A very good point. And good to hear “out loud”. This is the right way for me to be thinking about confidentiality and privacy.
5 Likes
I have used private categories with “less private” subcategories, so that a group can work in their space and publish things to a larger public. I guess this line of work will become obsolete by this change. So I should let users know that when they want to publish something, they need to move it to another, more public category. But then, how do they find their common work on this? I suppose they need to maintain a “publications” topic where they link the ‘more public’ topics. Any thoughts?
1 Like
I am reviewing https://github.com/discourse/discourse/pull/6877 by @maja.
The particular condition we are protecting against is:
- category (authors: read)
- subcategory (pilots: read)
What this means is that pilots are not allowed to see anything in the category yet have been granted permissions in the subcategory so something is fishy 
The condition:
- category (authors: read)
- subcategory (pilots: read, authors: write)
Is still 
after this new validation.
The tricky thing though 
is that we no longer will allow:
- category (trust_level_3: read)
- subcategory (trust_level_4: write)
This particular edge case gives me pause, there is an easy enough work around … you would have to explicitly change
- category (trust_level_3: read, trust_level_4: read)
Given the OP is in a pretty bad state I say we see how the new restriction shakes up. FYI @HAWK @jomaxro
10 Likes
@sam I see the PR is merged, but I’m not sure if the functionality for inheritance is reflected in our install of discourse v2.4.0.beta2 +183?
We were quite shocked to realize that all of the content we thought was private in subcategories was instantly available to the unauthenticated public via latest.
As we have almost 10 categories each with numerous subcategories, it would be really cumbersome to have to manually set the permissions manually for each one.
1 Like
@sam It seems to work now, but looks like there is one corner case left (which screwed us up a bit today 
)
It is possible to delete all permissions on the Security tab when creating the subcategory, and then the subcategory (e.g. of the staff category) will be created successfully and visible to everyone.
Following up to see if this option was enabled somewhere? A way to change the categories permission and all subcategories inherit that new permission?