Buy Hosting

Child Categories not visible to guests even though permissions allow find/access/read

Solved Technical Support
  • danielflippanceD

    I have a forum with 2 levels of categories. When logged in as an admin all categories and sub-categories are visible, but when browsing as an anonymous guest, the sub-categories cannot be seen. NodeBB is v0.9.2.

    I've checked the permissions on the sub-categories and they are set as follows. I've also tried resetting and setting the permissions back but no difference:

    0_1467353814837_Screen Shot 2016-06-30 at 11.16.08 PM.png

    I checked the code and the children are definitely being filtered out due to permissions. If I comment out the following lines of code in /src/categories.js the sub-categories show.

    244 function (children, next) {
245   privileges.categories.filterCids('find', children, uid, next);
246 },

    I added the following to the UI to see if the .children array is empty and it is - "We have children" never shows to guests:

    <p><!-- IF ../children.length -->We have children<!-- ENDIF ../children.length --></p>

    Here's my full UI code. Nothing inside the second <ul> renders:

    <!-- IMPORT partials/breadcrumbs.tpl -->
<h1 class="categories-title">[[pages:categories]]</h1>

<ul class="home-category-list categories" itemscope itemtype="http://www.schema.org/ItemList">

<!-- BEGIN categories -->

	<h2 class="title top-level-category">
		<!-- IMPORT partials/categories/link.tpl --><br />
		<div class="description">
		{../descriptionParsed}
		</div>
	</h2>

	<p><!-- IF ../children.length -->We have children<!-- ENDIF ../children.length --></p>

	<ul class="home-sub-category-list categories" itemscope itemtype="http://www.schema.org/ItemList">
		<!-- BEGIN children -->
		<!-- IMPORT partials/categories/item.tpl -->
		<!-- END children -->
	</ul>
	<div class="clearfix divider"></div>
<!-- END categories -->
</ul>
    0
  • rodR

    @danielflippance

    Have a look at the following post. I do not know if this is precisely the same as your issue but it seems to be in the same family.

    @julian said in 'Category Privileges' does not seem to work:

    I can confirm that the "Access Topics" privilege is not functioning correctly, so will need to look into that.

    However, with "Create Topics" disabled, the "New Topic" button is not present, and the category itself is not present in the composer dropdown, so that privilege is working as intended.

    If a user does not have the "topics:create" privilege in a category, they are denied read access to topics in that category · Issue #4753 · NodeBB/NodeBB

    favicon

    GitHub (github.com)

    Specifically:
    @julian said in 'Category Privileges' does not seem to work:

    Fixed in latest master, the labels were swapped, so "Access" was actually controlling "Create", and vice versa.

    1

Suggested Topics

  • J

    Problem with invalid csrf token on registration/login

    Technical Support
    0 Votes
    1 Posts
    239 Views
    J

    I am running a nodebb 1.15.0 system on Ubuntu 20 on nginx. It's a newer install and we've had an occasional issue on both registration and login where folks will get a message denying their login or registration.

    2020-11-12T06:11:19.312Z [4567/17870] - error: /register
    invalid csrf token

    or

    2020-11-12T06:11:13.910Z [4567/17870] - error: /login
    invalid csrf token

    Frequently a refresh on the browser will let a user login or sometimes just waiting a few minutes.

    Here's my config.json

    {
    "url": "https://opposite-lock.com",
    "secret": "secret",
    "database": "mongo",
    "port": "4567",
    "mongo": {
    "host": "127.0.0.1",
    "port": "27017",
    "username": "nodebb",
    "password": "secret",
    "database": "nodebb",
    "uri": ""
    }

    }

    Nginx config

    server {

    server_name opposite-lock.com; client_max_body_size 100M; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass http://127.0.0.1:4567; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/opposite-lock.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/opposite-lock.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    }
    server {
    if ($host = opposite-lock.com) {
    return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80; server_name opposite-lock.com; return 404; # managed by Certbot

    }

    Any help would be very much appreciated!

  • T

    CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

    Technical Support
    1 Votes
    5 Posts
    779 Views
    IvorzkI

    @dogs Thank you

  • E

    Post visibility help..

    Technical Support
    0 Votes
    3 Posts
    1k Views
    E

    @pitaj said in Post visibility help..:

    Hmmmm...

    I wouldn't call this security per-say, but it may be a bug in our handling of user page privileges. Make sure that only that other groups don't have any privileges in that category. If that is already so, then please open an issue on Github.

    We have one over-arching group that is kind of like "administrator" but from a forum/moderation point of view. The other individual groups have their own sub-categories. So, for each of the sub categories, the over-arching group is assigned and that one group related to that sub-category is assigned.

    I'll throw an issue up. Sound like it might be a bug.

  • Z

    NodeBB and File Permissions across the system

    Technical Support
    0 Votes
    1 Posts
    661 Views
    Z

    Prelude: Last year, ran nodeBB under a root user just fine. many months later, system crashed and had to wipe the server. This time on installation, on a new server, ran into various errors. Was told not to run nodeBB under the root user, so --

    Creating a new user, and pulling and installing a different instance of nodeBB I am now running into errors with npm install (even using the global command) and generally overall.

    Is this still due to file permission issues regarding the first time setting up nodeBB on the new server? Or is something else to blame?

    When utilizing nodeBB on the new user, npm gives errors such as not finding modules (even tried removing node_modules directory and doing npm -g install), and when I do get the npm install to not crash, running any ./nodebb command still gives errors.

    Does anyone know the issue at hand? I'm thinking of wiping the server, and giving it one more try via not using root from the start to see if the errors can be avoided altogether - if not I may just move on to a different forum system.

    Thanks in advance!

  • ShardS

    Accessing category children...

    Moved Technical Support
    0 Votes
    9 Posts
    3k Views
    trevorT

    Thanks @esiao I've been wondering how this would look.

Copyright © 2023 NodeBB | Contributors