As a regular on the Hopscotch Forum, I have access to most of the categories of topics, but there are some that I can’t create topics in, such as “Announcements” [as I am not a part of the team]. When quoting a post from a topic that had previously been closed, the quote appears in a new topic draft that is automatically set to the category that the closed topic is in. These two facts combine to give users a loophole, permitting them to create topics in categories they shouldn’t normally be able to create them in by simply deleting the quoted post and treating the empty draft as a normal topic draft.
Demonstration
For example, here is an empty topic draft in the Discourse Meta category Announcements, which, like the Hopscotch Forum version, is normally off-limits to me.
While I personally have never seen this exploited, I believe that it already has been done somewhere out there, and that it could potentially be an issue if it happens frequently enough that the leadership team of a smaller forum is overwhelmed.
How to reproduce
Find a closed topic in a category that is off limits
Quote a random post
When the quote appears in a topic draft, delete it
I’ve just given this a quick runthrough on my test site and while it prefills the category in the composer, on creating the topic it serves a permission pop-up:
I wanted to report the same issue today. It’s quite confusing that a category is pre-selected that the user is prohibited from posting in. The error message does not give you any hind why there is an error. So you need to have to knowledge of the categories and their permissions to know why posting the topic failed.
It would be more user-friendly if the error message could prompt you to select a different category or if the category would not be pre-filled when the user is not allowed to post there.
