From 5c589e7ba01b2ce5ffa2579e0b30f558b3527bb4 Mon Sep 17 00:00:00 2001 From: Kirill Smelkov <kirr@nexedi.com> Date: Fri, 9 Jan 2015 15:42:56 +0300 Subject: [PATCH] bt5/erp5_forum_tutorial: Correct role mapping on DiscussionThreadModule for forum Admin & User MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit tl;dr currently function/forum/{administrator,user} are mapped to Author only role on forum module without also mapping to Auditor role. Auditor role is needed because by definition Author cannot view content and without such role Admin & User cannot see DiscussionThreadModule at all. Similarly besides having Author role, Users also need to have Auditor role on DiscussionThread in order to view threads. Currently for DiscussionThreadModule we map categories function/forum/administrator and function/forum/user to one Author role in A5 speak. Then, for forum, it is assumed that each user will be assigned only one functional category to each user (e.g. only one of function/forum/{administrator,user,visitor}). So it turns out e.g. function/forum/administrator category is mapped to only Author role on DiscussionThreadModule. Now by definition Authors can create documents, but they cannot access/view them (as per http://www.erp5.org/ERP5SecurityModel). This is also indirectly justified by default-assigned security settings for Author role - see section "Adjust Permissions on the Module" - Author is not allowed to "View". So if forum administrator is only mapped to Author role, he can _not_ view/access the forum module. And I discovered this exactly this way - usual visitors (who map to Auditor role) were being able to see the module, but admin and users could not. To solve this logically, lets also map function/forum/administrator and function/forum/user to Auditor role on DiscussionThreadModule (i.e. they now both map to Author & Auditor). And now both admin & user can access/view the module & create threads. Similarly without Auditor role on DiscussionThread, User cannot view it. ( And Administrator has Assignor on DiscussionThread which allows viewing by itself ) NOTE for DiscussionPost we don't need to change anything in order for users to view it because DiscussionPost acquires local roles. Helped-by: Klaus W枚lfel <klaus@nexedi.com> --- .../Discussion%20Thread%20Module.xml | 2 +- .../PortalTypeRolesTemplateItem/Discussion%20Thread.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread%20Module.xml b/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread%20Module.xml index 6d7cd8d989..9d8c3f838a 100644 --- a/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread%20Module.xml +++ b/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread%20Module.xml @@ -1,5 +1,5 @@ <type_roles> - <role id='Author'> + <role id='Author; Auditor'> <property id='title'>User</property> <property id='description'>Forum Administrators and Users are allowed to access the module and create threads.</property> <multi_property id='category'>function/forum/administrator</multi_property> diff --git a/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread.xml b/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread.xml index 0e80c2aa74..89d79e97d6 100644 --- a/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread.xml +++ b/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread.xml @@ -4,7 +4,7 @@ <property id='description'>Forum Administrators are allowed to modify any thread and change its status.</property> <multi_property id='category'>function/forum/administrator</multi_property> </role> - <role id='Author'> + <role id='Author; Auditor'> <property id='title'>User</property> <property id='description'>Forum users can reply to thread posts.</property> <multi_property id='category'>function/forum/user</multi_property> -- 2.30.9