CUNY Academic Commons

I've removed the "My Docs > Create New Doc" admin bar menu item in https://github.com/cuny-academic-commons/cac/commit/f6384200c1c0b7bbe87bdee8966132e4ba70f8bb. This will be a part of next Tuesday's maintenance release.

I have a question about the Docs Directory page: https://commons.gc.cuny.edu/docs/. This page is still accessible if one knows the URL. Do we want to redirect away from this page? Also if you view the Docs Directory, there are quite a few docs created by users that are not connected to a group. Some are using Docs for classes, essays, blog posts, cover letters, etc. This suggests that there may be some utility in keeping doc creation for users...

Thanks, Ray. For those docs unconnected with a group, are many of them recent -- say, over the last 6-12 months?

Thanks, Ray. For those docs unconnected with a group, are many of them recent -- say, over the last 6-12 months?

44 docs from February 2022 until now.

#17654 is a case where the ability to create Docs outside of groups caused some problems. Summary:

- A user created a doc via commons.gc.cuny.edu/docs/create
- The buddypress-group-in-docs plugin, which assumes that no doc creation will happen outside of groups, removed the 'Access Control' dropdowns. See https://github.com/cuny-academic-commons/cac/blob/a55d47faf5d88a2fa7e6378130bd8c00f689178d/wp-content/plugins/buddypress-docs-in-group/includes/bpdig.php#L146
- As a result, the user's new doc was created without any access control settings being saved in the database at all. Docs then fell back on the permissive default settings (including 'edit=loggedin'), with no indication that this was the case, and no ability to change the defaults.
- Some other spammy user knew enough about this to take advantage.

So I think we need to be more aggressive than Ray's changes. I've added two additional things:
1. Show Access Settings when you're looking at the Create/Edit page outside of a group. This will at least give users the ability to see and change the Access Controls. https://github.com/cuny-academic-commons/cac/commit/bbf46db0deeb3d3a8775d00c4fb20427b4c44c8d
2. Redirect away from commons.gc.cuny.edu/docs/create. https://github.com/cuny-academic-commons/cac/commit/7aba56511dbe36daf93fdc7711ae2232cd21a34a

This should fix the issue for the future.

As for existing items, it's possible to write a script that goes through and changes the Edit setting to 'The Doc author only' for each Doc that wasn't created in the context of a group. This would cause a problem if there were instances where someone was specifically using Docs to collaborate with someone outside of a group, but I would guess that there are zero or close-to-zero instances like this, and in those instances they could just manually configure the access settings. What do others think of this?

As for existing items, it's possible to write a script that goes through and changes the Edit setting to 'The Doc author only' for each Doc that wasn't created in the context of a group.

I think that should be fine.

This would cause a problem if there were instances where someone was specifically using Docs to collaborate with someone outside of a group, but I would guess that there are zero or close-to-zero instances like this

1. https://commons.gc.cuny.edu/docs/hotmail-log-in/history/ - Luke's recent doc that was updated with spam within a day
2. https://commons.gc.cuny.edu/docs/facilitation-sign-up-2/history/ - Legit doc from 2015

Hi Boone, was just looking over the script and I think there's a typo. Line 31 should be changed from:

update_post_meta( $doc_id, 'bp_docs_settings', true );

to:

update_post_meta( $doc_id, 'bp_docs_settings', $doc_settings );