Forum OpenACS Q&A: block forum posts from unregistered users

How does one go about blocking unregistered users from posting in forums?

The permissions for the forum in question are currently:

public --> read
subsite members --> create, write

This is for a site using cvs Head.

/Torben

Collapse
Posted by Dave Bauer on
Everything looks fine. Public does not have permission to post on the forums.

You need create permission on the forum object to post.

Collapse
Posted by Dave Bauer on
I double checked and your configuration is the same as openacs.org. Public can read but not post.
Collapse
Posted by Dave Bauer on
I checked further. There is a bug on HEAD. Look in forums-security-procs.tcl. If user_id is not specified to assumes registered user for checking permissions.

Around line 65 can_post_forum_p procedure.

I am not sure what exactly the goal of that change was, but I am pretty sure it is not working as expected.

Collapse
Posted by Torben Brosten on
Aha. I was trying to decipher the meaning of can_post_forum_p

and investigating the possibility of spoofing as a registered user by url hacking with data from a registered user and using user_id of 0.

Thanks for that find.