FriendsOfFlarum Byōbu, well integrated, advanced private discussions

matteocontrini

IanM

1.0.2

Added recipientUsers include for CreateDiscussionController FriendsOfFlarum/byobu166
Support custom user sluggers and fix profile private discussions tab FriendsOfFlarum/byobu0cf8b3b
Disable tag scoped permissions FriendsOfFlarum/byobufca4d92

Upgrading

composer require fof/byobu:"*"
php flarum cache:clear

hepaly

After upgrade, if the flarum set to id based slug driver I can see an empty input area. This issue affects starting private discussion on the user's profile page only. This feature works well with default slug driver.
Screenshot

Flarum core 1.1.1
PHP version: 8.1.0
MySQL version: 5.7.34-0ubuntu0.18.04.1
Loaded extensions: Core, date, libxml, openssl, pcre, zlib, filter, hash, json, pcntl, Reflection, SPL, session, standard, sodium, mysqlnd, PDO, xml, apcu, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, imagick, imap, intl, exif, memcache, mysqli, pdo_mysql, pdo_sqlite, Phar, posix, pspell, readline, shmop, SimpleXML, sockets, sqlite3, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xmlreader, xmlwriter, xsl, zip, Zend OPcache
+-------------------------------------+------------+------------------------------------------+
| Flarum Extensions                   |            |                                          |
+-------------------------------------+------------+------------------------------------------+
| ID                                  | Version    | Commit                                   |
+-------------------------------------+------------+------------------------------------------+
| flarum-flags                        | v1.1.0     |                                          |
| flarum-tags                         | v1.1.0     |                                          |
| flarum-lock                         | v1.1.0     |                                          |
| afrux-forum-widgets-core            | v0.1.6     |                                          |
| flarum-suspend                      | v1.1.0     |                                          |
| flarum-approval                     | v1.1.0     |                                          |
| zerosonesfun-up                     | 1.0        |                                          |
| v17development-seo                  | v1.8.0     |                                          |
| v17development-blog                 | 0.4.2      |                                          |
| ubuntuhu-map                        | dev-master | 4649dd16b2ea238c436aa31b1d3bfe23d732ed81 |
| ralkage-hcaptcha                    | 1.0.0      |                                          |
| nearata-twofactor                   | v2.0.1     |                                          |
| miniflar-admin-notepad-widget       | 1.0.0      |                                          |
| justoverclock-welcomebox            | 1.3.4      |                                          |
| justoverclock-last-registered-users | 0.1.4      |                                          |
| justoverclock-hot-discussions       | 0.1.2      |                                          |
| justoverclock-custom-html-widget    | 0.1.4      |                                          |
| ianm-syndication                    | 1.0.2      |                                          |
| fof-user-bio                        | 1.0.1      |                                          |
| fof-upload                          | 1.0.7      |                                          |
| fof-spamblock                       | 1.0.2      |                                          |
| fof-sitemap                         | 1.0.2      |                                          |
| fof-reactions                       | 1.0.2      |                                          |
| fof-polls                           | 1.0.4      |                                          |
| fof-pages                           | 1.0.1      |                                          |
| fof-nightmode                       | 1.1.4      |                                          |
| fof-linguist                        | 1.0.3      |                                          |
| fof-cookie-consent                  | 1.0.1      |                                          |
| fof-byobu                           | 1.0.2      |                                          |
| fof-best-answer                     | 1.1.7      |                                          |
| flarum-subscriptions                | v1.1.0     |                                          |
| flarum-sticky                       | v1.1.0     |                                          |
| flarum-statistics                   | v1.1.0     |                                          |
| flarum-pusher                       | v1.1.0     |                                          |
| flarum-nicknames                    | v1.1.0     |                                          |
| flarum-mentions                     | v1.1.3     |                                          |
| flarum-markdown                     | v1.1.0     |                                          |
| flarum-likes                        | v1.1.0     |                                          |
| flarum-lang-hungarian               | v2.0.15    |                                          |
| flarum-lang-english                 | v1.1.0     |                                          |
| flarum-emoji                        | v1.1.1     |                                          |
| flarum-bbcode                       | v1.1.0     |                                          |
| davwheat-custom-sidenav-links       | 1.0.1      |                                          |
| darkle-fancybox                     | 0.2        |                                          |
| clarkwinkelmann-group-list          | 1.0.0      |                                          |
| askvortsov-pwa                      | v3.1.1     |                                          |
| antoinefr-online                    | v1.0.1     |                                          |
| afrux-forum-stats-widget            | v0.1.0     |                                          |
+-------------------------------------+------------+------------------------------------------+
Base URL: https://ubuntu.hu
Installation path: /var/www/ubuntu.hu/public_html
Queue driver: sync
Mail driver: smtp
Debug mode: off

hepaly

Seems like this hepaly issue is still exists after upgrade 1.1.0
I created a video about this problem.

Flarum core 1.1.1
PHP version: 8.1.0
MySQL version: 5.7.34-0ubuntu0.18.04.1
Loaded extensions: Core, date, libxml, openssl, pcre, zlib, filter, hash, json, pcntl, Reflection, SPL, session, standard, sodium, mysqlnd, PDO, xml, apcu, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, imagick, imap, intl, exif, memcache, mysqli, pdo_mysql, pdo_sqlite, Phar, posix, pspell, readline, shmop, SimpleXML, sockets, sqlite3, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xmlreader, xmlwriter, xsl, zip, Zend OPcache
+----------------------------------+------------+------------------------------------------+
| Flarum Extensions                |            |                                          |
+----------------------------------+------------+------------------------------------------+
| ID                               | Version    | Commit                                   |
+----------------------------------+------------+------------------------------------------+
| flarum-flags                     | v1.1.0     |                                          |
| flarum-tags                      | v1.1.0     |                                          |
| flarum-lock                      | v1.1.0     |                                          |
| afrux-forum-widgets-core         | v0.1.6     |                                          |
| flarum-suspend                   | v1.1.0     |                                          |
| flarum-approval                  | v1.1.0     |                                          |
| zerosonesfun-up                  | 1.0        |                                          |
| v17development-seo               | v1.8.0     |                                          |
| v17development-blog              | 0.4.2      |                                          |
| ubuntuhu-map                     | dev-master | 4649dd16b2ea238c436aa31b1d3bfe23d732ed81 |
| ralkage-hcaptcha                 | 1.0.0      |                                          |
| nearata-twofactor                | v2.0.1     |                                          |
| miniflar-admin-notepad-widget    | 1.0.0      |                                          |
| justoverclock-welcomebox         | 1.3.4      |                                          |
| justoverclock-hot-discussions    | 0.1.2      |                                          |
| justoverclock-custom-html-widget | 0.1.4      |                                          |
| ianm-syndication                 | 1.0.2      |                                          |
| fof-user-bio                     | 1.0.1      |                                          |
| fof-upload                       | 1.0.7      |                                          |
| fof-spamblock                    | 1.0.2      |                                          |
| fof-sitemap                      | 1.0.2      |                                          |
| fof-reactions                    | 1.0.2      |                                          |
| fof-polls                        | 1.0.5      |                                          |
| fof-pages                        | 1.0.1      |                                          |
| fof-nightmode                    | 1.1.5      |                                          |
| fof-merge-discussions            | 1.0.1      |                                          |
| fof-linguist                     | 1.0.3      |                                          |
| fof-cookie-consent               | 1.0.1      |                                          |
| fof-byobu                        | 1.1.0      |                                          |
| fof-best-answer                  | 1.1.7      |                                          |
| flarum-subscriptions             | v1.1.0     |                                          |
| flarum-sticky                    | v1.1.0     |                                          |
| flarum-statistics                | v1.1.0     |                                          |
| flarum-pusher                    | v1.1.0     |                                          |
| flarum-nicknames                 | v1.1.0     |                                          |
| flarum-mentions                  | v1.1.3     |                                          |
| flarum-markdown                  | v1.1.0     |                                          |
| flarum-likes                     | v1.1.0     |                                          |
| flarum-lang-hungarian            | v2.0.15    |                                          |
| flarum-lang-english              | v1.1.0     |                                          |
| flarum-emoji                     | v1.1.1     |                                          |
| flarum-bbcode                    | v1.1.0     |                                          |
| davwheat-custom-sidenav-links    | 1.0.1      |                                          |
| darkle-fancybox                  | 0.2        |                                          |
| clarkwinkelmann-group-list       | 1.0.0      |                                          |
| askvortsov-pwa                   | v3.1.1     |                                          |
| antoinefr-online                 | v1.0.1     |                                          |
| afrux-forum-stats-widget         | v0.1.0     |                                          |
| acpl-mobile-tab                  | 1.0.5      |                                          |
+----------------------------------+------------+------------------------------------------+
Base URL: https://ubuntu.hu
Installation path: /var/www/ubuntu.hu/public_html
Queue driver: sync
Mail driver: smtp
Debug mode: off

Can I help with debug?
I tried rebuild (npm run build), but doesnt solve this problem.

IanM

1.1.0

Reintroduce the ability to remove all reciepients, add a tag and make the discussion visible to users with tag view permission. Disabled by default. FriendsOfFlarum/byobu167

Updating

composer require fof/byobu:"*"
php flarum migrate
php flarum cache:clear

This feature was sponsored by @glowingblue 💝

jsystems73

IanM Hello! Would it be possible to use it without a recipient? For example, to take notes that only I can see?

Yolo

Hello,
is there a possibility to show the news not in the main view but only when you click on the menu item? So it is unfortunately a bit confusing.

username0136

@FriendsOfFlarum @IanM I have a feature request that is it possible for you to implement unlisted option in this extension, If you know there's a video sharing platform named YouTube where users can mark their videos unlisted in that state the video is only shown to user who is having the link to that video.

clarkwinkelmann

username0136 how would that work exactly?

You mean not specify any recipients but manually send the link to select users?

That sounds out of scope for this extension since the whole recipient and authorization system wouldn't be used. It shouldn't be too difficult to make a special discussion type appear in the visibility scope but not the index endpoint for users who aren't authors in a new extension.

One problem is that with the default discussion slugger, IDs are predictable so a different slugger would have to be used. Even the ID system would have to be changed because you can read/post to discussions using the API with just the ID without any need for the slug.

Other option would be to include a secret token in the URL but that sounds way more complicated than unguessable IDs coupled with native permissions.

username0136

clarkwinkelmann You mean not specify any recipients but manually send the link to select users?

No need to select users just hide it from home page and search page.

clarkwinkelmann That sounds out of scope for this extension since the whole recipient and authorization system wouldn't be used. It shouldn't be too difficult to make a special discussion type appear in the visibility scope but not the index endpoint for users who aren't authors in a new extension.

IDK what are you telling I am beginner, I don't know much about flarum.

clarkwinkelmann One problem is that with the default discussion slugger, IDs are predictable so a different slugger would have to be used. Even the ID system would have to be changed because you can read/post to discussions using the API with just the ID without any need for the slug.

I don't there's a issue in predicting IDs.

clarkwinkelmann Other option would be to include a secret token in the URL but that sounds way more complicated than unguessable IDs coupled with native permissions.

I don't really think we need all this extraordinary things we should just hide it from search page, dicussion page and add noindex meta tag easy.

CyberGene

I'm not sure if you paid attention on something I reported previously but I will repeat it again sine I find it an extremely serious issue:

If you enable the following permission for users "Edit users partaking in private discussions", then anybody on the forum can turn any public discussion into a private one by limiting it to only a few people. This means a hacker can just enter my forum and render it useless by registering two rogue users and then making any public discussion a private discussion between these two new people.

I've disabled that permission once, then users on my forum complained they can't add more participants to already created private discussions and since I forgot I re-enabled it only to realize in horror that I opened a huge hole on my forum.

clarkwinkelmann

CyberGene I have not used this extension in a while but I see permissions discussion.editUserRecipients and discussion.editGroupRecipients are listed under the moderate permission group in the code, so those are probably only meant to be given to moderators and admins and not regular users.

EDIT: further looking at the code, the ability for regular users to change recipients doesn't seem to exist. There's only a condition to allow a user to exit a discussion they are part of, then it directly jumps to the moderation permission check. A new permission and check would have to be introduced to allow changing only recipients of discussions you authored or that you are a member of.

CyberGene

clarkwinkelmann There's a contradiction here because the permission Edit users partaking in private discussions, even if enabled for moderators/admins only, would be meaningless because admins/mods can't see private discussions of other users to be able to edit the participants. It would only apply to private discussions where the admin/mod is participant (BTW I tested that, to confirm it). Users on the forum would ask for the ability to add new participants in private discussions after they are created and if the admin carelessly decides that the Edit users partaking in private discussions is the one to enable to all users (which is what I did), then a huge problem is created. Yes, users will now be able to add new participants to private discussions, but then anyone would see a new option for public discussions: to edit the participants, effectively rendering them private. What is more, even if that is done by mistake, there's no way to make them public again, unless tweaking the DB of course. I think something should be done, it's a dangerous option and I am grateful to a user on my forum for actually discovering this and warning me, instead of me realizing it the hard way...

CyberGene

I see there has been a new release of the extension that has not been announced but on the GitHub page it has been described as fixing the issue I was concerned about:
CyberGene

I've just updated and can confirm that editing participants of public discussion is not possible anymore which basically fixes the issue. Thanks 🍻

si_edgey

Thanks for this extension, it's great.

Is there a solution to a user clicking on a link in an email to a private discussion and being presented with the 'The Page Your Requested Could Not Be Found' screen. Time and again my users think that the forum is broken as it doesn't suggest they need to login to view the private discussion.

What's the best way to fix this, i.e. to redirect users to a login page if they're not currently logged in and follow a link to a private discussion? Thanks!

clarkwinkelmann

si_edgey as far as I know, two options exist: customizing the page not found error message with Linguist extension to say something different, or use the custom HTML error pages to completely change the template of the 404 page.

Due to how Flarum is implemented, there's no way to open the login modal directly on error page. With the Direct Links extension you could have a link that can be pasted in the custom HTML error page.

More advanced solutions (like intentionally leaking the content type or existence status of the discussion to have a custom error message only for private discussions) would require developing a custom extension.

si_edgey

clarkwinkelmann Thanks @clarkwinkelmann - I’ll take a look into these solutions.

A pop-up login modal such as those on the PayPal express checkout would be a great solution some day in the future. As much of my forum is based on private messages I hope to find a better solution.

m4v3rick

luceos I will consider something better for the long run.

Any update on this?
The problem still exists and I didn't want to play with the code. At the moment I took the "soft delete discussion" rights away from the mods. Still this is not a reasonable way imho, but more a workaround.

luceos

m4v3rick no I've been swamped with other things.

murdocklawless

continiously oppps someting goes wrong messages are given but after refresh page I saw the job were done.

clarkwinkelmann

murdocklawless check Flarum log file at storage/logs or the browser development console for error messages.

A likely error could be an issue sending emails.

murdocklawless

clarkwinkelmann you are right. I was trying on xampp.

ivan006

after installing the plugin there are still no "private" permissions available to configure

luceos

ivan006 what version of Byobu and Flarum are you using?

« Previous Page Next Page »