naderman wrote:I think we should decouple permissions from the forum concept and rather deal with arbitrary permission domains. These could be forums, pages, topics, posts or whatever.
Since my site has much more permissions-controlled areas than just the forums, I wrote my own permissions system a year ago. It got rid of the system I hated, groups, and replaced it with roles.
How it works is that each major area of the site which has access permissions is called a zone. Right now, I have 7 or so zones: forums, newsstand, gallery, knowledge base, auditorium, and so on.
Each zone has its own set of permissions. So for the forums, there's auth_post, auth_reply, auth_vote and so on. Pretty standard. Within each zone, sub-zones can be defined to give permissions for only a particular forum, category, or section. If the sub-zone is set to 0, then that means that all sections are affected, or in other words, global permissions.
Sets of Yes/No settings for each zone are grouped into Roles, just like in phpBB 3's auth system. For forums, I have two roles: Moderator, and Private Access. Moderator role allows the user mod privileges, while Private Access allows the user to access a forum marked as hidden/private.
The final step is to apply these roles to a user. I can either give the user a role in certain sub-zones, or I can give the user global permissions. I can also check to see which users have been assigned what roles, and vice-versa.
Now, obviously, this system was just designed for my own personal use on my site, and as such may not be general enough for everyone, but that's just a basic description of how it works. I'm quite satisfied with it!