Silenced user can circumvent it entering anonymous mode

When the user is silenced, entering anonymous mode allows to post without restrictions.
Discourse 3.3.0.beta6

2 Likes

Suspending the account which already entered anonymous mode also won’t suspend (or log out) anonymous account.

What TL is the silenced user?

Just tested on TL=1 test user.

What is the value for the anonymous posting allowed groups setting?

TL=0, everybody.

Wow, I’m surprised people won’t abuse it.

Anyway, perhaps try limiting it to a specific group which has everyone? Then remove users if you don’t want them to go anonymous mode?
Or, limit it to TL1, and demote this user to TL0?

2 Likes

Sure, I can solve the issue. I’m reporting the bug in the engine.

4 Likes

I see. I was just providing a workaround.

2 Likes

Easier? long term solution would be disabling anonymous mode from silenced users :thinking:

4 Likes

I think this issue could be fixed by adding
return if user.silenced? || user.suspended?
to

and

By the way, I am curious as to why the permission check for can_post_anonymously is not implemented within the Guardian module.

1 Like