I'm having a fairly significant set of authorization issues with my unmoderated posts, along the same lines as #220. On all posts pending approval:
1) Anonymous users can see the moderation_tools radio buttons (though access is denied if they try to use them).
2) The user who wrote the post can see the (access denied) radio buttons, not just the message explaining moderation.
3) All registered users can see the author under Last Post in the forem index.
Just so we're on the same page, my Gemfile says gem 'forem', :git => "git://github.com/radar/forem.git", :branch => "master" and I've recently run an update. All appears to be normal for admins and mods.
gem 'forem', :git => "git://github.com/radar/forem.git", :branch => "master"
Fixed issue where anonymous users were able to see non-approved topic…
I believe this to be fixed now with @179c875. Please let us know if you have any more trouble.
2) is still an issue. Users can see the radio buttons on their own unapproved posts, even if they are not an admin, as follows. User "Bob-O Smith-O" is not an admin.
Ideally, he should only see a "pending approval" message.
I can move this to a separate issue if you like, seeing as you already fixed (1) and (3).