Currently adding a discussion forum is easy, but adding the permissions requires magic incantations, knowledge about code names, content types and object IDs. While the flexibility is good, it should be reserved for special cases. Most forums have similar requirements * Let everybody see articles * Let signed in users write articles * Let signed in users reply to articles. Adding a forum should assign those permissions by default. Adding new permissions should be as easy as selecting them from a list and clicking a button to assign them instead of needing to know about code names.
We should probably replace our object-level permissions app (django-authority) with something more modern and maintained.
Mike Kelly used django-guardian on Captain (https://pypi.python.org/pypi/django-guardian). The byline suggests that's similar to django-authority, but I don't have much experience with either.
You need to log in before you can comment on or make changes to this bug.