Index: openacs-4/packages/forums/tcl/forums-security-procs.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/forums/tcl/forums-security-procs.tcl,v
diff -u -r1.15 -r1.16
--- openacs-4/packages/forums/tcl/forums-security-procs.tcl	7 Aug 2017 23:48:11 -0000	1.15
+++ openacs-4/packages/forums/tcl/forums-security-procs.tcl	27 Sep 2017 11:07:52 -0000	1.16
@@ -37,142 +37,130 @@
         }
     }
 
-    ad_proc -public can_read_message_p {
+    ad_proc -public can_post_forum_p {
         {-user_id ""}
-        {-message_id:required}
+        {-forum_id:required}
     } {
-        # if the user is a guest, they can't see any forum messages at all
-        if { ![acs_privacy::user_can_read_private_data_p -user_id $user_id -object_id [ad_conn package_id]] } {
-            return 0
+        if {[ad_conn user_id] == 0} {
+            return false
         } else {
-            return [permission::permission_p -party_id $user_id -object_id $message_id -privilege read]
+            forum::get -forum_id $forum_id -array forum
+            return [expr {$forum(posting_policy) ne "closed"}]
         }
     }
 
-    ad_proc -public require_read_message {
+    ad_proc -public require_post_forum {
         {-user_id ""}
-        {-message_id:required}
+        {-forum_id:required}
     } {
-        if {![can_read_message_p -user_id $user_id -message_id $message_id]} {
+        if {![can_post_forum_p -user_id $user_id -forum_id $forum_id]} {
             do_abort
         }
     }
 
-    ad_proc -public can_post_forum_p {
+    ad_proc -public can_moderate_forum_p {
         {-user_id ""}
         {-forum_id:required}
     } {
-        return [permission::permission_p -party_id $user_id -object_id $forum_id -privilege create]
+        return [permission::permission_p -party_id $user_id -object_id $forum_id -privilege forum_moderate]
     }
 
-    ad_proc -public require_post_forum {
+    ad_proc -public require_moderate_forum {
         {-user_id ""}
         {-forum_id:required}
     } {
-        if {![can_post_forum_p -user_id $user_id -forum_id $forum_id]} {
+        if {![can_moderate_forum_p -user_id $user_id -forum_id $forum_id]} {
             do_abort
         }
     }
 
-    ad_proc -public can_post_message_p {
+    ad_proc -public permissions {
+        {-forum_id:required}
         {-user_id ""}
+        array_name
+    } {
+        upvar $array_name array
+
+        set array(admin_p)    [forum::security::can_moderate_forum_p -forum_id $forum_id]
+        set array(moderate_p) $array(admin_p)
+        set array(post_p)     [expr {$array(admin_p) || [forum::security::can_post_forum_p -forum_id $forum_id -user_id $user_id]}]
+    }    
+
+    ### Deprecated procs ###
+    # 2017-09-26:    
+    # we decided to simplify forums management and unwire dependency
+    # with the registered_users group. This prevented forums package
+    # to be ever used in a subsite aware context. Now posting policy
+    # and new-threads-allowed won't be managed via setting
+    # permsissions, but through plain table columns. Forum will also
+    # decide for permissions on the messages.
+    
+    ad_proc -deprecated -public can_read_message_p {
+        {-user_id ""}
         {-message_id:required}
     } {
-        return [permission::permission_p -party_id $user_id -object_id $message_id -privilege write]
+        forum::message::get -message_id $message_id -array message
+        return [can_read_forum_p -forum_id $message(forum_id) -user_id $user_id]
     }
 
-    ad_proc -public require_post_message {
+    ad_proc -deprecated -public require_read_message {
         {-user_id ""}
         {-message_id:required}
     } {
-        if {![can_post_message_p -user_id $user_id -message_id $message_id]} {
-            do_abort
-        }
+        forum::message::get -message_id $message_id -array message
+        return [require_read_forum -forum_id $message(forum_id) -user_id $user_id]
     }
-
-    ad_proc -public can_moderate_forum_p {
+    
+    ad_proc -deprecated -public can_post_message_p {
         {-user_id ""}
-        {-forum_id:required}
+        {-message_id:required}
     } {
-        return [permission::permission_p -party_id $user_id -object_id $forum_id -privilege forum_moderate]
+        forum::message::get -message_id $message_id -array message
+        return [can_post_forum_p -forum_id $message(forum_id) -user_id $user_id]
     }
 
-    ad_proc -public require_moderate_forum {
+    ad_proc -deprecated -public require_post_message {
         {-user_id ""}
-        {-forum_id:required}
+        {-message_id:required}
     } {
-        if {![can_moderate_forum_p -user_id $user_id -forum_id $forum_id]} {
-            do_abort
-        }
+        forum::message::get -message_id $message_id -array message
+        return [require_post_forum -forum_id $message(forum_id) -user_id $user_id]
     }
 
-    ad_proc -public can_moderate_message_p {
+    ad_proc -deprecated -public can_moderate_message_p {
         {-user_id ""}
         {-message_id:required}
     } {
-        return [permission::permission_p -party_id $user_id -object_id $message_id -privilege forum_moderate]
+        forum::message::get -message_id $message_id -array message
+        return [can_moderate_forum_p -forum_id $message(forum_id) -user_id $user_id]
     }
 
-    ad_proc -public require_moderate_message {
+    ad_proc -deprecated -public require_moderate_message {
         {-user_id ""}
         {-message_id:required}
     } {
-        if {![can_moderate_message_p -user_id $user_id -message_id $message_id]} {
-            do_abort
-        }
+        forum::message::get -message_id $message_id -array message        
+        return [require_moderate_forum_p -forum_id $message(forum_id) -user_id $user_id]
     }
 
-    ad_proc -public can_admin_forum_p {
+    # admin == moderate!
+    ad_proc -deprecated -public can_admin_forum_p {
         {-user_id ""}
         {-forum_id:required}
     } {
-        return [permission::permission_p -party_id $user_id -object_id $forum_id -privilege forum_moderate]
+        return [can_moderate_p -user_id $user_id -forum_id $forum_id]
     }
 
-    ad_proc -public require_admin_forum {
+    ad_proc -deprecated -public require_admin_forum {
         {-user_id ""}
         {-forum_id:required}
     } {
-        if {![can_admin_forum_p -user_id $user_id -forum_id $forum_id]} {
+        if {![can_moderate_forum_p -user_id $user_id -forum_id $forum_id]} {
             do_abort
         }
     }
 
-    ad_proc -public permissions {
-        {-forum_id:required}
-        {-user_id ""}
-        array_name
-    } {
-      upvar $array_name array
-
-      array set array [list admin_p [forum::security::can_admin_forum_p -forum_id $forum_id]]
-
-      if { !$array(admin_p) } {
-        array set array [list moderate_p [forum::security::can_moderate_forum_p -forum_id $forum_id]]
-        if { !$array(moderate_p) } {
-
-          # Set post_p according to permissions ...
-          array set array [list post_p [forum::security::can_post_forum_p -forum_id $forum_id -user_id $user_id]]
-
-          # ... alternatively, we could use a parameter to behave like
-          # in earlier versions just leave it is a reminder, if
-          # someone still likes the old behavior.  This code should be
-          # removed later....
-          #
-          # if {$user_id == 0 && [parameter::get -parameter "OfferPostForAnonymousUserP" -default 1]} {
-          #   array set array [list post_p 1]
-          # } else {
-          #   array set array [list post_p [forum::security::can_post_forum_p -forum_id $forum_id -user_id $user_id]]
-          # }
-        } else {
-          # moderators can always post
-          array set array [list post_p 1]
-        }
-      } else {
-        array set array [list moderate_p 1]
-        array set array [list post_p 1]
-      }
-    }
+    ###
 }
 
 # Local variables: