Forums: User-based security at indvidual thread level?

Posted by Community Admin on 04-Aug-2018 20:05

Forums: User-based security at indvidual thread level?

Sitefinity - Front- & Back-End Development

All Replies

Posted by Community Admin on 16-Apr-2012 00:00

Forgive me if this has already been covered, or is someplace intuitive that I did not think to look.  We are looking at porting our user forums from YAF into Sitefinity -- concurrent with an upgrade from SF4.3 to SF5.0 -- and need one extremely important issue addressed before that can happen.  I have not been able to discover a solution to this issue as of yet:

Short version: Is it possible to programmatically set the visibility of an individual thread within a forum?  Or is security only available at the Forum level?

Detailed version: In our solution, we have Courses that can be taught in multiple Schools.  We want to make each Course a Forum.  A Student -- who belongs to a School, and may be enrolled in several Courses -- should be able to see the Course Forums for Courses in which they are enrolled.  (That's the easy part.)  The difficult part is, within that Course Forum, they should only be able to see threads started by users (usually a Teacher or Administrator) that are connected to the same school as the Student.

So, for example, if there is one Forum for "4th Grade Math," and someone in Johnson Elementary starts a thread within that forum, only Johnson Elementary students and faculty should be able to see it; students and faculty from Kennedy Elementary should not.

Is this possible in Sitefinity 5?  Thanks.

Posted by Community Admin on 14-Apr-2013 00:00

Hello Trevor,

 Just wanted to share for the comunity the answer from our team (hope won't mind).
We currently support view permissions only at the forum group and forum level. We don't have short-term plans to do this at the thread level, since for most typical discussion forums this is ok. Your case looks more like some custom security implementation, which could be implemented at the front-end widgets views level. Since our front-end widget views are not very customizable regarding the threads access level i can send you the code of the forum views and you can implement your own logic to filter out threads. In this case you will have to keep in some other table the mapping which user or role , see which threads.
Another thing you can try is to take advantage of our event system. There is a post thread creation event, where you can plug in your logic. When the thread is created you can check the creator and set permissions to this thread programatically, so that it is visible only for users that share the role of the creator. Here is a link to the event system:

http://www.sitefinity.com/documentation/documentationarticles/developers-guide/deep-dive/sitefinity-event-system/list-of-events/forums-events#IForumThreadCreatedEvent

And here's a link from our documentation again about setting permissions by code:

http://www.sitefinity.com/documentation/documentationarticles/developers-guide/deep-dive/security/permissions

Kind regards,
Jen Peleva
the Telerik team
Do you want to have your say in the Sitefinity development roadmap? Do you want to know when a feature you requested is added or when a bug fixed? Explore the Telerik Public Issue Tracking system and vote to affect the priority of the items

This thread is closed