The RSS feed for any collaboration is broken. You can see any data although you are not entitled to see it. My case is based on a user not loggeed in that can see any rss collaboration data. I haven't checked wether I can see collaborations rss when logged in but not member of "Who can view"-group.

To recreate this case (done at demo.plainblack.com):

1. I created a collaboration at /demo/collaboration_test and commited content. The collaboration i set to  "Who can view" to "Registered users" (and for all other security choices).

2. Added a post to the collaboration

3. Log out

4. Check the /demo/collaboration_test.rss and I can see the content although you should need to login to see the content.

/Erik

I can't seem to recreate this bug.  Please let me know if I'm missing something.

1. Created collaboration system with "Who can view" set to "Admin"

2. Committed changes

3. Added a post

4. Added syndicated content, "URL to File" set for RSS file of collaboration system

5. Committed changes

6. Logged out

7. Clicked to view collaboration system thread and log-in screen appears (cannot view thread without log-in)

I have reproduced this, but there's an issue: There is no way to authenticate the RSS feed through WebGUI.

The only authentication method that works for the current RSS feed readers is HTTP Basic Auth, so you'd need a plugin that would map an HTTP Basic Auth to a WebGUI user.

Given that, restricting an RSS feed would work, so I'm going to fix this problem.