OG, OG user role and comment permission management

There are at least a couple of ways to do this. One would involve using TAC. But, I like to avoid that whenever possible.

Also, any solution where you use OGR would be a group (i.e., Organic Groups) solution.

So, one idea:

1. You create three groups: F1, F2 and F3.
2. You use the og_forum module and which will create a forum in each group.
3. You create two roles: Member and Contributor
4. In "Access Control" you give "Members" the ability to "access comments". You give "Contributors" the ability to "access comments", "post comments", and "post forum topics".
5. In each group, you use "Configure member roles" to give users who can post in that group the "Contributor" role, and users who can only view the "Member" role.

I would suggest trying this first before TAC, which would be decidedly more complicated.

Thanks for your quick reply and step by step process:

My testings:
My configuration: a fres Drupal 5.7 install, including ACL, views, OG, OGUR and OG Forum. The strict minimum!

I then set things up following the readmes and your step by step process. I have started with just 1 OG group, 1 Forum and 1 user.

1) admin (uid 1) can not post a topic in a forum if he doesn't have the contributor permission in and OG managed Forum. Surprising but I guess it is by design. I understood the the access control permission where taking over everything, including OG context?

2) User Pascal is member of group F1, he has none of the member roles set in this group in OGUR. He is member of none of the roles. Except Authenticated who has: access content checked for "module node".
2a) He can see the forum and topic but not the comment. Is this normal? I would expect him to see only the forum, but not the topic.
2b) When the topic is listed, the number of reply is 1. But the comment is not listed: this is confusing; the number of replies should match the number of comment listed and viewable.
2c) Same issue then 2b): when the Forum is listed, the number of Topic is 1 (OK) and the number of post is 2 (1 topic + 1 comment). It should be only 1 for the same reason than 2b)

3) Added Pascal to Members role in OGUR, he can still not see the comments.

4) Added Pascal to Contributors role in OGUR (now in both groups), he can still not see the comments or post a new topic.

5) removed Pascal from Members, same behavior.

My breadcrumb looks like this when I click on the "General discussion Forum": Home › Forums › OG Group F1
My breadcrumb looks like this when I click on the Forum topic: Home › Groups › OG Group F1 › Forums › OG Group F1 › General discussion Forum : This one doesn't look OK to me but perhaps it is?

I have clear cache checked and applied the patch to the user.module.

This is the record in the test table when I click on the topic (the full table is attached):
2008-08-06 07:51:16 am 2 pascal 7 og_user_roles_all_roles 0 group context: 7 /node/8 (http://localhost-2/forum/8) node 8 Roles Returned: (authenticated user,Member,Contributor)

It looks like ny installation or configuration doesn't work, any idea about what I should check?

OK, I'm confused because you're mixing two separate issues here:

1. OG User Roles permissions
2. Forum access

It appears that OGUR is doing it's job -- providing the permissions that the user should have in the role within the group. If I'm missing something in this regard, please let me know.

It sounds like your questions, Why users can/can't see forum topics and comments, should be directed to either the forum and/or og_forum issues.

Sorry about the confusion.
Perhaps I am really confused!!!

To clarify:
I am not using Forum Access at all.

A few "statemnts":
1) A froum is visible to a user only if the user is in the same OG group (F!): this is clear an working.

2) OGUR should give the access comment permission to the user when the user has the OGUR role (Contributor for example) checked in the user roles configuration, rights?

In my point 4) I say: "Added Pascal to Contributors role in OGUR (now in both groups), he can still not see the comments or post a new topic."

So, Pascal should have the rigth to see comment, and to post comments. But he doesn't.

Below is my OG user role config:

Subscribers: OG Group F1

* List
* Add members
* Configure member roles

Roles
admin (unsubscribe):
Contributor -> checked
Member

pascal (unsubscribe):
Contributor -> checked
Member

Did this calrify anything?

Pascal

Still confused. You say:

To clarify:
I am not using Forum Access at all.

Then you say:

In my point 4) I say: "Added Pascal to Contributors role in OGUR (now in both groups), he can still not see the comments or post a new topic."

Don't you need the forum module to post forum topics?

In any event, to answer your question:

If a user has a OGUR role in a group which gives him the "access comments" permission, then that user should be able to access comments in that group.

If a user has a OGUR role in a group which gives him the "post comment" permission, then that user should be able to post comments in that group.

If this is NOT happening, then your basic OGUR isn't working, in which case you need to follow this recommendation: http://drupal.org/node/290977#comment-949955.

About your question: "Don't you need the forum module to post forum topics?"
I have the core forum module, of course. You where mentioning the "Forum Access" module. I don't have the Forum access module installed.

To remove the forum question or issue:
I tried it with a blog:
Pascal is member of the OG group and has the contributor role (access and post comments) in this OG group. Pascal can see the blog, but not the comment, and of course can not comment.

It obviously does not work like expected (which was also my understanding of OGUR):
*****
"If a user has a OGUR role in a group which gives him the "access comments" permission, then that user should be able to access comments in that group.

If a user has a OGUR role in a group which gives him the "post comment" permission, then that user should be able to post comments in that group."
******

I have applied the patch: og_user_roles.user_.module.5.3.patch and cleared the cache (I kept it checked in the OGUR configuration). I don't see anything more that I should/ could do in http://drupal.org/node/290977#comment-949955 (I followed all the links).

Well, looks like my installation has some issues, I will start from scratch and let you know how it goes!

Thanks for your help.

Pascal

Hello,

Please forget everything posted before this, my installation was not working properly!

I reinstalled a complete version of Drupal and applied the patches for OGUR (og_user_roles.user.module.5.2.patch and og_user_roles.user.module.5.3.patch). I had installed only the 5.3 patch and I guess this is why it didn’t work. So, BOTH patches need to be applied.

I did some testing on the comment permissions (Comment Module permissions in Access Control) and OGUR. I did the tests with blogs only:

What I want to do is to have various blogs, that can be read or commented by various users, depending of the permission given to a user through OGUR. And of course, the users and blogs are in various OG groups.

I have tried to be as clear and precise as possible, I hope it is, and hope it is not too long to read!

This is my configuration: only OG and OG User Roles modules are installed.
*******************************************************

- 2 OG groups: ROTA Staff and All web members

- 3 roles (they are enabled for use in OGUR:
- comments reader: permission = access comments
- post comments without approval = access comments + post comments
- comments poster: permission = access comments + post comments + post comments without approval

- 1 user: Pascal
Pascal is not in All web members.
Pascal is in ROTA Staff (and in OGUR is allowed to edit all nodes.

- 1 blog: BBB

The testing:
*********

A) TEST: The user is only in one OG group (and the blog BBB is in 2 groups).

A.1) if the user is only in one OG group and the blog is in 2 groups: then the node will open in the user’s OG group context and it is working.
A.1.1) Access comment is OK
A.1.2) post comments without approval (not moderated): is OK
A.1.3) post comments (moderated): is OK

A.2) if the user is in both OG groups and the blog is in both groups: the OGUR permission are given in ROTA Staff, not in All web members (because this group is the latest group created)
A.2.1) Access comment: is OK
A.2.2) post comments without approval (not moderated): is OK
A.2.3) post comments (moderated): is OK

A.3) if the user is in both groups and the blog is in both groups. The OGUR permission are given in All web members, not in ROTA Staff (All web members is the first group created, not the )
A.2.1) Access comment: is NOT OK
A.2.2) post comments without approval (not moderated): is NOT OK
A.2.3) post comments (moderated): is NOT OK

From test A.2) and A.3) the conclusion is:
If a blog and a user are in 2 OG groups:
The user needs to have the OGUR permission in the latest OG group that has been created. In other words, he will get the OGUR permission from the OG group he is member of and that has been created the latest.

Conclusion:
*********

OGUR can not be used to give permissions if Iwant a blog AND a user to be in multiple OG groups (audiences).

The user or the blog needs to be in only one OG group.

Or the user needs to have the permission in ALL OG groups. In this case it is not possible to have a user allowed to comment on a blog A that is in 2 OG groups, and not allowed to comment on a blog B that is also in in both OG groups.

To summaries what I understand about OGUR, these are the possible configurations options:

Option 1): OK
The user is in ONLY 1 OG group, the blog is in many OG groups  the blog will open in the users OG group/ context.

Option 2): OK
The blog is in ONLY 1 OG group, the user is in many OG groups  the blog will open in the users OG group/ context.

Option 3): Not good.
The user has the OGUR permission in all the groups where the blog has the audience checked.
This solves the “latest OG group created”. The user has the OGUR permission in all groups.
If a blog is in one OG group (YYY) and the user is not in that group, there is a chance the user will open this OG (YYY) (context), if it is the latest created. Random behavior from the user point of view

Perhaps I am misusing OGUR or I don’t understand how OGUR is working or I don’t understand the purpose of OGUR!
Could someone clarify this for me, and give me a typical usage of OGUR?

Thanks,

Pascal

Option 3): Not good.
The user has the OGUR permission in all the groups where the blog has the audience checked.
This solves the “latest OG group created”. The user has the OGUR permission in all groups.
If a blog is in one OG group (YYY) and the user is not in that group, there is a chance the user will open this OG (YYY) (context), if it is the latest created. Random behavior from the user point of view

Maybe it's just me, but I still don't understand what you're driving at.

A blog is a content type. If a content type is posted in a group, and it is NOT public, then no one outside the group can view it. Even a user with OGUR blog access in every other group except the one in question can NOT view the blog.

OGUR can not give a user access to content in a group that the user does not belong to. OGUR only allows you to assign roles to a user within the context of the group(s) that the user belongs to, one group at a time.

I never really got what the issue as here, but hopefully it's resolved.

Hello,

Nop, unfortunatly it is not solved. And I guess it won't.

I have tested many things but was unable to do what we wanted. I guess I will have to forgett about it for now.

One of the things that I don't understand is that uid 0 (admin) needs to be in a role with Edit permission in order to edit a page when the page is in an OG group. Is this "normal"

Thanks,
Pascal

Sorry. Nothing I can do here because I just don't understand the issue.

One of the things that I don't understand is that uid 0 (admin) needs to be in a role with Edit permission in order to edit a page when the page is in an OG group. Is this "normal"

That is an OG question.