Forums: User-based security at indvidual thread level?
Forgive me if this has already been covered, or is someplace intuitive that I did not think to look. We are looking at porting our user forums from YAF into Sitefinity -- concurrent with an upgrade from SF4.3 to SF5.0 -- and need one extremely important issue addressed before that can happen. I have not been able to discover a solution to this issue as of yet:
Short version: Is it possible to programmatically set the visibility of an individual thread within a forum? Or is security only available at the Forum level?
Detailed version: In our solution, we have Courses that can be taught in multiple Schools. We want to make each Course a Forum. A Student -- who belongs to a School, and may be enrolled in several Courses -- should be able to see the Course Forums for Courses in which they are enrolled. (That's the easy part.) The difficult part is, within that Course Forum, they should only be able to see threads started by users (usually a Teacher or Administrator) that are connected to the same school as the Student.
So, for example, if there is one Forum for "4th Grade Math," and someone in Johnson Elementary starts a thread within that forum, only Johnson Elementary students and faculty should be able to see it; students and faculty from Kennedy Elementary should not.
Is this possible in Sitefinity 5? Thanks.
Hello Trevor,
Just wanted to share for the comunity the answer from our team (hope won't mind).
We currently support view permissions only at the forum group and forum level. We don't have short-term plans to do this at the thread level, since for most typical discussion forums this is ok. Your case looks more like some custom security implementation, which could be implemented at the front-end widgets views level. Since our front-end widget views are not very customizable regarding the threads access level i can send you the code of the forum views and you can implement your own logic to filter out threads. In this case you will have to keep in some other table the mapping which user or role , see which threads.
Another thing you can try is to take advantage of our event system. There is a post thread creation event, where you can plug in your logic. When the thread is created you can check the creator and set permissions to this thread programatically, so that it is visible only for users that share the role of the creator. Here is a link to the event system:
http://www.sitefinity.com/documentation/documentationarticles/developers-guide/deep-dive/sitefinity-event-system/list-of-events/forums-events#IForumThreadCreatedEvent
And here's a link from our documentation again about setting permissions by code:
http://www.sitefinity.com/documentation/documentationarticles/developers-guide/deep-dive/security/permissions