Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Category; Invisible w/ custom permissions?

RajioRajio
edited June 2011 in Vanilla 2.0 - 2.8
I see I can set custom permissions for a category. Great. I've set one so nobody but admins can view/add/etc posts for that category. Problem is, non-admins can still see the posts. No they can't go in them but I would like it so that ONLY users logged in and in the appropriate user role can see those discussions in their discussion lists, for everybody else this category should simple not exist. the post, category listing, etc should be invisible.

Is there a way I can set this?
Tagged:

Best Answers

  • lucluc ✭✭
    edited July 2011 Answer ✓
    I'm also on the latest unstable.
    Works fine.

    Edit the category, check "it has custom permission", and make sure only the admins have rights on the category.

    When logged out, I don't even see that the category exists.
  • lucluc ✭✭
    edited July 2011 Answer ✓
    @Torbjorn: It even worked before on 2.0.17

    There is also something that has been corrected later than b2. Maybe that's your case.
    commit 620434e2dc5265e94a7483c4b69aa5dcc4378ef0
    Author: Todd Burry
    Date: Tue Jul 5 10:39:13 2011 -0400

    Fixed security loophole when people accidentally give the guest account sign in permission and can then see all conversations.

Answers

  • It looks like it USED to be an option;

    http://vanillaforums.org/discussion/8638
  • lucluc ✭✭
    The link was about v1.

    What you're trying to achieve still works. You're surely didn't set the permissions correctly.

    How do non-admins see the posts?
  • I have a category called 'secret category'. if i (as admin) create a discussionunder that category and then sign out, i can see the discussion in the list still. i cant enter it though. same if i then sign in as a regular user. can see it in disucssion list, but not enter it. upon entry i'm told "Permission Problem
    You don't have permission to do that."

    That category has custom permissions. EVERYthing unchecked except for add+view for comments + dicussions under the Administrator role.

    latest beta version of Vanilla btw
  • lucluc ✭✭
    edited July 2011 Answer ✓
    I'm also on the latest unstable.
    Works fine.

    Edit the category, check "it has custom permission", and make sure only the admins have rights on the category.

    When logged out, I don't even see that the category exists.
  • I just creted a new category to test with - turns out it works now? weird. maybe it was a cache issue or something. :/

    thanks luc.
  • ok i just tried doing the same on my live site. i have a category called 'staff' set so that only admins and moderators can view it. all other roles have no checks for that category. yet look, visit it without even signing in and you can see it;

    http://www.delayofgame.ca/
  • to be clear, when not signed in i can still see the category in teh sidebar, but i cant access it. i can see the posts in teh 'all discussions' list but i cant access them. i would like users without access to not even know that category exists; not see the discussions listed at all.
  • I have the same issue. Both the category and the discussion can be viewed by guest/member. But not accessed. @luc i have a fresh install of 2.10.18b2 released June 6 are you sure we are talking about the same codebase?
  • lucluc ✭✭
    edited July 2011 Answer ✓
    @Torbjorn: It even worked before on 2.0.17

    There is also something that has been corrected later than b2. Maybe that's your case.
    commit 620434e2dc5265e94a7483c4b69aa5dcc4378ef0
    Author: Todd Burry
    Date: Tue Jul 5 10:39:13 2011 -0400

    Fixed security loophole when people accidentally give the guest account sign in permission and can then see all conversations.
  • Good to know :)

    *waits for b3*
  • This is EXACTLY what I was looking for. Now I can have a moderator/admin category that no members can see!!!!

Sign In or Register to comment.