I wonder if there’s a good way of doing read-only users by now? Couldn’t find anything although one of the initial posts about blocked could perhaps be used as a not-so-pretty-way.
This was a really good post:
For example: Category ABC is set up so that everyone can see, reply, and create, and Group random_restricted_users can see. By definition, everyone in Group random_restricted_users is part of everyone, so they have full permissions. Could there be some type of toggle to force those in Group random_restricted_users to follow the group permissions, and not inheret any others? (Staff should be immune to this to prevent locking oneself out of a category).
I’ve done my fair deal of permission systems in my days and the best ones tend to get very complicated (well, simple really but almost always end up with inheritance/recursion models which not every coder in the world seems to be able to grasp). So a finer permission control system isn’t needed but forced permissions (no inheritance) or negative inheritance (don’t ask if you don’t get it ) would be waaay useful. With Discourse it feels like I have a different key for each door in my house if you permit an analogy. Don’t get me wrong, I absolutely love Discourse.
I’ll give a few examples of what we need or what we have created workarounds for. Might explain needs better. No need to give me “better” solutions to how we have done it. Some things might have been done before Discourse had possibilities that are/were better and we are fine with that. Again, everything from here onwards is explanatory…
We use sso for everything. One of the sites has a top level with all the general information and closed off sections for different groups.
We want people to be able to come in and look at the closed off section only, not drown in how Discourse works compared to other forum software etc. So a read only user for one category only would be nice.
We need to allow people to post anonymously (and as much as I hate that, i.e. we almost force people to use their own name and not aliases). Rare, I admit, but perhaps I should give a few examples… Sensitive information (especially about children, parenting groups) and “new ideas” (which might collide with your current employer or maybe it’s not good to show your current employer you are considering other options).
Discourses current way (haven’t checked since Summer 2016 really) isn’t good enough so the sso solution uses a pool of anonymous users that get all links destroyed after a few hours. Basically you can get back in and continue commenting retaining your user for a while. After that all links are destroyed to guarantee you are anonymous (without major ip address, log searching, sleuthing, operator help etc). This anonymous approach still requires you to be a registered user though, hence the need for read-only.