-
Kirill Smelkov authoredtl;dr currently function/forum/{administrator,user} are mapped to Author only role on forum module without also mapping to Auditor role. Auditor role is needed because by definition Author cannot view content and without such role Admin & User cannot see DiscussionThreadModule at all. Similarly besides having Author role, Users also need to have Auditor role on DiscussionThread in order to view threads. Currently for DiscussionThreadModule we map categories function/forum/administrator and function/forum/user to one Author role in A5 speak. Then, for forum, it is assumed that each user will be assigned only one functional category to each user (e.g. only one of function/forum/{administrator,user,visitor}). So it turns out e.g. function/forum/administrator category is mapped to only Author role on DiscussionThreadModule. Now by definition Authors can create documents, but they cannot access/view them (as per http://www.erp5.org/ERP5SecurityModel). This is also indirectly justified by default-assigned security settings for Author role - see section "Adjust Permissions on the Module" - Author is not allowed to "View". So if forum administrator is only mapped to Author role, he can _not_ view/access the forum module. And I discovered this exactly this way - usual visitors (who map to Auditor role) were being able to see the module, but admin and users could not. To solve this logically, lets also map function/forum/administrator and function/forum/user to Auditor role on DiscussionThreadModule (i.e. they now both map to Author & Auditor). And now both admin & user can access/view the module & create threads. Similarly without Auditor role on DiscussionThread, User cannot view it. ( And Administrator has Assignor on DiscussionThread which allows viewing by itself ) NOTE for DiscussionPost we don't need to change anything in order for users to view it because DiscussionPost acquires local roles. Helped-by:
Klaus Wölfel <klaus@nexedi.com>5c589e7b