Vulnerability in EPiServer.Forms
Their is a excellent coverage for permission in community, however i've it seems that thereisn't actual adminitration access. For instance the ImageGallery inside the club has seperatepermission from the club; but i can't find anyway inside the administation screen toset these permissions. This is also true of MessageBlog, VideoGallery, Events....
Am i missing something; or is these feature that are still developing.
There is a lot happening behind the scenes when users join/leave clubs. Look at the CommunitySecurityModule.cs file, and there you can figure out what is happening.
In short, this event handling intercepts and sets a lot for accessrights for about any entity in the community and must be overridden or removed. Hope that points you in the right direction