Version used: 1.1.8
I've got the permissions set as only administrators can ask questions, but even with the most recent update, I can still go to the ask a question url and it still permits subscriber users to add questions.
What I would expect:
permissions that are not allowed would refresh to the root page, or display an error message
Example url where problem occurs