Greetings dear Discourse team and forum users! I recently installed this templates plugin in composer and am actively testing it these days.
Today I discovered that it violates the privacy of hidden topics provided by the Category Lockdown plugin )
If a user has access to a category but cannot view topics in that category, they can easily bypass these restrictions by using the insert template feature in the post editor. Where all hidden topics are presented as templates. The fact is that on my site, in certain categories, each theme is a template to which a select group of users has access. Although these template themes are hidden from general users, the categories of these themes are not hidden as we are trying to promote these templates using the Category Lockdown plugin.
Here is the video report.
For this video, I logged into the forum as a regular user, who does not have access to the hidden topic. But as you can see, the user easily bypassed the restriction and saw the contents of the topic.