User Messages Privacy (Design.UserMessagesPrivacy)

Since the introduction of user messages, there are different types of messages (public, direct, to group...) that a user could access and could receive. The goal of this design document is to establish what kind of events are readable and writable.

4

5

== Definitions ==

Messages have:

* an __author__ (//the Sender//)

10

* a __target__, which can be either a user, a group, a page, a space, a wiki

11

* __scope__ or visibility, which can be one of:

12

** everyone (//public message//)

13

** followers (//private message//)

14

** specific group (//group message//)

15

** specific user (//direct message//)

16

* messages can be related to another message (reply, not implemented yet)

17

18

Not all target-scope combinations are possible. For example, if the target is a specific user, then the message must be direct (the implicit scope is the target user). If the target is a group, then the scope is implicit: group members. If the message is a reply, then the same scope as the original message is suggested, but can be explicitly changed.

19

20

Internally, the __author__ is the __event.user__, the __target__ is the __event.stream__, and the __scope__ is given by the __event.type__.

21

22

Robert is the message reader.

23

24

William is the message writer.

25

26

== Reading messages ==

27

28

This tries to establish which kind of messages Robert should be able to see.

29

30

* Messages written by Robert should always be accessible to him, regardless of the target and scope (__sender__ = //xcontext.user//)

31

* Public messages should always be accessible to Robert (__scope__ = //everyone//)

32

* "To followers" messages from William should be accessible only if Robert follows William (__scope__ = //followers// & //xcontext.user// follows __sender__)

33

* "To group" messages should be accessible only if Robert is a member of that group (__scope__ = //group// & //xcontext.user// member of __target__)

34

* "Direct" messages should be accessible only if the target of the message is Robert (__scope__ = //user// & //xcontext.user// = __target__)

35

* Messages for a given page/space/wiki should only be visible if Robert has view access to the target entity (filtered a-posteriori, //xcontext.user// has view access on __target__)

36

37

== Writing messages ==

38

39

This tries to establish which kind of messages William should be able to post.

40

41

There are different usage scenarios for messages, so there are different sets of rules, configurable from the wiki administration. It might be useful to be able to change these settings from a certain target's settings: from the user profile to reduce the number of visible messages (this requires changing the read filters, not the ruleset), or from the group settings to forbid sending messages to a group (this requires changing the ruleset depending on the target).

42

43

There are no enforcements in place yet.

=== Full Privacy ===

This ruleset tries to prevent unrequested messages from showing in Robert's message stream; he should see only messages from people that Robert explicitly trusts. William can write a message only if the recipients trust him. Very good at avoiding spam.

48

49

* Posting messages to a specific page/space/wiki should only be possible if that entity exists and William has view access to that entity; this rule is an implicit precondition for all the following rules (__target__ exists & //xcontext.user// has view access on __target__)

50

* Public messages are always forbidden (__scope__ != //everyone//)

51

* William should be able to write "to followers" messages (__scope__ = //followers//)

52

* William should be able to send a group message to a group only if he is a member of that group (__scope__ = //group// and //xcontext.user// is member of __target__); XWikiAllGroup should be somehow excluded in this case

53

* William should be able to send a direct message to Robert only if both follow each other (__scope__ = //user// & __target__ follows //xcontext.user// & //xcontext.user// follows __target__)

=== Silent ===

This ruleset tries to keep the number of visible messages in Robert's message stream to a minimum, while allowing users to send targeted messages to a third party. William can write a message to specific recipients.

58

59

* Posting messages to a specific page/space/wiki should only be possible if that entity exists and William has view access to that entity; this rule is an implicit precondition for all the following rules (__target__ exists & //xcontext.user// has view access on __target__)

60

* Public messages are always forbidden (__scope__ != //everyone//)

61

* William should be able to write "to followers" messages (__scope__ = //followers//)

62

* William should be able to send a group message to any visible group (__scope__ = //group//)

63

* William should be able to send a direct message to Robert (__scope__ = //user//)

=== Open ===

* Posting messages to a specific page/space/wiki should only be possible if that entity exists; this rule is an implicit precondition for all the following rules (__target__ exists)

68

* Public messages are always allowed (__scope__ = //everyone//)

69

* William should be able to write "to followers" messages (__scope__ = //followers//)

70

* William should be able to send a group message to any group (__scope__ = //group//)

71

* William should be able to send a direct message to Robert (__scope__ = //user//)

Wiki source code of User Messages Privacy

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected

author	version	line-number	content
		1	{{include document="XWiki.DesignClassSheet"/}}
		2
		3	Since the introduction of user messages, there are different types of messages (public, direct, to group...) that a user could access and could receive. The goal of this design document is to establish what kind of events are readable and writable.
		4
		5	== Definitions ==
		6
		7	Messages have:
		8
		9	* an __author__ (//the Sender//)
		10	* a __target__, which can be either a user, a group, a page, a space, a wiki
		11	* __scope__ or visibility, which can be one of:
		12	** everyone (//public message//)
		13	** followers (//private message//)
		14	** specific group (//group message//)
		15	** specific user (//direct message//)
		16	* messages can be related to another message (reply, not implemented yet)
		17
		18	Not all target-scope combinations are possible. For example, if the target is a specific user, then the message must be direct (the implicit scope is the target user). If the target is a group, then the scope is implicit: group members. If the message is a reply, then the same scope as the original message is suggested, but can be explicitly changed.
		19
		20	Internally, the __author__ is the __event.user__, the __target__ is the __event.stream__, and the __scope__ is given by the __event.type__.
		21
		22	Robert is the message reader.
		23
		24	William is the message writer.
		25
		26	== Reading messages ==
		27
		28	This tries to establish which kind of messages Robert should be able to see.
		29
		30	* Messages written by Robert should always be accessible to him, regardless of the target and scope (__sender__ = //xcontext.user//)
		31	* Public messages should always be accessible to Robert (__scope__ = //everyone//)
		32	* "To followers" messages from William should be accessible only if Robert follows William (__scope__ = //followers// & //xcontext.user// follows __sender__)
		33	* "To group" messages should be accessible only if Robert is a member of that group (__scope__ = //group// & //xcontext.user// member of __target__)
		34	* "Direct" messages should be accessible only if the target of the message is Robert (__scope__ = //user// & //xcontext.user// = __target__)
		35	* Messages for a given page/space/wiki should only be visible if Robert has view access to the target entity (filtered a-posteriori, //xcontext.user// has view access on __target__)
		36
		37	== Writing messages ==
		38
		39	This tries to establish which kind of messages William should be able to post.
		40
		41	There are different usage scenarios for messages, so there are different sets of rules, configurable from the wiki administration. It might be useful to be able to change these settings from a certain target's settings: from the user profile to reduce the number of visible messages (this requires changing the read filters, not the ruleset), or from the group settings to forbid sending messages to a group (this requires changing the ruleset depending on the target).
		42
		43	There are no enforcements in place yet.
		44
		45	=== Full Privacy ===
		46
		47	This ruleset tries to prevent unrequested messages from showing in Robert's message stream; he should see only messages from people that Robert explicitly trusts. William can write a message only if the recipients trust him. Very good at avoiding spam.
		48
		49	* Posting messages to a specific page/space/wiki should only be possible if that entity exists and William has view access to that entity; this rule is an implicit precondition for all the following rules (__target__ exists & //xcontext.user// has view access on __target__)
		50	* Public messages are always forbidden (__scope__ != //everyone//)
		51	* William should be able to write "to followers" messages (__scope__ = //followers//)
		52	* William should be able to send a group message to a group only if he is a member of that group (__scope__ = //group// and //xcontext.user// is member of __target__); XWikiAllGroup should be somehow excluded in this case
		53	* William should be able to send a direct message to Robert only if both follow each other (__scope__ = //user// & __target__ follows //xcontext.user// & //xcontext.user// follows __target__)
		54
		55	=== Silent ===
		56
		57	This ruleset tries to keep the number of visible messages in Robert's message stream to a minimum, while allowing users to send targeted messages to a third party. William can write a message to specific recipients.
		58
		59	* Posting messages to a specific page/space/wiki should only be possible if that entity exists and William has view access to that entity; this rule is an implicit precondition for all the following rules (__target__ exists & //xcontext.user// has view access on __target__)
		60	* Public messages are always forbidden (__scope__ != //everyone//)
		61	* William should be able to write "to followers" messages (__scope__ = //followers//)
		62	* William should be able to send a group message to any visible group (__scope__ = //group//)
		63	* William should be able to send a direct message to Robert (__scope__ = //user//)
		64
		65	=== Open ===
		66
		67	* Posting messages to a specific page/space/wiki should only be possible if that entity exists; this rule is an implicit precondition for all the following rules (__target__ exists)
		68	* Public messages are always allowed (__scope__ = //everyone//)
		69	* William should be able to write "to followers" messages (__scope__ = //followers//)
		70	* William should be able to send a group message to any group (__scope__ = //group//)
		71	* William should be able to send a direct message to Robert (__scope__ = //user//)