Child Categories not visible to guests even though permissions allow find/access/read

Solved Technical Support
  • I have a forum with 2 levels of categories. When logged in as an admin all categories and sub-categories are visible, but when browsing as an anonymous guest, the sub-categories cannot be seen. NodeBB is v0.9.2.

    I've checked the permissions on the sub-categories and they are set as follows. I've also tried resetting and setting the permissions back but no difference:

    0_1467353814837_Screen Shot 2016-06-30 at 11.16.08 PM.png

    I checked the code and the children are definitely being filtered out due to permissions. If I comment out the following lines of code in /src/categories.js the sub-categories show.

    244 function (children, next) {
    245   privileges.categories.filterCids('find', children, uid, next);
    246 },

    I added the following to the UI to see if the .children array is empty and it is - "We have children" never shows to guests:

    <p><!-- IF ../children.length -->We have children<!-- ENDIF ../children.length --></p>

    Here's my full UI code. Nothing inside the second <ul> renders:

    <!-- IMPORT partials/breadcrumbs.tpl -->
    <h1 class="categories-title">[[pages:categories]]</h1>
    <ul class="home-category-list categories" itemscope itemtype="">
    <!-- BEGIN categories -->
    	<h2 class="title top-level-category">
    		<!-- IMPORT partials/categories/link.tpl --><br />
    		<div class="description">
    	<p><!-- IF ../children.length -->We have children<!-- ENDIF ../children.length --></p>
    	<ul class="home-sub-category-list categories" itemscope itemtype="">
    		<!-- BEGIN children -->
    		<!-- IMPORT partials/categories/item.tpl -->
    		<!-- END children -->
    	<div class="clearfix divider"></div>
    <!-- END categories -->
  • @danielflippance

    Have a look at the following post. I do not know if this is precisely the same as your issue but it seems to be in the same family.

    @julian said in 'Category Privileges' does not seem to work:

    I can confirm that the "Access Topics" privilege is not functioning correctly, so will need to look into that.

    However, with "Create Topics" disabled, the "New Topic" button is not present, and the category itself is not present in the composer dropdown, so that privilege is working as intended.

    @julian said in 'Category Privileges' does not seem to work:

    Fixed in latest master, the labels were swapped, so "Access" was actually controlling "Create", and vice versa.

Suggested Topics

  • 0 Votes
    1 Posts

    I am running a nodebb 1.15.0 system on Ubuntu 20 on nginx. It's a newer install and we've had an occasional issue on both registration and login where folks will get a message denying their login or registration.

    2020-11-12T06:11:19.312Z [4567/17870] - error: /register
    invalid csrf token


    2020-11-12T06:11:13.910Z [4567/17870] - error: /login
    invalid csrf token

    Frequently a refresh on the browser will let a user login or sometimes just waiting a few minutes.

    Here's my config.json

    "url": "",
    "secret": "secret",
    "database": "mongo",
    "port": "4567",
    "mongo": {
    "host": "",
    "port": "27017",
    "username": "nodebb",
    "password": "secret",
    "database": "nodebb",
    "uri": ""


    Nginx config

    server {

    server_name; client_max_body_size 100M; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; proxy_pass; proxy_redirect off; # Socket.IO Support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    server {
    if ($host = {
    return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80; server_name; return 404; # managed by Certbot


    Any help would be very much appreciated!

  • 1 Votes
    5 Posts

    @dogs Thank you

  • Post visibility help..

    Technical Support
    0 Votes
    3 Posts

    @pitaj said in Post visibility help..:


    I wouldn't call this security per-say, but it may be a bug in our handling of user page privileges. Make sure that only that other groups don't have any privileges in that category. If that is already so, then please open an issue on Github.

    We have one over-arching group that is kind of like "administrator" but from a forum/moderation point of view. The other individual groups have their own sub-categories. So, for each of the sub categories, the over-arching group is assigned and that one group related to that sub-category is assigned.

    I'll throw an issue up. Sound like it might be a bug.

  • 0 Votes
    1 Posts

    Prelude: Last year, ran nodeBB under a root user just fine. many months later, system crashed and had to wipe the server. This time on installation, on a new server, ran into various errors. Was told not to run nodeBB under the root user, so --

    Creating a new user, and pulling and installing a different instance of nodeBB I am now running into errors with npm install (even using the global command) and generally overall.

    Is this still due to file permission issues regarding the first time setting up nodeBB on the new server? Or is something else to blame?

    When utilizing nodeBB on the new user, npm gives errors such as not finding modules (even tried removing node_modules directory and doing npm -g install), and when I do get the npm install to not crash, running any ./nodebb command still gives errors.

    Does anyone know the issue at hand? I'm thinking of wiping the server, and giving it one more try via not using root from the start to see if the errors can be avoided altogether - if not I may just move on to a different forum system.

    Thanks in advance!

  • 0 Votes
    9 Posts

    Thanks @esiao I've been wondering how this would look.