Unpublished Posts Showing Up in Non-editor or admin lists

Topics: ASP.NET 2.0, Business Logic Layer
Mar 27, 2008 at 7:37 PM
I modified BlogEngine.Net 1.3 to require authentication (sql server role provider) before having access to the Default.aspx page -- A requirement of the site I'm building for my company. I've noticed now that un-published posts show up in the lists even for users who are neither a member of the "Editors" or "Adminstrators" roles. So it appears that any authenticated user has access to all posts published or unpublished.

So my questions are:

1) Is there any way to limit access to posts based on role membership in the current version (something I've missed)?

or

2)Is there a relatively easy way I could modify the code so to enable that kind of functionality. (I haven't had time yet to open up the source and poke around).