From 5c589e7ba01b2ce5ffa2579e0b30f558b3527bb4 Mon Sep 17 00:00:00 2001
From: Kirill Smelkov <kirr@nexedi.com>
Date: Fri, 9 Jan 2015 15:42:56 +0300
Subject: [PATCH] bt5/erp5_forum_tutorial: Correct role mapping on
 DiscussionThreadModule for forum Admin & User
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

tl;dr currently function/forum/{administrator,user} are mapped to Author
      only role on forum module without also mapping to Auditor role.

      Auditor role is needed because by definition Author cannot view
      content and without such role Admin & User cannot see
      DiscussionThreadModule at all.

      Similarly besides having Author role, Users also need to have
      Auditor role on DiscussionThread in order to view threads.

Currently for DiscussionThreadModule we map categories

    function/forum/administrator    and
    function/forum/user

to one Author role in A5 speak.

Then, for forum, it is assumed that each user will be assigned only one
functional category to each user (e.g. only one of
function/forum/{administrator,user,visitor}).

So it turns out e.g. function/forum/administrator category is mapped to
only Author role on DiscussionThreadModule.

Now by definition Authors can create documents, but they cannot
access/view them (as per http://www.erp5.org/ERP5SecurityModel).
This is also indirectly justified by default-assigned security settings
for Author role - see section "Adjust Permissions on the Module" -
Author is not allowed to "View".

    So if forum administrator is only mapped to Author role, he can
    _not_ view/access the forum module.

And I discovered this exactly this way - usual visitors (who map to
Auditor role) were being able to see the module, but admin and users
could not.

To solve this logically, lets also map

    function/forum/administrator    and
    function/forum/user

to Auditor role on DiscussionThreadModule (i.e. they now both map to
Author & Auditor). And now both admin & user can access/view the module
& create threads.

Similarly without Auditor role on DiscussionThread, User cannot view it.
( And Administrator has Assignor on DiscussionThread which allows viewing
  by itself )

NOTE for DiscussionPost we don't need to change anything in order for
users to view it because DiscussionPost acquires local roles.

Helped-by: Klaus W枚lfel <klaus@nexedi.com>
---
 .../Discussion%20Thread%20Module.xml                            | 2 +-
 .../PortalTypeRolesTemplateItem/Discussion%20Thread.xml         | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread%20Module.xml b/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread%20Module.xml
index 6d7cd8d989..9d8c3f838a 100644
--- a/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread%20Module.xml
+++ b/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread%20Module.xml
@@ -1,5 +1,5 @@
 <type_roles>
-  <role id='Author'>
+  <role id='Author; Auditor'>
    <property id='title'>User</property>
    <property id='description'>Forum Administrators and Users are allowed to access the module and create threads.</property>
    <multi_property id='category'>function/forum/administrator</multi_property>
diff --git a/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread.xml b/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread.xml
index 0e80c2aa74..89d79e97d6 100644
--- a/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread.xml
+++ b/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread.xml
@@ -4,7 +4,7 @@
    <property id='description'>Forum Administrators are allowed to modify any thread and change its status.</property>
    <multi_property id='category'>function/forum/administrator</multi_property>
   </role>
-  <role id='Author'>
+  <role id='Author; Auditor'>
    <property id='title'>User</property>
    <property id='description'>Forum users can reply to thread posts.</property>
    <multi_property id='category'>function/forum/user</multi_property>
-- 
2.30.9