Enforce forum.view permission

src/Api/Actions/Forum/ShowAction.php

@@ -56,7 +56,7 @@ class ShowAction extends SerializeResourceAction
     {
         $forum = app('flarum.forum');
 
-        $forum->groups = Group::all();
+        $forum->groups = Group::whereVisibleTo($request->actor)->get();
 
         return $forum;
     }

src/Api/Serializers/ForumSerializer.php

@@ -29,6 +29,7 @@ class ForumSerializer extends Serializer
             'welcomeTitle' => Core::config('welcome_title'),
             'welcomeMessage' => Core::config('welcome_message'),
             'themePrimaryColor' => Core::config('theme_primary_color'),
+            'canView' => $forum->can($this->actor, 'view'),
             'canStartDiscussion' => $forum->can($this->actor, 'startDiscussion')
         ];
 

src/Core/Support/VisibleScope.php

@@ -14,6 +14,10 @@ trait VisibleScope
      */
     public function scopeWhereVisibleTo(Builder $query, User $actor)
     {
-        event(new ScopeModelVisibility($this, $query, $actor));
+        if (! app('flarum.forum')->can($actor, 'view')) {
+            $query->whereRaw('FALSE');
+        } else {
+            event(new ScopeModelVisibility($this, $query, $actor));
+        }
     }
 }