WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] [Plugin: Private groups] Forums still directly accessible via URL (2 posts)

  1. Frank
    Member
    Posted 3 weeks ago #

    Thanks for making this plug-in! After some issues installing it (updated BBPress after installing Private Groups, which necessitated a re-install of Private Groups) everything is working as it should.

    However: there's one issue with accessibility of forums which should not be accessible. Situation:

    1. I have 4 forums: Course Information 2013, Course Reading 2013, Course Information 2014 and Course Reading 2014. All forums are set to 'Private'.

    2. The two 2013-forums are in forum group '2013', the 2014-forums in forum group '2014'.

    3. I have created a user (Pete) who only has access to '2014', i.e. when I log in as this user I can only see the two 2014-forums.

    That's all good, but due to the nature of the names of my forums, students from 2014 can easily guess the URL of last year's forums. By changing the URL from /forum/course-reading-2014 to /forum/course-reading-2013, Pete actually has full access to last year's forums where he can see all the answers his predecessors have given to the questions he'll be asked!

    Clearly this is no good - the plugin seems to simply hide the forums from view, but not block access to them via direct URL. Is there a way to make it so that when an unauthorized user attempts to visit a forum he has no access to, he gets the same message a non-logged-in user would get, i.e. 'page not found'?

  2. Frank
    Member
    Posted 3 weeks ago #

    I've gone about posting this in a noobish way. I thought adding the prefix [Plugin: Private Groups] would automatically link the topic to the plugin, but it doesn't. In order to increase my chances of reaching the author of the plugin I will re-make this topic using the option at the specific plugin-page. This topic may be closed or deleted.

Reply

You must log in to post.

About this Topic