gh#2287julianlam created this issue in NodeBB/NodeBB closed Sitemap URLs should be URI Encoded #2287
I've seen a beautiful bug on my forum (ABM ) :
1- you make a topic with a tag [restricted] in an area restricted to a group of users
2- you connect as an user from this group and click on the tag [restricted] -> you see the topic
3- you connect as an user lambda (with no rights), you can see the tag [restricted] even if it's not in any viewable topic. I you click on it, no topic will be seen.
4- if you connect again as a user from the restricted group, the tag will have disapeared, and if you click on it on the topic, no results will be seen
Can sort of confirm. I guess the issue here would be tags visible for categories that the user doesn't have permission to view.
Second issue is once a user without permission has tried to view topics with this tag, it's no longer available to view by those even with the permission.
The problem was I was deleting tags that no longer had topics but was doing it in the wrong place. If a user couldn't see any topics the code was deleting the tag. I moved it up to actually check the tids and not the topics the user can see.