bt5/erp5_forum_tutorial: Correct role mapping on DiscussionThreadModule for forum Admin & User

tl;dr currently function/forum/{administrator,user} are mapped to Author only role on forum module without also mapping to Auditor role. Auditor role is needed because by definition Author cannot view content and without such role Admin & User cannot see DiscussionThreadModule at all. Similarly besides having Author role, Users also need to have Auditor role on DiscussionThread in order to view threads. Currently for DiscussionThreadModule we map categories function/forum/administrator and function/forum/user to one Author role in A5 speak. Then, for forum, it is assumed that each user will be assigned only one functional category to each user (e.g. only one of function/forum/{administrator,user,visitor}). So it turns out e.g. function/forum/administrator category is mapped to only Author role on DiscussionThreadModule. Now by definition Authors can create documents, but they cannot access/view them (as per http://www.erp5.org/ERP5SecurityModel). This is also indirectly justified by default-assigned security settings for Author role - see section "Adjust Permissions on the Module" - Author is not allowed to "View". So if forum administrator is only mapped to Author role, he can _not_ view/access the forum module. And I discovered this exactly this way - usual visitors (who map to Auditor role) were being able to see the module, but admin and users could not. To solve this logically, lets also map function/forum/administrator and function/forum/user to Auditor role on DiscussionThreadModule (i.e. they now both map to Author & Auditor). And now both admin & user can access/view the module & create threads. Similarly without Auditor role on DiscussionThread, User cannot view it. ( And Administrator has Assignor on DiscussionThread which allows viewing by itself ) NOTE for DiscussionPost we don't need to change anything in order for users to view it because DiscussionPost acquires local roles. Helped-by: Klaus Wölfel <klaus@nexedi.com>

bt5/erp5_forum_tutorial: Correct role mapping on DiscussionThreadModule for forum Admin & User
tl;dr currently function/forum/{administrator,user} are mapped to Author only role on forum module without also mapping to Auditor role. Auditor role is needed because by definition Author cannot view content and without such role Admin & User cannot see DiscussionThreadModule at all. Similarly besides having Author role, Users also need to have Auditor role on DiscussionThread in order to view threads. Currently for DiscussionThreadModule we map categories function/forum/administrator and function/forum/user to one Author role in A5 speak. Then, for forum, it is assumed that each user will be assigned only one functional category to each user (e.g. only one of function/forum/{administrator,user,visitor}). So it turns out e.g. function/forum/administrator category is mapped to only Author role on DiscussionThreadModule. Now by definition Authors can create documents, but they cannot access/view them (as per http://www.erp5.org/ERP5SecurityModel). This is also indirectly justified by default-assigned security settings for Author role - see section "Adjust Permissions on the Module" - Author is not allowed to "View". So if forum administrator is only mapped to Author role, he can _not_ view/access the forum module. And I discovered this exactly this way - usual visitors (who map to Auditor role) were being able to see the module, but admin and users could not. To solve this logically, lets also map function/forum/administrator and function/forum/user to Auditor role on DiscussionThreadModule (i.e. they now both map to Author & Auditor). And now both admin & user can access/view the module & create threads. Similarly without Auditor role on DiscussionThread, User cannot view it. ( And Administrator has Assignor on DiscussionThread which allows viewing by itself ) NOTE for DiscussionPost we don't need to change anything in order for users to view it because DiscussionPost acquires local roles. Helped-by: Klaus Wölfel <klaus@nexedi.com>
5c589e7b · Kirill Smelkov · b8f34d3c · 5c589e7b · 5c589e7b
Commit 5c589e7b authored Jan 09, 2015 by Kirill Smelkov
2 changed files
--- a/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread%20Module.xml
+++ b/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread%20Module.xml
 <type_roles>
-  <role id='Author'>
+  <role id='Author; Auditor'>
   <property id='title'>User</property>
   <property id='description'>Forum Administrators and Users are allowed to access the module and create threads.</property>
   <multi_property id='category'>function/forum/administrator</multi_property>

--- a/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread.xml
+++ b/bt5/erp5_forum_tutorial/PortalTypeRolesTemplateItem/Discussion%20Thread.xml
@@ -4,7 +4,7 @@
   <property id='description'>Forum Administrators are allowed to modify any thread and change its status.</property>
   <multi_property id='category'>function/forum/administrator</multi_property>
  </role>
-  <role id='Author'>
+  <role id='Author; Auditor'>
   <property id='title'>User</property>
   <property id='description'>Forum users can reply to thread posts.</property>
   <multi_property id='category'>function/forum/user</multi_property>