(cc'ing statusnet-dev list for more eyes) > Dear Craig, > > Thanks for your encouragement last night on IRC regarding a timeline > privacy feature on StatusNet. Between yard work and drumming today I was > able to put together a working model of such privacy. I've attached the > patch. Here are the changes: > > * added a new field to the user table in the database. The field is > called "privacy". > * added a new checkbox to the user account settings under "Other". This > may be an inappropriate place to put such a checkbox, but since I didn't > add this field to the profile table it seemed inappropriate to put it in > the "Profile" account settings. > * I added a global function to util.php called > common_notice_is_private(). When passed a notice and called, it checks > to see if the current user is a subscriber of the owner of the notice. > If the user is a subcribed, it returns 0; else 1. If there is no current > user and the notice owner is private, it returns 1. > * I modified a number of files to use this common function. The > StatusNet 0.9.x I was running here at home behaved as expected (private > notices are not shown in the public timeline or the RSS feeds). I wasn't > able to find a common "choke point" in the code where the showing of the > notice could be centrally blocked based on its privacy status. > > Please let me know if this is useful. If changes are needed (e.g. I used > the wrong table in the DB, put the checkbox in the wrong place, failed > to use the common function in the right place(s)) please let me know. > > Cheers, > Steve Sekula >
Excellent work, Steve! I do see one (substantial) problem though. You hide notices that are private during display, and not during the query, so you can end up with odd results. For example, in my test installation, I had two users, call them "one" and "two." Both have a bunch of notices. "Two" marks himself private. Now, when you view the public timeline, the query will return 10 notices, but then you don't display 5, so only 5 notices show up on the page, which looks weird. If "one" then marks himself as private too, there will not be any notices shown on the public timeline (which is to be expected) but the "there are no notices here yet" message will not be displayed. I think a better approach would be to filter out private notices at query time. A good starting point would likely be Notice::stream. If that is indeed a good point, make sure to preserve the caching functionality - it's really important for high volume sites. ~Craig _______________________________________________ StatusNet-dev mailing list [email protected] http://lists.status.net/mailman/listinfo/statusnet-dev
