Post visibility help..
I have a weird issue with the way some security is set up in some private sub-forums.
We have a forum that has several "group only" areas that are controlled by group membership and only that group can even see the category and post/read messages in it.
That part works fine. If you're not in that group, you can't navigate to the category and see the posts. They can't even see the category, in fact.
The problem, however, is that if user SomeUser posts a message in one of those categories, you can navigate to SomeUsers's user page and see that 1) the category exists, 2) the user posted something in the category and 3) the first 8-10 lines of the post listed.
Is there a way to prevent that? I can't see anything in the existing security settings that would cover that kind of situation.
I wouldn't call this security per-say, but it may be a bug in our handling of user page privileges. Make sure that only that other groups don't have any privileges in that category. If that is already so, then please open an issue on Github.
We have one over-arching group that is kind of like "administrator" but from a forum/moderation point of view. The other individual groups have their own sub-categories. So, for each of the sub categories, the over-arching group is assigned and that one group related to that sub-category is assigned.
I'll throw an issue up. Sound like it might be a bug.