Introduction
Generally, all forums are open for all registered users to participate. That means that any user can see the topics on any forum and comment or vote.
However, a forum owner could want to restrict the participation to a closed group or make the forum entirely private. All that cases are covered with DemocracyOS permission model. So, in DemocracyOS - a forum can be open for all, where everyone can comment and vote; - a forum can be restricted, where everyone can see the topics but some people can comment and vote; - a forum can be secret, where nobody can see the topics or vote unless they are authorized by the owner or an admin.
We distinguish three roles on a forum: - The Owner is unique, and cannot be changed. It's free to change everything regarding this forum. - Administrators can give permissions to other users, edit forum settings, and manage the content (create and edit topics, etc). - Collaborators can add, edit and delete topics on this forum. - Participants can comment and vote this forum if it's Restricted or Private.
This article is intended to provide you, as a developer, guidelines to understand and extend the permissions approach.
The model
This permission model is represented in the forum model, since we are only applying restrictions at a forum level. You'll find the following files next to the forum directory (lib/models/forum/
):
- index.js
: Both forum and permissions schemas, and its own specifics methods.
- privileges.js
: Privileges are the calculated actions users can make, based on a User permissions and the forum's visibility.
- roles.js
: List of roles allowed for forum permissions on each User.
- visibilities.js
: List of allowed values for visibility key on forums.
Middlewares
Some API operations are permission-aware, so when a user tries to perform any of it, the privileges should be checked. It is done by using Express middlewares that are implemented in lib/forum-middlewares/index.js
and lib/forum-api/index.js
.