The problem here is (after checking this out) that forums only requires a user_id from ad_conn. It does not check if the user_id is still valid 😊.
Interestingly, not even auth::require_login does this, and I always assumed that this would be the procedure to make sure that we have an approved, logged in member.
Should we maybe write something like [auth::require_approved_login]? Or should we TIP changing the default behaviour for auth::require_login? Or is there a procedure I utterly missed that does exactly that ?