So I have a closed category for our forum moderators.
A non moderator was able to comment on a thread in our category that’s locked. I looked at the category permissions and confirmed he does not meet any of those, check this users badges, groups and user level - nothing!
I am super confused. I impersonated him and was able to see the closed thread with direct link, see below:
He can’t see the category - that’s not showing up, but I am wondering how he got here?
Thank you.
You can’t see it, but he was able to view and comment!
Ok – so found the problem.
Maybe this is a bug? That post was under a child category in a private parent category. But when I created the child category within the private parent category, it did not keep the permissions.
I am still wondering also, how he found it. The category was not listed in the drop down for him…(when it was “everyone” can see/reply…)
This is intended behavior – permissions do not inherit. (I don’t like that – I’d prefer it if the permissions of subcategories were always at least as restrictive as the parent category.)
He could have received a link to the topic, or maybe he has guessed the topic ID?
+1 on that! I totally agree.
Yeah, not sure on the second one either…Thanks!
I would agree, but only if the permissions default to that level. I would want the ability to override the permissions to make them less restrictive if I wanted to.
There is no inheritance of category permissions in Discourse.
