• User can publish in an unauthorized category

    By Nicolas PERRIN 2 decades ago

    Hello,



    In first, congratulations for this database very useful.



    Our problem :

    We have created two category with two different group for access right in administration parameters.

    Everything works fine. Users see only category/domain with sufficient authorisation.



    But if the user click on the link at the bottom right '>> Show all >>' and then click 'new topic', he have a list of all category available (authorized and not authorized !)

    …so he see others group and can publish inside.



    thanks in advance



    Nicolas

    • By Brian W Wiggins 2 decades ago

      I see where you are talking about as well. But can they actually post a doucment?



      I tried it on my setup and was able to fill out the form but didn't let me actually post to the category. Just curious if yours lets you actually post

      • This is a problem; it is brokem - Here's how to test

        By Georgia Lee 2 decades ago

        If you check select all, then create anew post and choose a category to which you are not allowed, it will allow you to post, however you cannot see your post. BUT anyone authorized in that forum will…

    • but they can not post...

      By Michael Bourak 2 decades ago

      and what you see is an "on purpose" tradeoff to maximize performance.

      But be sure, they won't be able so save ;)



      PS : I'll look into improving it for the next release