Hola a todos,
¿Existe alguna forma de limitar el inicio de sesión en un foro a un rol específico, como moderadores o administradores?
Antecedentes: Estoy migrando un foro más grande y, aunque la URL de este foro es desconocida para el público, quiero limitar el inicio de sesión solo a moderadores y administradores mientras probamos todo después de la migración y nos preparamos para la transferencia final.
Pensé que habría visto alguna opción en el pasado, pero no logro encontrarla ahora.
You can make it so the forum is by invitation only until you’re up and running. Then you can change it to accept public registrations once you’re ready. In your Dashboard go to Login and tick the boxes to set it up how you wish. Once you’re ready, go back and make the necessary changes.
This won’t work once users are imported and their accounts activate.
A temporary reverse proxy would work with authentication but introduces complexity.
Is a DNS name change a possibility? How are you planning to manage downtime?
You probably want to suspend all users so that they aren’t getting sent emails, which would keep them from being able to log in even if they should stumble on the site.
If that’s somehow not good enough, you could modify the nginx in the container to require bait auth in order to get to the site.
I totally wasn’t aware that Discourse doesn’t really have any role based capabilities. I had only used it in projects so far where this wasn’t an issue. I thought it whould be possible to limit login through that.
@JimPas as @Stephen rightfully said that won’t work for the imported users.
DNS Name change will be in place for that period as the old forum will still continue to be live in that time but as I said initially I wanted to have additional protection.
Looks like http base auth will be the only way to put additional protection on it and keep users from logging in. I need to check how that works.
Thanks guys.
Not exactly, you always have the good old fallback of unpublishing the public DNS record and using a hosts entry for periods. It will break Let’s Encrypt if you rebuild while public DNS is absent, but otherwise it works. Users would need to know the new DNS name AND IP address to access it.
Disabling accounts is an option, but there’s also an option to disable all email in /admin which is probably prudent.
As a thought, you can also control access from one more layer by implementing your own IdM/SSO. More work, but potentially huge payoffs in other areas down the line. All depends what you’re comfortable with.
thanks for naming the alternatives, @Stephen.
I think base auth would be the most straightforward way. Using local hosts files is a bit cumbersome for the less technical advanced staff members/moderators and IdM/SSO is definitely too much of a hazzle for the hopefully short period of time that is needed to lay the ground work for the final migration. Also we’re not super secure there so we might still not secure it at all too.
Para actualizar esto, creo que ahora tenemos un modo de ‘solo lectura para el personal’. Sin embargo, no estoy 100% seguro de cómo activarlo. 
No parece haber ningún botón en la interfaz de usuario, aparte del ‘solo lectura para todos’ normal. 
Voy a investigar.
Ahora tenemos algunas instrucciones en una guía: