How I Implemented Membership Groups in Jforum

My application (my_app) has multiple memberships, each has several members.
Each membership will have its own forum. Some of the forums in each membership
forum are global -- that is, they are accessed by users from all
memberships. (Someday, I would like to give membership forums the capability
of optionally forming inter-membership forums.)

Administration
There is only one or two my_app support users with administration permissions.
These users have administration capabiilities across all membership
forums. No membership forum users have administration permissions. Under
the current Jforum implementation, this would be too dangerous. If an
administrator could be limited to just his or her membership, this would
be great. However, Jforum administration is too complicated for most of
my users anyway.

Users
My_app users sign-in to their membership forums through Jforum SSO.
Their Jforum user IDs are <my_app user ID>.<my_app membership ID>, assuring that
user IDs are unique across all membership forums. This is needed now for global
forums and later for inter-membership forums. Some day I may hide the
<membership ID> part of the Jforum user ID, but it would still need to
be displayed in global forums. It may be nice for a membership forum to have
some administration rights over its users, but this is not important at this
time.

Groups
My_app users belong to two Jforum groups: 1) a group for all global forums and
2) a group assigned specifically to their my_app membership with its
Jforum group name being the my_app membership ID.

Categories and Forums
There are three fixed categories, much like the Jforum Community Forum. These
are: 1) Announcements, 2) General Forums, and 3)Help and Support. Announcements
contains two forums: 1) a global forum with announcements of interest to all
membership forums, and 2) a membership-specific forum with announcements of
interest to only that membership. General Forums has several membership-specific
forums, each concerning a specific menu entry in my_app. Help and Support has
global forums to help users across all my_app memberships.

Restrictions
Several Jforum capabilities are not given to my_app users just to keep things
simple. Some or all of these may be given back later as improvements. For
example, moderation of replies is not permitted. It will probably be added
later. Anonymous posts are not allowed as a precaution; however, thanks to
Jforum SSO, there should never be any anonymous users.

All suggestions and comments are welcomed. I am particularly interested in
whether and/or how something like this will be implemented in Jforum 3. A reply
to this topic will cover my implementation details.

Thanks,

Danny
[originally posted on jforum.net by dhhoyle]

To implement Jforum membership forums, I used the Jforum administration console
to created my three categories: 1) Announcements, 2) General Forums, and 3) Help and Support. Then, I created my global forums and a Global group, and I assigned the global forums to the Global group. Next, I created a sample set of membership forums and a membership group, and I assigned the membership forums to the membership group. Below, I call this group Bootstrap and the forums Bootstrap Forums.

With all of this in hand, I went through many group permission configurations
for my Bootstrap Group to simplify things as much as possible. Thanks to two
posts by Monroe (16/07/2007 - Re:going bonkers on role-permissions!, and
19/02/2007 - Re:User/Group/Forum setup directions from mysql), I knew to look
in permissions.xml and several jforum database tables, especially jforum_roles
and jforum_role_values.

The end result is that the following permissions (jforum_roles.name) are needed
for each forum in its particular group (remember I restricted many Jforum
capabilities):

perm_attachments_enabled (I could have left this as a later improvement.)

perm_forum (This permission is key to allowing a group to see a forum)

perm_read_only_forums (The name of this permission implies that a forum is read only, but just the opposite is true. Without this permission, a user cannot reply or create forum topics.)

perm_reply_only (Like the above read only permission, this permission negates reply only. Without this permission, a user can only reply to forum topics. New topics cannot be added.)

I will not go into how to set group permissions to get the above limited set.
The Administration Group Permissions Control page lives up to its
caveat: "To correctly configure access options is not a trivial task...". This
little exercise convinced me to not ever give administration capabilities to
any of my users.

In my application (my_app), I write directly to Jforum database tables to create
new groups and new users. I will not get into the intricate relationships
between jforum_roles and jforum_role_values. (Suffice it to say, I think I have it
right so far.) I use the above Bootstrap Group and Bootstrap Forums
as models. I could let Jforum SSO create new users, but I thought it would be too
much to have to tell SSO about which groups to assign a new user. So far, I have only
had to write the SSO module as prescribed, and I have not had to touch any
delivered Jforum Java code.

My database is Mysql 5.0, and I use JDBC Driver (Connector/J) and standard Java
result set code. Will I get into trouble with Jforum's use of Hibernate or any
caching done by Jforum by writing new membership groups and new users directly
to the Jforum database tables from my_app?

As always, any suggestions and/or comments are appreciated.

Thanks,

Danny


[originally posted on jforum.net by dhhoyle]