Commit 5c589e7b authored by Kirill Smelkov's avatar Kirill Smelkov

bt5/erp5_forum_tutorial: Correct role mapping on DiscussionThreadModule for forum Admin & User

tl;dr currently function/forum/{administrator,user} are mapped to Author
      only role on forum module without also mapping to Auditor role.

      Auditor role is needed because by definition Author cannot view
      content and without such role Admin & User cannot see
      DiscussionThreadModule at all.

      Similarly besides having Author role, Users also need to have
      Auditor role on DiscussionThread in order to view threads.

Currently for DiscussionThreadModule we map categories

    function/forum/administrator    and
    function/forum/user

to one Author role in A5 speak.

Then, for forum, it is assumed that each user will be assigned only one
functional category to each user (e.g. only one of
function/forum/{administrator,user,visitor}).

So it turns out e.g. function/forum/administrator category is mapped to
only Author role on DiscussionThreadModule.

Now by definition Authors can create documents, but they cannot
access/view them (as per http://www.erp5.org/ERP5SecurityModel).
This is also indirectly justified by default-assigned security settings
for Author role - see section "Adjust Permissions on the Module" -
Author is not allowed to "View".

    So if forum administrator is only mapped to Author role, he can
    _not_ view/access the forum module.

And I discovered this exactly this way - usual visitors (who map to
Auditor role) were being able to see the module, but admin and users
could not.

To solve this logically, lets also map

    function/forum/administrator    and
    function/forum/user

to Auditor role on DiscussionThreadModule (i.e. they now both map to
Author & Auditor). And now both admin & user can access/view the module
& create threads.

Similarly without Auditor role on DiscussionThread, User cannot view it.
( And Administrator has Assignor on DiscussionThread which allows viewing
  by itself )

NOTE for DiscussionPost we don't need to change anything in order for
users to view it because DiscussionPost acquires local roles.
Helped-by: Klaus Wölfel's avatarKlaus Wölfel <klaus@nexedi.com>
parent b8f34d3c
<type_roles> <type_roles>
<role id='Author'> <role id='Author; Auditor'>
<property id='title'>User</property> <property id='title'>User</property>
<property id='description'>Forum Administrators and Users are allowed to access the module and create threads.</property> <property id='description'>Forum Administrators and Users are allowed to access the module and create threads.</property>
<multi_property id='category'>function/forum/administrator</multi_property> <multi_property id='category'>function/forum/administrator</multi_property>
......
...@@ -4,7 +4,7 @@ ...@@ -4,7 +4,7 @@
<property id='description'>Forum Administrators are allowed to modify any thread and change its status.</property> <property id='description'>Forum Administrators are allowed to modify any thread and change its status.</property>
<multi_property id='category'>function/forum/administrator</multi_property> <multi_property id='category'>function/forum/administrator</multi_property>
</role> </role>
<role id='Author'> <role id='Author; Auditor'>
<property id='title'>User</property> <property id='title'>User</property>
<property id='description'>Forum users can reply to thread posts.</property> <property id='description'>Forum users can reply to thread posts.</property>
<multi_property id='category'>function/forum/user</multi_property> <multi_property id='category'>function/forum/user</multi_property>
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment