Make permissions scheme on Friends Pages stricter
Short, concise description of the idea
Suppose X views the friends page of Y. Currently X can see any entry they're allowed to see out of those posted by Y's friends. The idea is to let them see only entries both X and Y would be allowed to see.
Full description of the idea
The motivation for this idea was a certain volume of support requests that show a common confusion among users. Basically, they seem to be convinced that if they see an entry on someone's friends page (Y's, say), then the owner of the friends page (Y) will also see it, which is of course not true in general. Then people complain to Support saying that the 'friends-only' and 'custom' security settings are insecure and buggy. By letting X see only those entries both X and Y are allowed to see, they can check on everybody's friends page to see if the custom security is working correctly. (Currently, to check it they would have to ask all of their friends.)
Clarification by example: Al creates a 'custom' security entry which Bob should be allowed to see, but Charlie shouldn't. Then Al goes to Charlie's friends page. Al sees his entry there, on Charlie's Friends page, and then thinks that Charlie will also be able to see it there.
Unfortunately, I don't think this could be made an option, because that would only confuse users more. The point in this is to reduce confusion.
An ordered list of benefits
- Well, I've outlined the benefits above already...
- fewer support requests
- fewer confused users
- more clarity and visibility as to who can see what
An ordered list of problems/issues involved
- Well, one obvious downside would be that you would lose some of the current functionality of friends pages, but I really don't think it's going to be much of a problem:
- I don't think a lot of people look at other people's friends pages regularly, and those that do probably only do it to find random entries to find prospective friends. In this situation, it would not matter if they missed out on some protected entries because those people are already friend-ofs and thus some sort of acquaintance.
- If Y is in a lot of communities, then their friends page would show a lot of community entries, some of which may be members-only. Now, since Y is watching the community, it is likely that either they are also a member (in which case this suggestion does not create further restriction) or the community is closed (in which case it is likely that X isn't a member either and thus, again, no new restriction introduced). The few cases where this doesn't apply are rare.
An organized list, or a few short paragraphs detailing suggestions for implementation
- I'm pretty certain there's some function that checks if person X can see entry E. There shouldn't be much of a problem in checking if Y can also see entry E while generating friends views.