The Party/Person and related entities is the only place to store a
name, email address, and other information that is commonly tracked in
forums. Also considering that for OFBiz there may be many cases where
forums are used along with an ecommerce site, employee portal, or
other such functionality using the standard places to store
information makes things much easier (ie avoid redundancy, and
inconsistency the inevitable offspring of redundancy).
Anyway, IMO this is the most natural place to put this information,
and it fits in the Content security model, so off we go...
-David
On Jan 12, 2009, at 12:21 PM, Adrian Crum wrote:
I'm bumping this old message because I am working on getting our
local forum improvements fed back into the trunk. It's hard to
believe it has been more than a year since I started this! Anyways...
I started to make the permission checking changes I proposed in the
original email, but I have run into another problem. The OFBiz
Content Manager relates party IDs (and their associated roles) to
content records. Most public-facing blogs and forums have nothing
more than a user login ID. Any additional information (the type
found in Party Manager) is usually optional.
So, if a new user (with only a user login ID) subscribes to a forum,
should we create a Person automatically - so a forum/blog admin can
assign the necessary roles, etc?
-Adrian
Adrian Crum wrote:
Right now the forum feature in Content Manager uses basic CRUD
permissions checking - and those permissions start with "CONTENTMGR".
If the forum feature is used stand-alone, then granting a user
permission to use the forums also grants them permission to use the
Content Manager component - not a desirable result. I have some
ideas about forum permissions that I would like to get comments on.
I'd like to change how forum permission checking is handled in two
phases. Phase one would be to simply change the basic CRUD
permission checking to use "FORUM" based permissions: "FORUM_ADMIN"
"FORUMGROUP_CREATE _UPDATE _DELETE" "FORUMTHREAD_CREATE _UPDATE
_DELETE" and so on. This would enable the forum feature to be used
stand-alone immediately.
Phase two would be to change the permissions checking entirely to
make permitted actions more role based. There would be forum admins
or moderators, forum users would "subscribe" to a forum and be
given some basic permissions, and admins or moderators could grant
subscribers additional permissions as they see fit. This phase
would make the forums operate more like what you see in social
networking sites and the like.
Both phases bring up a problem I don't know how to solve. It's the
same problem I've run into before in other areas of OFBiz - the
java code and simple methods that are used have embedded
permissions checking in them. Even if we do forum-specific
permissions checking in the forum component, the methods that are
called will be doing Content Manager permissions checking. I worked
around that problem on my local copy by recreating the content
manager methods in minilang and removing the embedded permissions
checking.
So, I need comments/advice/suggestions for phase one, phase two,
and how to overcome embedded permissions checking in java code and
simple methods.
-Adrian
