FriendsOfFlarum Byōbu, well integrated, advanced private discussions
1.0.2
- Added recipientUsers include for CreateDiscussionController FriendsOfFlarum/byobu166
- Support custom user sluggers and fix profile private discussions tab FriendsOfFlarum/byobu
0cf8b3b
- Disable tag scoped permissions FriendsOfFlarum/byobu
fca4d92
Upgrading
composer require fof/byobu:"*"
php flarum cache:clear
- Edited
After upgrade, if the flarum set to id based slug driver I can see an empty input area. This issue affects starting private discussion on the user's profile page only. This feature works well with default slug driver.
Screenshot
Flarum core 1.1.1
PHP version: 8.1.0
MySQL version: 5.7.34-0ubuntu0.18.04.1
Loaded extensions: Core, date, libxml, openssl, pcre, zlib, filter, hash, json, pcntl, Reflection, SPL, session, standard, sodium, mysqlnd, PDO, xml, apcu, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, imagick, imap, intl, exif, memcache, mysqli, pdo_mysql, pdo_sqlite, Phar, posix, pspell, readline, shmop, SimpleXML, sockets, sqlite3, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xmlreader, xmlwriter, xsl, zip, Zend OPcache
+-------------------------------------+------------+------------------------------------------+
| Flarum Extensions | | |
+-------------------------------------+------------+------------------------------------------+
| ID | Version | Commit |
+-------------------------------------+------------+------------------------------------------+
| flarum-flags | v1.1.0 | |
| flarum-tags | v1.1.0 | |
| flarum-lock | v1.1.0 | |
| afrux-forum-widgets-core | v0.1.6 | |
| flarum-suspend | v1.1.0 | |
| flarum-approval | v1.1.0 | |
| zerosonesfun-up | 1.0 | |
| v17development-seo | v1.8.0 | |
| v17development-blog | 0.4.2 | |
| ubuntuhu-map | dev-master | 4649dd16b2ea238c436aa31b1d3bfe23d732ed81 |
| ralkage-hcaptcha | 1.0.0 | |
| nearata-twofactor | v2.0.1 | |
| miniflar-admin-notepad-widget | 1.0.0 | |
| justoverclock-welcomebox | 1.3.4 | |
| justoverclock-last-registered-users | 0.1.4 | |
| justoverclock-hot-discussions | 0.1.2 | |
| justoverclock-custom-html-widget | 0.1.4 | |
| ianm-syndication | 1.0.2 | |
| fof-user-bio | 1.0.1 | |
| fof-upload | 1.0.7 | |
| fof-spamblock | 1.0.2 | |
| fof-sitemap | 1.0.2 | |
| fof-reactions | 1.0.2 | |
| fof-polls | 1.0.4 | |
| fof-pages | 1.0.1 | |
| fof-nightmode | 1.1.4 | |
| fof-linguist | 1.0.3 | |
| fof-cookie-consent | 1.0.1 | |
| fof-byobu | 1.0.2 | |
| fof-best-answer | 1.1.7 | |
| flarum-subscriptions | v1.1.0 | |
| flarum-sticky | v1.1.0 | |
| flarum-statistics | v1.1.0 | |
| flarum-pusher | v1.1.0 | |
| flarum-nicknames | v1.1.0 | |
| flarum-mentions | v1.1.3 | |
| flarum-markdown | v1.1.0 | |
| flarum-likes | v1.1.0 | |
| flarum-lang-hungarian | v2.0.15 | |
| flarum-lang-english | v1.1.0 | |
| flarum-emoji | v1.1.1 | |
| flarum-bbcode | v1.1.0 | |
| davwheat-custom-sidenav-links | 1.0.1 | |
| darkle-fancybox | 0.2 | |
| clarkwinkelmann-group-list | 1.0.0 | |
| askvortsov-pwa | v3.1.1 | |
| antoinefr-online | v1.0.1 | |
| afrux-forum-stats-widget | v0.1.0 | |
+-------------------------------------+------------+------------------------------------------+
Base URL: https://ubuntu.hu
Installation path: /var/www/ubuntu.hu/public_html
Queue driver: sync
Mail driver: smtp
Debug mode: off
1.1.0
- Reintroduce the ability to remove all reciepients, add a tag and make the discussion visible to users with tag view permission. Disabled by default. FriendsOfFlarum/byobu167
Updating
composer require fof/byobu:"*"
php flarum migrate
php flarum cache:clear
Sponsored
This feature was sponsored by @glowingblue
Seems like this hepaly issue is still exists after upgrade 1.1.0
I created a video about this problem.
Flarum core 1.1.1
PHP version: 8.1.0
MySQL version: 5.7.34-0ubuntu0.18.04.1
Loaded extensions: Core, date, libxml, openssl, pcre, zlib, filter, hash, json, pcntl, Reflection, SPL, session, standard, sodium, mysqlnd, PDO, xml, apcu, bcmath, bz2, calendar, ctype, curl, dom, mbstring, FFI, fileinfo, ftp, gd, gettext, gmp, iconv, imagick, imap, intl, exif, memcache, mysqli, pdo_mysql, pdo_sqlite, Phar, posix, pspell, readline, shmop, SimpleXML, sockets, sqlite3, sysvmsg, sysvsem, sysvshm, tidy, tokenizer, xmlreader, xmlwriter, xsl, zip, Zend OPcache
+----------------------------------+------------+------------------------------------------+
| Flarum Extensions | | |
+----------------------------------+------------+------------------------------------------+
| ID | Version | Commit |
+----------------------------------+------------+------------------------------------------+
| flarum-flags | v1.1.0 | |
| flarum-tags | v1.1.0 | |
| flarum-lock | v1.1.0 | |
| afrux-forum-widgets-core | v0.1.6 | |
| flarum-suspend | v1.1.0 | |
| flarum-approval | v1.1.0 | |
| zerosonesfun-up | 1.0 | |
| v17development-seo | v1.8.0 | |
| v17development-blog | 0.4.2 | |
| ubuntuhu-map | dev-master | 4649dd16b2ea238c436aa31b1d3bfe23d732ed81 |
| ralkage-hcaptcha | 1.0.0 | |
| nearata-twofactor | v2.0.1 | |
| miniflar-admin-notepad-widget | 1.0.0 | |
| justoverclock-welcomebox | 1.3.4 | |
| justoverclock-hot-discussions | 0.1.2 | |
| justoverclock-custom-html-widget | 0.1.4 | |
| ianm-syndication | 1.0.2 | |
| fof-user-bio | 1.0.1 | |
| fof-upload | 1.0.7 | |
| fof-spamblock | 1.0.2 | |
| fof-sitemap | 1.0.2 | |
| fof-reactions | 1.0.2 | |
| fof-polls | 1.0.5 | |
| fof-pages | 1.0.1 | |
| fof-nightmode | 1.1.5 | |
| fof-merge-discussions | 1.0.1 | |
| fof-linguist | 1.0.3 | |
| fof-cookie-consent | 1.0.1 | |
| fof-byobu | 1.1.0 | |
| fof-best-answer | 1.1.7 | |
| flarum-subscriptions | v1.1.0 | |
| flarum-sticky | v1.1.0 | |
| flarum-statistics | v1.1.0 | |
| flarum-pusher | v1.1.0 | |
| flarum-nicknames | v1.1.0 | |
| flarum-mentions | v1.1.3 | |
| flarum-markdown | v1.1.0 | |
| flarum-likes | v1.1.0 | |
| flarum-lang-hungarian | v2.0.15 | |
| flarum-lang-english | v1.1.0 | |
| flarum-emoji | v1.1.1 | |
| flarum-bbcode | v1.1.0 | |
| davwheat-custom-sidenav-links | 1.0.1 | |
| darkle-fancybox | 0.2 | |
| clarkwinkelmann-group-list | 1.0.0 | |
| askvortsov-pwa | v3.1.1 | |
| antoinefr-online | v1.0.1 | |
| afrux-forum-stats-widget | v0.1.0 | |
| acpl-mobile-tab | 1.0.5 | |
+----------------------------------+------------+------------------------------------------+
Base URL: https://ubuntu.hu
Installation path: /var/www/ubuntu.hu/public_html
Queue driver: sync
Mail driver: smtp
Debug mode: off
Can I help with debug?
I tried rebuild (npm run build), but doesnt solve this problem.
Hello,
is there a possibility to show the news not in the main view but only when you click on the menu item? So it is unfortunately a bit confusing.
@FriendsOfFlarum @IanM I have a feature request that is it possible for you to implement unlisted option in this extension, If you know there's a video sharing platform named YouTube where users can mark their videos unlisted in that state the video is only shown to user who is having the link to that video.
username0136 how would that work exactly?
You mean not specify any recipients but manually send the link to select users?
That sounds out of scope for this extension since the whole recipient and authorization system wouldn't be used. It shouldn't be too difficult to make a special discussion type appear in the visibility scope but not the index endpoint for users who aren't authors in a new extension.
One problem is that with the default discussion slugger, IDs are predictable so a different slugger would have to be used. Even the ID system would have to be changed because you can read/post to discussions using the API with just the ID without any need for the slug.
Other option would be to include a secret token in the URL but that sounds way more complicated than unguessable IDs coupled with native permissions.
clarkwinkelmann You mean not specify any recipients but manually send the link to select users?
No need to select users just hide it from home page and search page.
clarkwinkelmann That sounds out of scope for this extension since the whole recipient and authorization system wouldn't be used. It shouldn't be too difficult to make a special discussion type appear in the visibility scope but not the index endpoint for users who aren't authors in a new extension.
IDK what are you telling I am beginner, I don't know much about flarum.
clarkwinkelmann One problem is that with the default discussion slugger, IDs are predictable so a different slugger would have to be used. Even the ID system would have to be changed because you can read/post to discussions using the API with just the ID without any need for the slug.
I don't there's a issue in predicting IDs.
clarkwinkelmann Other option would be to include a secret token in the URL but that sounds way more complicated than unguessable IDs coupled with native permissions.
I don't really think we need all this extraordinary things we should just hide it from search page, dicussion page and add noindex meta tag easy.
I'm not sure if you paid attention on something I reported previously but I will repeat it again sine I find it an extremely serious issue:
If you enable the following permission for users "Edit users partaking in private discussions", then anybody on the forum can turn any public discussion into a private one by limiting it to only a few people. This means a hacker can just enter my forum and render it useless by registering two rogue users and then making any public discussion a private discussion between these two new people.
I've disabled that permission once, then users on my forum complained they can't add more participants to already created private discussions and since I forgot I re-enabled it only to realize in horror that I opened a huge hole on my forum.
- Edited
CyberGene I have not used this extension in a while but I see permissions discussion.editUserRecipients
and discussion.editGroupRecipients
are listed under the moderate
permission group in the code, so those are probably only meant to be given to moderators and admins and not regular users.
EDIT: further looking at the code, the ability for regular users to change recipients doesn't seem to exist. There's only a condition to allow a user to exit a discussion they are part of, then it directly jumps to the moderation permission check. A new permission and check would have to be introduced to allow changing only recipients of discussions you authored or that you are a member of.
- Edited
clarkwinkelmann There's a contradiction here because the permission Edit users partaking in private discussions, even if enabled for moderators/admins only, would be meaningless because admins/mods can't see private discussions of other users to be able to edit the participants. It would only apply to private discussions where the admin/mod is participant (BTW I tested that, to confirm it). Users on the forum would ask for the ability to add new participants in private discussions after they are created and if the admin carelessly decides that the Edit users partaking in private discussions is the one to enable to all users (which is what I did), then a huge problem is created. Yes, users will now be able to add new participants to private discussions, but then anyone would see a new option for public discussions: to edit the participants, effectively rendering them private. What is more, even if that is done by mistake, there's no way to make them public again, unless tweaking the DB of course. I think something should be done, it's a dangerous option and I am grateful to a user on my forum for actually discovering this and warning me, instead of me realizing it the hard way...
Thanks for this extension, it's great.
Is there a solution to a user clicking on a link in an email to a private discussion and being presented with the 'The Page Your Requested Could Not Be Found' screen. Time and again my users think that the forum is broken as it doesn't suggest they need to login to view the private discussion.
What's the best way to fix this, i.e. to redirect users to a login page if they're not currently logged in and follow a link to a private discussion? Thanks!
- Edited
si_edgey as far as I know, two options exist: customizing the page not found error message with Linguist extension to say something different, or use the custom HTML error pages to completely change the template of the 404 page.
Due to how Flarum is implemented, there's no way to open the login modal directly on error page. With the Direct Links extension you could have a link that can be pasted in the custom HTML error page.
More advanced solutions (like intentionally leaking the content type or existence status of the discussion to have a custom error message only for private discussions) would require developing a custom extension.
clarkwinkelmann Thanks @clarkwinkelmann - I’ll take a look into these solutions.
A pop-up login modal such as those on the PayPal express checkout would be a great solution some day in the future. As much of my forum is based on private messages I hope to find a better solution.
- Edited
continiously oppps someting goes wrong messages are given but after refresh page I saw the job were done.
murdocklawless check Flarum log file at storage/logs
or the browser development console for error messages.
A likely error could be an issue sending emails.
after installing the plugin there are still no "private" permissions available to configure