[BUG] Privacy issue: invited members bypass moderation and group rules!

Sperber

Member
truonglv ,
another issue found: when a user has been invited into a group where joining users have to be moderated by the group settings, those invited users bypass the moderation and instantly become added to the group with full read & write access. This is a serious privacy issue and I´ld like to urge you to fix this.
 

Truonglv

Staff member
Tech Support
That kinda weird flow for users. User receive an invitation then accept and still waiting a confirmation from moderator?

Anyway. I have remove invited state as valid so invited members cannot access as a valid member.
 

Sperber

Member
That kinda weird flow for users. User receive an invitation then accept and still waiting a confirmation from moderator?
No, that´s not weird - that´s the usual behaviour of any group function out there when it comes down to closed groups. For open groups this ain´t a problem, as the whole group content is public anyway. But in closed groups you may be have content, you don´t want to show off to the public or others without your consent as group admin. The point why this option now became a problem for closed or secret groups is, that your add-on is lacking of two optional preferences in the group privacy settings:

- Allow group members to invite others... (going to group moderation queue - no read/write access)​
- ... and allow invited members to bypass join request moderation. (no moderation, direct access- full read/write access)​
 
Top