Skip to Content Skip to Menu

🌟 CB Editor Assistant 1.0.0 is here! Discover our new AI Joomla Plugin that wrote its story! (and this banner!)
Start at just $12.50/month* or 💸 save 30% with our 🛍️ Black Friday Intro Offer for your subscription's lifetime
Grab It Now!
🎉 Black Friday sale is here! Great savings on professional and developer memberships! Get 25% off now with code BLACK-FRIDAY-2024!

CB Privacy filtering of database query

  • piglet
  • piglet
  • OFFLINE
  • Posts: 5
  • Thanks: 0
  • Karma: 0
6 years 6 months ago #304469 by piglet
CB Privacy filtering of database query was created by piglet
I discovered unexpected behaviour of the CB Privacy plugin

J.3.8.7 , CB 2.1.4, CB Privacy 5.0.0-2018-04-23

On my webpage CB Privacy is installed and published. I have added a custom field (cb_custom) with privacy setting and a general privacy setting for whole profile.

In the module I want to show a list of users with the custom field values. I need to hide all profiles set to privat and fields in profile set to privat.

In the module I load user objects by ids obtained from SQL query

$cbUser = CBuser::getInstance( $row->user_id, false );

Then I get a custom field value by:
$cbUser->getField( 'cb_custom', null, 'html', 'none', 'list', 0, true )

I tested various getField arguments:

1. $fullAccess both true and false does not make any difference
2. $output 'html' filters out fields set to privat, but does not hide field when whole profile is privat
3. $output 'csv' shows fields set to privat and fields in privat profiles

I can see that CB Privacy partly works because for version in point 2 it hides values for fields set to privat. When I view the same list as admin it shows everything. So there is some influence on the field visibility.

How can I get it work to hide both privat field and privat profile?

Kind regards,

Michal

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48560
  • Thanks: 8292
  • Karma: 1445
6 years 6 months ago #304485 by krileon
Replied by krileon on topic CB Privacy filtering of database query
Add an if statement to check if your field has a value. It'll empty it for html based API calls or substitution usages if privacy doesn't permit access. If the field has no value then don't show that user. Profile Privacy by default only prevents direct access to a profile. If you also want it to suppress fields values you need to edit the profile privacy field and select what fields it should also hide. There is no functionality to check what their profile privacy is from getFields or substitutions API.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • piglet
  • piglet
  • OFFLINE
  • Posts: 5
  • Thanks: 0
  • Karma: 0
6 years 6 months ago #304506 by piglet
Replied by piglet on topic CB Privacy filtering of database query
Thank you for a quick answer.

Is there a method in CB Privacy that I can use to test if a field (by name) in the given profile (by id) would be visible to a logged user and another one to test if a whole user profile (by id) would be visible to a logged user?
Before using it I can test if CB Privacy is loaded and then test each record from SQL query before displaying it.

Kind regards,

Michal

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48560
  • Thanks: 8292
  • Karma: 1445
6 years 6 months ago #304507 by krileon
Replied by krileon on topic CB Privacy filtering of database query
Configure the Profile Privacy field to also protect cb_custom then grab cb_custom with getField using html output. If it's empty then don't show the user as it's either empty because they supplied nothing or it's protected by privacy controls. In both cases makes sense not to display them I'm guessing for what you're trying to do. Next release will allow you to substitute privacy fields (e.g. [profile_privacy]) and will return a 1 or 0 depending on if viewing user is authorized to access the field or not.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • piglet
  • piglet
  • OFFLINE
  • Posts: 5
  • Thanks: 0
  • Karma: 0
6 years 6 months ago #304628 by piglet
Replied by piglet on topic CB Privacy filtering of database query
As you sugested I use getField with 'html' output to test if field is privat or connections.
To check profile privacy I use: CBPrivacy::checkProfileDisplayAccess ( $cbUserTable )
I couldn't get to work:
a. CBPrivacy::checkProfileDisplayAccess with field parameter
b. CBPrivacy::checkFieldDisplayAccess -
both return false only if whole user profile was privat not a field only

I have noticed a bug in CBPrivacy.php
checkFieldDisplayAccess can not be called with $field as an integer. If you try to do that you get an error:
Call to a member function get() on integer - /components/com_comprofiler/plugin/libraries/CB/Plugin/Privacy/CBPrivacy.php:653
Integer is converted further in the code but line 653 blocks it.

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48560
  • Thanks: 8292
  • Karma: 1445
6 years 6 months ago - 6 years 6 months ago #304630 by krileon
Replied by krileon on topic CB Privacy filtering of database query

As you sugested I use getField with 'html' output to test if field is privat or connections.
To check profile privacy I use: CBPrivacy::checkProfileDisplayAccess ( $cbUserTable )
I couldn't get to work:
a. CBPrivacy::checkProfileDisplayAccess with field parameter
b. CBPrivacy::checkFieldDisplayAccess -
both return false only if whole user profile was privat not a field only

You shouldn't need to be calling the API directly. Ensure the field is set to display on profile then enable privacy controls on the field or configure profile privacy to protect the field. Then when substituted as follows it should respect privacy.

[cb:userfield field="FIELD_NAME" /]

The above defaults to HTML output value of the profile view of a field, which is the same as the below API usage.

Code:
->getField( 'FIELD_NAME', null, 'html', 'none', 'profile' )

I have noticed a bug in CBPrivacy.php
checkFieldDisplayAccess can not be called with $field as an integer. If you try to do that you get an error:
Call to a member function get() on integer - /components/com_comprofiler/plugin/libraries/CB/Plugin/Privacy/CBPrivacy.php:653
Integer is converted further in the code but line 653 blocks it.

Fixed in latest build. Thank you for letting us know. Didn't catch it as it's being used internally with a field object.

Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.
Last edit: 6 years 6 months ago by krileon.

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum