Skip to:
Content
Pages
Categories
Search
Top
Bottom

BuddyPress Privacy Component: An Update


  • Jeff Sayre
    Participant

    @jeffsayre

    Many people have been inquiring about privacy options in BuddyPress. Some of you are aware that I am currently coding a Privacy Component for BuddyPress. I decided that it is time to fill the community in on my component, providing more details and a timeline.

    My Privacy Component will be entering a private alpha early next week. After the alpha phase is complete, it will then be available as a public Beta. If it goes well, and Andy likes it, it may be included in the BP core for version 1.2. If you look at the BP roadmap, you will see that that is when privacy filtering is scheduled to be included in core.

    In this screen capture of one of the privacy setting screens, you can see that there are actually six user classification filters that can be chosen for each BP object. The sixth option, “Relationship Mapped”, is made available by a separate plugin which I’ll be releasing later. The default Privacy Component will offer five levels.

    My current estimated release date for the first public beta is the week of October 5. This date may change depending on the feedback from the alpha phase.

    More Details

    This is taken from the Privacy Component’s current readme.txt file:

    BPAz is a privacy control component for BuddyPress that provides a site’s users a mechanism with which to control who has access to which pieces of their personal data.

    == Description ==

    The BuddyPress Authorization component (also referred to as BPAz, BP-Authz, or BuddyPress Privacy Component) is a BuddyPress component that allows users fine, granular control over who has access to which pieces of their personal data. It provides this service by hooking into BuddyPress’ core functionality, thereby giving users the ability to control (grant or deny) access to each piece, or grouping of, their personal data.

    The term “auth” is often used interchangeably for authentication or authorization. There is significant difference in meaning between them. Authentication is not authorization. Authorization is not authentication. Authentication must come before authorization. Authentication is handled by WPMU, initially by the registration process and subsequently by the login script. Authorization deals with verifying and managing the access rights a given authenticated user has to certain objects.

    Because of this confusion, the process of authentication is now often referred to as A1, or AuthN, or simply Au. The process of authorization is now often referred to as A2, or AuthZ, or simply Az. Since authentication must come before authorization, the A1-A2 ordinality of the terms is evident. This also explains the alternate names BPAz and BP-Authz.

    BPAz deals with authorization by verifying and managing access rights an authenticated user has to other’s objects–although a user may choose to expose their data to non-logged in users as well.

    The core BuddyPress objects on which rights can be set:

    • xprofile fields
    • activity stream actions
    • friends list
    • groups list
    • messaging
    • blogs
    • wire
    • status updates

    The basic access levels configurable per object (some objects offer only a subset of these rights):

    • allow/deny anyone (globally public or globally private). This is accomplished by setting an object’s viewing rights to either “All Users” or “Only Me”
    • allow only “Logged in Users” to view a given object
    • allow only friends to view a given object
    • allow only a specific list of users to view a given object. This is also called per user access control. This is accomplished by setting an object’s viewing rights to “These Users Only” and then entering a comma-separated list of usernames (a member’s login name) in a textbox that becomes visible.

    NOTE: Per relationship-type access control is possible if you use my BuddyPress Relationship Mapping plugin. For instance, allow by friend, colleague, partner, client, customer, fan, etcetera.

    Site Administration of BuddyPress User Privacy Tools

    Site administrators have ultimate control and oversight over the configuration of BPAz’s features and functionality via an additional administration panel under the BuddyPress menu hierarchy. The BuddyPress Privacy Component is enabled by default for all object groupings. However, Site Administrators can disable user-configurable sitewide privacy, or even individual privacy control objects, by using the Privacy Settings administration panel. As the Site Administrator, you will always be able to see each user’s complete content. Users do not have any options to hide content from Site Administrators.

Viewing 25 replies - 26 through 50 (of 101 total)

  • Timschmi
    Participant

    @timschmi

    A have a question converning the “Who is online” feature. Can you also hide there, so you are online but it is not shown to the world?


    Jeff Sayre
    Participant

    @jeffsayre

    @Timschmi

    No, there is not a facility for hiding your online status from the rest of the site. That feature is really not necessary as the privacy settings will allow you to block all communication for a single user all the way up to all users. So, what difference does it make if someone knows that you are currently online.

    As a side thought, this Site ( BP.org ), uses the “Recently Active” widget instead of the “Who’s Online” avatar listing. I think this makes more sense as it does not indicate if someone is currently online. It is simply a listing of the most recently active members.


    John James Jacoby
    Keymaster

    @johnjamesjacoby

    I think what we all really want to know is…

    Will this plugin keep my thoughts private and protect them from the aliens?


    Jeff Sayre
    Participant

    @jeffsayre

    Haha!

    Well, yes and no. It will keep your thoughts private and out of the reach from regular, lowly humans, but it’s already too late to prevent alien interference. All humans have already been tagged by the aliens. They know where we are, what we’re doing, and what we’re thinking at all times. So take off that silly tinfoil hat, John.


    peterverkooijen
    Participant

    @peterverkooijen

    This Privacy Component sounds like a huge step forward. Eager to implement and test, as soon as I have time. Thanks Jeff Sayre.


    madloki
    Participant

    @madloki

    @Jeff: will Andy include this in v1.2? I will start my page in october, will you release your plugin this month, or should i wait for bp1.2?


    Jeff Sayre
    Participant

    @jeffsayre

    @madloki

    Although privacy features are on the BuddyPress Roadmap for v1.2, there is no guarantee that my privacy component will become the official BP privacy component. Andy has yet to see or test it.

    I have been working on a few other projects recently, but will be polishing up my privacy component this weekend. I do plan on releasing the plugin as a beta once it has been properly alpha tested. I assume at this stage, I will be releasing an alpha version in the next 2 weeks–after v1.1 comes out and Andy has had a chance to see the component.


    madloki
    Participant

    @madloki

    Ok, very good. It would be great when your plugin will be one part of v1.2 – much better than an standalone plugin. The privacy part is an >very< important feature, at the moment my biggest bp handicap :(


    Tore
    Participant

    @toregus

    It’s sad to hear that the forums won’t be part of this. I’ll just keep on allowing no one into the website who isn’t a member. Thanks a lot anyway!


    Jeff Sayre
    Participant

    @jeffsayre

    @Tore

    That’s the proper attitude!

    The forums are their own, separate plugin. I’ve already clearly explained the reasons why this component will not provide bbPress forum privacy filters. You are free to use any bbPress privacy plugins that you want. Perhaps in the future this will change, but right now, it will not be an option.


    Jeff Sayre
    Participant

    @jeffsayre

    Just a quick update. I’ve been waiting for BP v1.1 to come out so that I could tweak the Privacy Component code were needed. I plan on sending Andy my component next week. After the two of us have had some time to kick it around, I will release it for private alpha. That should be soon!


    madloki
    Participant

    @madloki

    Very nice Jeff, very nice and many thanks :)


    egturbo
    Participant

    @egturbo

    thanks a million for working on this. it’s all that is holding us back right now. going to make buddypress very useful.


    Timschmi
    Participant

    @timschmi

    @Jeff: Hope that your Plugin will make it in the core. We need something like that in educational contexts.


    abcde666
    Participant

    @erich73

    Hi Jeff,

    a great feature would be the following – not sure if you are willing to add this into the Privacy-Component as well, but would be an additional feature.

    I would like for my users to have the ability to get them an “verified”-status.

    Let´s say they will send to me a copy of their Passport (either by postal-mail or by e-mail) so that I can manually verify their identity.

    The feature I am talking about would be just a simple click-button within Admin-interface to make a certain member to be “a verified member”. So when the user has been verified by the Admin, there will be a small image showing “Verified User”.

    What do you think about this ?

    I believe Facebook uses SMS to do verification. Or they used to. I don’t recall what the benefit of that was either. Maybe to avoid captcha?


    abcde666
    Participant

    @erich73

    it is actually the benfit to verify members at dating sites. People would like to get in touch with “real” people, not impersonators, fake people, etc.


    Jeff Sayre
    Participant

    @jeffsayre

    Privacy is all about authorizing, not authenticating. Verifying and managing access rights–which the privacy component does–is an entirely different issue than verifying a user’s identity. Verifying someone’s identity is a very tricky aspect of authentication.

    Therefore, this would not be something to fall under the privacy component.

    Reread my first post in this thread (see the “== Description ==” section) to see what I wrote about authorizing versus authenticating.


    pro101
    Participant

    @pro101

    Privacy is an important topic to address. Thanks for doing this! I was wondering, how can we add a EULA for users to accept when they register?

    That needs a new thread, it’s off-topic here. But I believe there are existing WP plugins which work.


    outolumo
    Participant

    @outolumo

    Would there be any sense in allowing the Site Admin to choose which AC levels are available? E.g. only logged in users and friends?

    How about an easy way of granting access to members of a certain bp-group? This could be a special case of named users.


    deuts
    Participant

    @deuts

    I also need to see this project through. I would like to have some privacy in my buddypress pages.


    Jeff Sayre
    Participant

    @jeffsayre

    Just a quick Update.

    I’ve just sent off the alpha version of this plugin for Andy to look at. It has turned out to be a little more work than I originally anticipated but the end result is looking (and functioning) very nice.


    madloki
    Participant

    @madloki

    Fantastic :) Is there an official release for bp 1.2 with your pc plugin jeff?

    Jeff’s component is still under some stage of review and AFAIK hasn’t been released for private testing yet. There’s no promise that Jeff’s code will get integrated into the BP Core, that decision is Andy Peatling’s.

    I’d assume the plan is to get a plugin out that is compatible with BP 1.1 as BP 1.2 isn’t likely to be released until January.

Viewing 25 replies - 26 through 50 (of 101 total)
  • The topic ‘BuddyPress Privacy Component: An Update’ is closed to new replies.
Skip to toolbar