User sent message digest for topics they can't access


(Alexander Wright) #1

I’ve just started a Discourse server with a set of access controlled categories.

Users who are not in these categories are being sent activity digests containing topics in these locked topics.
Is this a configuration problem, or a bug?


(Jeff Atwood) #2

Likely a config problem with your category permissions. Are they subcategories? Remember that permissions are not inherited.


(Alexander Wright) #3

They are subcategories, but it is they that have the stronger permissions, allowing access from a roup and admins only.

I don’t have “surpress this category from the homepage ticked”, would that be it?


(Jeff Atwood) #4

Can you describe the permissions scenario in some detail? Also, suppressing a category from the homepage is only a visual suppression, it has no bearing on actual category security.

Edit: also, use admin/email/preview-digest and enter the target user plus date to preview the digest content exactly.


(Alexander Wright) #5

I have a userbase with both open access and restricted categories.

To organise the restricted categories, they are a set of subcategories. The top level has view access to everyone, the subcategories are each restricted to their own group (and admin):

Top Category:

Example Subcategory:

ITAG is the access group.

I’ll check the email access link you provided, thank you.


(Alexander Wright) #6

Further investigation would imply the user reporting the problem had received a copy of someone else’s email.

Ta for the support.