Allow Config Option for Private Forum

[TheYorkshireDev]

For the forum I manage at work we required all users to be logged in to view content. As it stands in PopForum this is not the case, you can browse even if the user is logged in. I suggest adding a feature (I suggest this having done it already and willing to put it in the forum myself), we have a config flag on the initial Forum/Startup page which activates a check onActionExecuting to disable non-authorized users.

Obviously the default would be open to all, however for developers looking for a forum they can lock down if required for their purposes the feature is there.

[ghost]

This functionality will be great!

[mcshaz]

(I suggest this having done it already and willing to put it in the forum myself)

You couldn't post the code which hides posts from non-Authorized users could you @TheYorkshireDev ? If needed I will implement this myself, but a bit of code already tested and in production is obviously going to be quicker and safer from a security/testing standpoint.

Thanks for considering.

[jeffputz]

@mcshaz The easiest path is probably to look at the way the PopForumsUserAttribute works in the OnActionExecuting checking for the existence of HttpContext.Items["PopForumsUser"] as User, which is populated in the middleware. Make your own action filter and apply it globally, looking for that user object. Exempt things like login, create, forgot password, etc., but redirect for everything else when there's no user there. (Or... just wait... it'll probably be in the next release.)

[mcshaz]

Thank you!

[jeffputz]

OK... I think this feature is pretty well baked. There's a new checkbox in the general settings in admin. It has also been deployed to the commercially hosted version.