--- sites/all/modules/og_forum/og_forum.module	2009-05-17 19:15:10.000000000 +0300
+++ sites/all/modules/og_forum/og_forum_plusaccess.module	2009-05-18 11:01:57.000000000 +0300
@@ -1684,6 +1684,7 @@ function og_forum_public($gid, $tid) {
   $sql = "UPDATE {og_term} SET public = %d WHERE tid = %d and nid = %d";
   db_query($sql, PUBLIC_BY_GROUP_OWNER, $tid, $gid);
   db_query($sql, PUBLIC_BY_GROUP_OWNER, $container, $gid);
+  _og_forum_rebuild_forum_grants($tid);
   return drupal_goto('og_forum/manage/'. $gid);
 } // function og_forum_public()
 
@@ -1703,6 +1704,7 @@ function og_forum_private($gid, $tid) {
   if (!$result) {//if no other forums in the group are public, go ahead and make the container private
     db_query($sql, PRIVATE_DEFAULT, $container, $gid);
   }
+  _og_forum_rebuild_forum_grants($tid);
   return drupal_goto('og_forum/manage/'. $gid);
 } // function og_forum_private()
 
@@ -1755,3 +1757,165 @@ function og_forum_format($topic) {
     return t('n/a');
   }
 }
+
+
+
+function og_forum_disabling($set = NULL) {
+  static $disabling = false;
+  if ($set !== NULL) {
+    $disabling = $set;
+  }
+  return $disabling;
+}
+
+/* The following functions manage the visibility of 
+ * Node accessebility. If a forum is private and a user is not
+ * subscribed to the group, he will not have access to the forum
+ * posts.
+ */
+
+
+function og_forum_node_access_records($node) {
+  if (og_forum_disabling()) {
+    return;
+  }
+ 
+  $grants = array();
+
+  if ($node->type=='forum') {
+    // one relm per group the node is in...
+    $query = db_query("SELECT tid FROM {term_node} WHERE nid = %d",$node->nid);
+    while ($tid = db_fetch_object($query)->tid) {
+      if (!og_forum_is_public($tid)) {
+        $gid = og_forum_gid_from_tid($tid);
+        $grants[] = array(
+          'realm' => 'og_forum',
+          'gid' => $gid,
+          'gr ant_view' => TRUE,
+          'grant_update' => FALSE,
+          'grant_delete' => FALSE,
+          'priority' => 0,
+          );
+      } else {
+        $grants[] = array(
+          'realm' => 'og_forum_public',
+          'gid' => TRUE,
+          'grant_view' => TRUE,
+          'grant_update' => FALSE,
+          'grant_delete' => FALSE,
+          'priority' => 0,
+          );
+      }
+    }
+   
+    $grants[] = array(
+      'realm' => 'og_forum_author',
+      'gid' => $node->uid,
+      'grant_view' => TRUE,
+      'grant_update' => TRUE,
+      'grant_delete' => TRUE,
+      'priority' => 0,
+    );
+    return $grants;
+  }
+}
+
+function og_forum_node_grants($account, $op) {
+  $grants['og_forum']=array_keys($account->og_groups);
+  $grants['og_forum_author'] = array($account->uid);
+  $grants['og_forum_public'] = array(TRUE);
+  return $grants;
+}
+
+/**
+ * Implementation of hook_node_access_explain.
+ */
+function og_forum_node_access_explain($row) {
+  if ($row->realm == 'og_forum') {
+    return t('All users may view this Forum Post.');
+  }
+  elseif ($row->realm == 'og_forum_author') {
+    return t('The Author of this Forum Post may Edit and Delete this node.');
+  }
+  elseif ($row->realm == 'og_forum_public') {
+    return t('All users may view forum posts in a Public Forum.');
+  }
+}
+
+/* Recalculate the accessrights on the forum posts
+ * called whenever a forum is changed from public to private
+ */
+function _og_forum_rebuild_forum_grants($tid) {
+  /* node_access_aquire_grants stores the grants, but it does not delete them first
+   * that is pretty useless. So, h
+   */
+  $query = "DELETE FROM {node_access} WHERE nid IN (SELECT nid FROM {term_node} nt WHERE nt.tid = %d ) AND realm in ('%s', '%s', '%s')";
+  db_query($query, $node->nid, 'og_forum', 'og_forum_author', 'og_forum_public');
+  
+  /* Now, recreate the grants for all posts in the forum */ 
+  $sql = "SELECT nid FROM {term_node} nt WHERE nt.tid = %d";
+  $result = db_query($sql, $tid);
+  while ($node = db_fetch_object($result)) {
+    $thenode = node_load($node->nid);
+    node_access_acquire_grants($thenode);
+    unset($thenode);
+  }
+}
+
+/* The following functions try limit the accesibility of comments in the forum
+ * Unfortunatly, a fix in core is needed to make this work.
+ * Setting node->comment to 1 here has no effect due to a bug filed here
+ * http://drupal.org/node/460596
+ * 
+ *  Rule:
+ *  Make the comments read-only if: Forum is public but user is not a member of the parent group.
+ */
+
+function og_forum_preprocess_node(&$variables) {
+  if ($variables['type']=='forum') {
+    if ((!_og_forum_canposttoforum($variables['node'])) && ($variables['node']->comment ==2)) { 
+      $variables['node']->comment = 1;
+    }
+  }
+} 
+
+/* helper function to determine if a user is a member of the current $node's 
+ * forums, parents group
+ */
+
+function _og_forum_canposttoforum($node) {
+  global $user;
+  $groups = array_keys($node->og_groups);
+  $gid = $groups[0];
+
+  $result = !empty($gid) && array_key_exists($gid, $user->og_groups);
+  
+  return ($result);
+}
+
+
+/* Remove the Comment link from the forum posts when user is not a member of the group
+ * This is not necessarily secure, as in, you can still get to the comment page
+ * by using the direct link.
+ */
+ 
+ function og_forum_link_alter(&$links, $node)  {
+  foreach ($links as $module => $link) {
+    if (isset($node->og_groups)) {
+      if (strstr($module, 'comment_add')) {
+      $groups = array_keys($node->og_groups);
+      $grp = $groups[0];
+        if (($grp > 0) && (!_og_forum_canposttoforum($node))) {
+          $links['comment_add']['title'] = '';
+          $links['comment_add']['href'] = '';
+
+          // Link back to the forum and not the taxonomy term page
+          // TODO: Check if group is Joinable
+          $links['og_forum']['title'] = t("Join this Group to post comments");
+          $links['og_forum']['href'] = "og/subscribe/". $grp;
+          $links['og_forum']['query']= "node/". $node->nid;
+        }
+      }
+    }
+  }
+}