-access)
                        (!$completely_public && in_array($access, array(ACCESS_PUBLIC, ACCESS_LOGGED_IN))) 
                        # (2) Check friend-access        
                        || $access == ACCESS_FRIENDS)
                    # (1) OR (2) with direct friend relationship for content accessibility
                    && check_entity_relationship($user_guid, 'friend', $item->subject_guid))
                    # OR the possibility of being directed to a specified access collection
                    || in_array($user_guid, get_members_of_access_collection($access))
                if (#in_array($item->view, $views) && 
                    (!elgg_is_logged_in() || !$Ive_access)) {
        return $return;

    Now, the 'River' is incomplete because it only shows a few RiverObjets (e.g. 3 or 4 of 20) (the others were filtered). What do I must do?

  • I was having a similar problem recently. There is no easy solution. The best way would be to create an entity with the desired access and set it as the object of the river item, but meh, what's the river for. We should bring back river access id.

  • I understand what you say, but I do not know how do it.

    Note: Recently, I am learning many aspects of Elgg, especially the events and plugin "hook" (so I was trying to do so). If someone could direct me...

  • So how should I? I do not understand as the 'River' works. I know it gets the RiverItems by list_river_items query () but not as query properties to determine access to users. How or where access checks when the RiverItem is not an object? And how or where access checks when the RiverItem is an object?

    Please help me