Right now the forum feature in Content Manager uses basic CRUD permissions checking - and those
permissions start with "CONTENTMGR".
If the forum feature is used stand-alone, then granting a user permission to use the forums also
grants them permission to use the Content Manager component - not a desirable result. I have some
ideas about forum permissions that I would like to get comments on.
I'd like to change how forum permission checking is handled in two phases. Phase one would be to
simply change the basic CRUD permission checking to use "FORUM" based permissions: "FORUM_ADMIN"
"FORUMGROUP_CREATE _UPDATE _DELETE" "FORUMTHREAD_CREATE _UPDATE _DELETE" and so on. This would
enable the forum feature to be used stand-alone immediately.
Phase two would be to change the permissions checking entirely to make permitted actions more role
based. There would be forum admins or moderators, forum users would "subscribe" to a forum and be
given some basic permissions, and admins or moderators could grant subscribers additional
permissions as they see fit. This phase would make the forums operate more like what you see in
social networking sites and the like.
Both phases bring up a problem I don't know how to solve. It's the same problem I've run into before
in other areas of OFBiz - the java code and simple methods that are used have embedded permissions
checking in them. Even if we do forum-specific permissions checking in the forum component, the
methods that are called will be doing Content Manager permissions checking. I worked around that
problem on my local copy by recreating the content manager methods in minilang and removing the
embedded permissions checking.
So, I need comments/advice/suggestions for phase one, phase two, and how to overcome embedded
permissions checking in java code and simple methods.
-Adrian
