Provide user activities #330
Description
Summary
Display recent activities on a user’s profile page based on their interactions with the system, ensuring only authorized data is shown.
- Data Collection
- Track relevant user interactions (e.g., created, updated, commented, etc.).
- Store these interactions in the relational database with enough metadata to identify the related resource.
- API Endpoint
- Provide an endpoint to retrieve a list of recent activities for a specific user.
- The endpoint should filter activities based on the access level of the requesting user.
- Permission Filtering
- For each activity, check if the requesting user has at least
readpermission for the resource the activity relates to. - If the user has permission → include the activity.
- If not → exclude the activity from the result.
- For each activity, check if the requesting user has at least
- UI Display
- On the user profile page, display the filtered list of recent activities.
- Ensure the display is responsive and updates as new activities occur.
Security Note
By filtering activities based on resource access levels, we prevent exposure of private or restricted data.
Drawbacks
If permission based filtering is poorly implemented, we may expose private data through the activity feed.