Introduction

Generally, all forums are open for all registered users to participate. That means that any user can see the topics on any forum and comment or vote.

However, a forum owner could want to restrict the participation to a closed group or make the forum entirely private. All that cases are covered with DemocracyOS permission model. So, in DemocracyOS - a forum can be open for all, where everyone can comment and vote; - a forum can be restricted, where everyone can see the topics but some people can comment and vote; - a forum can be secret, where nobody can see the topics or vote unless they are authorized by the owner or an admin.

We distinguish three roles on a forum: - The Owner is unique, and cannot be changed. It's free to change everything regarding this forum. - Administrators can give permissions to other users, edit forum settings, and manage the content (create and edit topics, etc). - Collaborators can add, edit and delete topics on this forum. - Participants can comment and vote this forum if it's Restricted or Private.

This article is intended to provide you, as a developer, guidelines to understand and extend the permissions approach.

The model

This permission model is represented in the forum model, since we are only applying restrictions at a forum level. You'll find the following files next to the forum directory (lib/models/forum/): - index.js: Both forum and permissions schemas, and its own specifics methods. - privileges.js: Privileges are the calculated actions users can make, based on a User permissions and the forum's visibility. - roles.js: List of roles allowed for forum permissions on each User. - visibilities.js: List of allowed values for visibility key on forums.

Middlewares

Some API operations are permission-aware, so when a user tries to perform any of it, the privileges should be checked. It is done by using Express middlewares that are implemented in lib/forum-middlewares/index.js and lib/forum-api/index.js.