File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JForum and the fly likes user can only see the topics they posted Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Products » JForum
Bookmark "user can only see the topics they posted" Watch "user can only see the topics they posted" New topic
Author

user can only see the topics they posted

Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Is it possible to set up a forum so that the user can only see the topics that they posted? I'd like to set something up so it more like a one on one conversation with the moderator.

Thanks!
[originally posted on jforum.net by hmppi]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
It's not possible out of the box. The finest level of security is at the forum/group level. You'd have to have individual forums or modify the code to support topic level security.
[originally posted on jforum.net by monroe]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
Thanks for the quick response, Monroe.

I just looked at this briefly but it looks like I have to create this role in the jforum_roles table. Then I modify the permissions.xml to include this role. Once I have this set up, I can then start assigning this new role to a groups/forums. Is this correct?

I haven't looked at the source code but can you give me a rough idea about how difficult this would be to do? I want it set up so that the people using the forum can only see the topics that they post. No change on the moderator side. They should be able to see and respond to anybody.

The reason that I ask is because I'm considering developing this from scratch but since we use jforums here, it makes sense to see if we can adapt it to this. We have done some recoding of the jforum source but all surrounding customizing the login. I currently have no idea how permissions work.
[originally posted on jforum.net by hmppi]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
A lot of this depends on how you are going to integrate this with JForum. If it's a special forum among other forums, you will have to look at all the places that a topic thread can be exposes. E.g., the search feature, RSS listing, recent topics, profile "posts by", and the like. Somewhere, the code for these currently does security checks. Generally based via the PermissionControl object's canAccess methods. These security checks would need to be expanded to check for your new security role.

On big issue to figure out is how to grant the owner's specific rights. JForum's security model is based around groups having permissions and not individuals. So you may have to create groups for each user in some automatic fashion.

That said, if you are not too concerned about security, you might be able to "fake" this by just having an trimmed down instance of JForum without searching, profile, etc and a custom template that just lists the topics based on the logged in user id. The problem with this is that it's security by obscurity. Someone can still play games with the URL numbers to access threads they can't see.
[originally posted on jforum.net by monroe]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
This will have to be a special forum among other forums. What I was thinking was having a new role let's call it perm_see_own_topics. This role can be assigned at the group/forum level and when it's assigned, the members of that group can only see there own topics within those forums. The moderator of the forum will belong to a separate group where this role has not been assigned. Does this sounds like it will work or am I misunderstanding permissions?

I didn't think of the other stuff (search, recent topics...) so thanks for the heads up.
[originally posted on jforum.net by hmppi]
Migrated From Jforum.net
Ranch Hand

Joined: Apr 22, 2012
Posts: 17424
It's do-able but you'll need to find the right spots to add in the checks and have all the needed info to make that decision, e.g., the topic id, the topic poster, the current user, etc.

Just be warned that some of the security code can give you a big headache trying to walk thru it... especially the code that combines all the user's group rights. But you probably won't have to go there.

FWIW, if you deny everyone but the moderators and posters access to this group, that will limit the recent, search, etc.. problems to just those two groups.
[originally posted on jforum.net by monroe]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: user can only see the topics they posted
 
Similar Threads
Limit user to a single topic possible ?
LDAP authentication
Anyway to....?
e-mail notification
How do I restrict posting to a particular Forum