×
Kunena 5.1.5 Released - Security Release (14 Oct 2018)

The Kunena team has announce the arrival of Kunena 5.1.5 [K 5.1.5] which is now available for download as a native Joomla extension for J! 3.8.x. This version addresses most of the issues that were discovered in K 5.1 and issues discovered during the development stages of K 5.1. This is a Security release.

× This is for users to help other users, to discuss topics that are related to forum administration in general or problems in running Joomla. This is not the place to ask for Joomla support. If you want assistance with Joomla please ask at forum.joomla.org

Question Restrict all access to forum pages so that only specific authorised accounts can see them

More
5 years 1 month ago - 5 years 1 month ago #1 by Mi
Hello world.
I integrated Kunena 3.0 into my Joomla site and it works well with users seamlessy integrated .

However, only "some" registered users should get access to my forum, so I need a way to "intercept" the request for any kunena page (like <mysite>/index.php/forum/index or <mysite>/index.php/forum/recent), check if the registered user is authorized to use it, and eventually redirect him/her to another page.

Of course I could put a page in the middle, but in this case a user my bypass the trick if he directly tries to open the forum.

Any suggestions, really appreciated.

Thanks

Mauro
Last edit: 5 years 1 month ago by Mi.

Please Log in or Create an account to join the conversation.

  • sozzled
  • Visitor
5 years 1 month ago #2 by sozzled
This is easy to do with Joomla ACL. Put the users into a specific Joomla user group and define your Joomla menu items so that only members of that particular Joomla user group can see and use those menu items.

Please Log in or Create an account to join the conversation.

More
5 years 1 month ago #3 by Mi
Thanks, I agree that this would make it easier. However as you know, when you change the ACL then the user needs to log-off + log-on again.
This makes the user experience quite confusing sometimes, so I solved this issue by adding a short php code that check if the user can access that page and forwards him to a warning page where it is explained how to get rights to access the forbidden page.

So I would like to do the same with the forum page, but since it's not an article I don't know how to intercept the page loading.

Thnaks

Mauro

Please Log in or Create an account to join the conversation.

  • sozzled
  • Visitor
5 years 1 month ago - 5 years 1 month ago #4 by sozzled

Mi wrote: I agree that this would make it easier.

It's not a case of making it "easier"; that's just how Joomla works. :)

Mi wrote: ... as you know, when you change the ACL then the user needs to log-off + log-on again.

That's correct - that's a Joomla "thing" - but I don't think it's necessarily critical to try to re-query Joomla permissions on-the-fly; why not logout and then login again? That's a fairly simple solution (even if it's not the most "elegant" solution) isn't it?

Mi wrote: Of course I could put a page in the middle, but in this case a user my bypass the trick if he directly tries to open the forum.

Actually, no. If you protect your Joomla menu items with ACL - and you can also further protect the Kunena component with ACL if your knowledge of how Joomla ACLs work - if a person does not hold the appropriate permissions at the time then they cannot "bypass" the security as you suggest simply by trying to access Kunena (or any other Joomla extension) directly with the target of a URL.
Last edit: 5 years 1 month ago by sozzled.

Please Log in or Create an account to join the conversation.

  • Not Allowed: to create new topic.
  • Not Allowed: to reply.
  • Not Allowed: to add attachements.
  • Not Allowed: to edit your message.
Time to create page: 0.081 seconds