[bobdobbs]

Yes, I’m definitely after a lock rather than a deterrent.

I’m going on the assumption that http requests for bbpress content returns a url with a path that has ‘forums’ in that position.

What are the ways that non-members can access content outside of that condition?

ie, what are the other conditions that I have to protect against?

[bobdobbs]

Hi Robin. I looked at this a while ago and did some experimentation with it.
I’m sure it does what I need, but it requires too much configuration and mental overhead for my simple requirements.

That’s not a criticism of the plugin itself! It looks great!

But its flexibility requires me to learn its complex model.
And my needs are dead simple: simply make all forum content inaccessible to everyone who isn’t signed in as a forum member.

Afaict, the function I’ve created above does a good enough job toward that end.
The main issue is that it allows access to anyone who isn’t a member, as long as they have a login to the website.

For me this isn’t a problem yet: the only members of the site will be forum members.
At this point I’m not sure how to test for that. I’ll get around to figuring that out at some point.

[bobdobbs]

I have a solution.

It relies on a couple of assumptions: one being that the structure of URL’s is like this:
‘http://mysite.com/forums/…’

Assumption 2: all users with an account on the website are allowed to access the forum.

This function does the following:
If the user requests a resource under ‘/forums/’ then we test to see if the user has a wordpress account and is logged in. If the user isn’t logged into the wordpress account, then they get denied.

In production I’ve replaced ‘wp_die’ with a wp_redirect to another page.

/**
* If a user is not a forum member, and requests the forum index page then redirect them
*/

add_action('init', 'as_protect_forums');

function  as_protect_forums() {

    // get the path of the requested URI
    $current_url = home_url($_SERVER['REQUEST_URI']);

    $path = parse_url($current_url, PHP_URL_PATH) ;

    $parts = explode('/', $path) ;

    $first_part = $parts[1] ;

    if (  $first_part === 'forums' ) {
        if ( 0 === get_current_user_id() ) {
            wp_die('nope');
        }
    }

}

[bobdobbs]

Hi Robin.

I specifically want to discover if the user is logged in as a user of bbpress.

This is to account for a case where I have some registered websites users who are not forum users.

For the moment I’m testing capabilities.
At the moment the only people with access to the forum are people who can create posts.

So I’m testing of the user has the capability create_topic

This might work, but feels a bit clumsy to me.

[bobdobbs]

>> If you set the forums to ‘private’ then this is what you will get, or have I misunderstood?

afaict, this does indeed prevent forum/topic/thread content from being publicly available.

However, it still leaves the forum index page exposed.

[bobdobbs]

Hi Robin.

Private Groups looks like overkill for what need.

It looks like it’s very powerful and flexible. But it requires a zillion options to be assessed, along with with groups being created and configured for privacy.

I just want to hide all forums from website users who aren’t logged in.

Thanks.

[bobdobbs]

Thank you!