Hi! I run a branded Discourse community where users have to go through our SSO to create an account and none of the content within the community should be public. We’re looking at making some of the content public so I went into the settings to see the options, but noticed what seems to be a pretty big bug.
In settings, I turned on anonymous access by unchecking this box:
We have all of our content organized in categories and all categories have a security setting of trust_level_0 or stricter. None of it is visible to “everyone” so just by allowing anonymous access, anonymous users still shouldn’t be able to view anything. That seems correct when I go and have things sorted by categories, but not when sorted by latest or top.
Here’s what the homepage looks like now for anonymous users when sorted by category:
And here’s the view now for anonymous users when sorted by latest:
Why is this happening? Shouldn’t the topics still be blocked for anonymous users since they’re sorted into categories that aren’t visible? If not…what’s the point of security settings if everyone can read everything anyways?
I’ve turned off anonymous viewing now until I can get this sorted cause I want to make sure nothing is visible that’s not supposed to be but would love to figure this out.