So I have a closed category for our forum moderators.
A non moderator was able to comment on a thread in our category that’s locked. I looked at the category permissions and confirmed he does not meet any of those, check this users badges, groups and user level - nothing!
I am super confused. I impersonated him and was able to see the closed thread with direct link, see below:
Maybe this is a bug? That post was under a child category in a private parent category. But when I created the child category within the private parent category, it did not keep the permissions.
This is intended behavior – permissions do not inherit. (I don’t like that – I’d prefer it if the permissions of subcategories were always at least as restrictive as the parent category.)
He could have received a link to the topic, or maybe he has guessed the topic ID?
I would agree, but only if the permissions default to that level. I would want the ability to override the permissions to make them less restrictive if I wanted to.