[feature] permissioned forum access

Addresses: #1305

**Demo**

https://user-images.githubusercontent.com/25191509/210078509-2b229519-0028-4b4a-8c59-7f5c9d2d137f.mov

Co-authored-by: Prashant <[email protected]>

app/controllers/comfy/admin/users_controller.rb

@@ -81,6 +81,7 @@ def update_params
       :can_manage_analytics,
       :can_manage_files,
       :moderator,
+      :can_access_forum,
       :name,
       :can_view_restricted_pages,
       :deliver_analytics_report,

app/controllers/simple_discussion/application_controller.rb

@@ -4,6 +4,7 @@ class SimpleDiscussion::ApplicationController < ::ApplicationController
   before_action :redirect_if_forum_disabled
 
   before_action :redirect_if_not_logged_in, if: -> { Subdomain.current.forum_is_private }
+  before_action :redirect_if_no_access_to_forum, if: -> { Subdomain.current.forum_is_private }
 
   def page_number
     page = params.fetch(:page, "").gsub(/[^0-9]/, "").to_i
@@ -12,7 +13,7 @@ def page_number
   end
 
   def is_moderator_or_owner?(object)
-    is_moderator? || object.user == current_user
+    is_moderator? || (object.user == current_user && current_user.can_access_forum)
   end
   helper_method :is_moderator_or_owner?
 
@@ -21,6 +22,11 @@ def is_moderator?
   end
   helper_method :is_moderator?
 
+  def is_moderator_or_has_forum_access?
+    is_moderator? || current_user&.can_access_forum
+  end
+  helper_method :is_moderator_or_has_forum_access?
+
   def require_mod!
     unless current_user.moderator
       redirect_to_root
@@ -39,6 +45,13 @@ def require_mod_or_author_for_thread!
     end
   end
 
+  def require_mod_or_can_access_forum!
+    unless is_moderator_or_has_forum_access?
+      flash.alert = "You aren't allowed to do that."
+      redirect_back(fallback_location: root_path)
+    end
+  end
+
   private
 
   def redirect_if_not_logged_in
@@ -48,6 +61,10 @@ def redirect_if_not_logged_in
     end
   end
 
+  def redirect_if_no_access_to_forum
+    require_mod_or_can_access_forum!
+  end
+
   def redirect_if_forum_disabled
     unless Subdomain.current.forum_enabled
       flash.alert = 'Forum is disabled'

app/controllers/simple_discussion/forum_posts_controller.rb

@@ -2,6 +2,7 @@ class SimpleDiscussion::ForumPostsController < SimpleDiscussion::ApplicationCont
   before_action :authenticate_user!
   before_action :set_forum_thread
   before_action :set_users_for_mention
+  before_action :require_mod_or_can_access_forum!, only: [:new, :create]
   before_action :set_forum_post, only: [:edit, :update, :destroy]
   before_action :require_mod_or_author_for_post!, only: [:edit, :update, :destroy]
   before_action :require_mod_or_author_for_thread!, only: [:solved, :unsolved]

app/controllers/simple_discussion/forum_threads_controller.rb

@@ -1,5 +1,6 @@
 class SimpleDiscussion::ForumThreadsController < SimpleDiscussion::ApplicationController
   before_action :authenticate_user!, only: [:mine, :participating, :new, :create]
+  before_action :require_mod_or_can_access_forum!, only: [ :new, :create]
   before_action :set_forum_thread, only: [:show, :edit, :update, :destroy]
   before_action :require_mod_or_author_for_thread!, only: [:edit, :update, :destroy]
   before_action :set_users_for_mention

app/views/comfy/admin/users/_form.haml

@@ -79,13 +79,44 @@
                 = f.check_box :can_view_restricted_pages
                 %label 
                   Can view restricted web pages
-              .form-group
-                = f.check_box :moderator
-                %label 
-                  Can manage forum
+              .card
+                .card-header 
+                  .d-inline
+                    = f.check_box :moderator, id: 'moderator'
+                    %label
+                      %strong 
+                        Can manage forum
+                .card-body
+                  .form-group
+                    = f.check_box :can_access_forum, id: 'forum_access'
+                    %label 
+                      Can access Forum
+
   = f.submit "Update", class: 'btn btn-success'
   - unless @user.is_last_admin?
     - confirm_message = "Are you sure you want to remove this user? This cannot be undone."
     - if @user.forum_threads.present? || @user.forum_posts.present? || @user.events.present?
       - confirm_message += "\n\n Note: Deleting this user will affect its associated #{@user.forum_threads.size} forum-threads, #{@user.forum_posts.size} forum-posts and #{@user.events.size} analytics events and will show 'user deleted'."
-    = link_to "Remove", admin_user_path(id: @user.id), method: :delete, class: 'btn btn-sm btn-danger', data: { confirm: confirm_message.html_safe }   
+    = link_to "Remove", admin_user_path(id: @user.id), method: :delete, class: 'btn btn-sm btn-danger', data: { confirm: confirm_message.html_safe }   
+
+:javascript
+  $(document).ready(function() {
+    const moderator_checkbox = $('#moderator');
+    const forum_access_checkbox = $('#forum_access');
+
+    // On initialization
+    if (moderator_checkbox.prop('checked')) {
+      forum_access_checkbox.prop('checked', true);
+    } else {
+      forum_access_checkbox.prop('checked', false);
+    }
+
+    // Add event listener
+    moderator_checkbox.on('change', function() {
+      if (this.checked) {
+        forum_access_checkbox.prop('checked', true);
+      } else {
+        forum_access_checkbox.prop('checked', false);
+      }
+    });
+  });

app/views/simple_discussion/forum_threads/show.html.erb

@@ -26,4 +26,4 @@
 
 <%= render partial: "simple_discussion/forum_posts/forum_post", collection: @forum_thread.forum_posts.includes(:user).sorted %>
 
-<%= render partial: "simple_discussion/forum_posts/form" if user_signed_in? %>
+<%= render partial: "simple_discussion/forum_posts/form" if is_moderator_or_has_forum_access? %>

db/migrate/20221230035120_add_can_access_forum_to_users.rb

@@ -0,0 +1,12 @@
+class AddCanAccessForumToUsers < ActiveRecord::Migration[6.1]
+  def up
+    add_column :users, :can_access_forum, :boolean, default: false
+
+    # Giving all existing users permission to access forum.
+    User.update_all(can_access_forum: true)
+  end
+
+  def down
+    remove_column :users, :can_access_forum
+  end
+end