Registred User can join private groups
-
Hi there!
I've got an embarrassing problem, i created some private groups for administration like moderator and community management, but all registred users can join this groups despite the fact that this groups are privates.
The only solution to stop people joining is to hide the groups.I'm on debian and nodebb 0.9.
Is there a fixe published ?
Thx, Bilou.
-
How are they joining the private groups?
There should be no join button on the groups page if its private? And there is a server side check that prevents them from joining here https://github.com/NodeBB/NodeBB/blob/master/src/socket.io/groups.js#L42
-
Maybe this error is the problem :
WebSocket connection to 'ws://xxx.xxx.fr/socket.io/?EIO=3&transport=websocket&sid=G1SwCsUk0KFun1IOAABK' failed: Error during WebSocket handshake: Unexpected response code: 400
I'm running on Apache 2.4 whit proxypass and proxypassreverse.
Edit : I fixed this error and doesn't fixe the problem.
-
Hello
I tried on this forum (community.nodebb.org) to join the group "gamers" which is private and it's work whereas i tried "staff" group and my invitation is pending.Please help me
Bilou.
-
@baris I can confirm that this is a real bug. I've tested this on both 0.9.0 and Master, and I could join a private group with a normal user account. As shown in my GIF below.
http://i.imgur.com/ij7XMnC.gifv -
@baris I installed NodeBB on a debian server just yesterday (cloned nodebb 0.9 branch) and I cannot make groups private. Tried unsetting ande re-setting the private option in ACP, still no-go. The group says private in the frontend but people can still join freely.
-
@nicoechaniz make sure you have this option enabled in ACP -> Settings -> Group
-
This was caused by old groups not having the
private
field in the database. I have fixed it on master, it only affects old groups since newly created groups have the private field. You can probably go into the group that has the problem and uncheck private > save > check private > save to fix the problem. -
@pichalite that was it. It's a bit confusing... Maybe the private option for specific groups should be grayed out if the general option for allowing private groups is disabled, to make this clearer.