We’ve been running into a number of issues with Discourse’s trust level system due to how rigid and ingrained it is into permissions. Granted, there was a way to shoehorn our needs into the mold Discourse provides, but Discourse might not always support the distribution of permissions I want. For instance:
TL0: Read-only + like + vote
TL1: TL0 + write access to some categories + PMs (have to separate trust level for PM setting)
TL2: new user restrictions removed
Because I have to force TL1 into a new trust level for the PM setting, that role no longer has new user restrictions applied. There are likely a large number of other cases I could invent where Discourse’s trust level system does not mesh great with permissions. In the end, I have to contract someone to write code for me because my desired functionality isn’t feasible otherwise. Not only do I have to write code, but I also have to fork Discourse because trust levels are hardcoded into the source:
def can_edit_topic?(topic)
...
return true if (
SiteSetting.trusted_users_can_edit_others? &&
...
user.has_trust_level?(TrustLevel[4])&&
...
)
return true if (
SiteSetting.trusted_users_can_edit_others? &&
...
user.has_trust_level?(TrustLevel[3])&&
...
)
...
end
This becomes a massive hassle for forum admins. Why are trust levels so integral in the first place, as opposed to using a more modular approach (e.g. tie every permission to groups)? If permissions were configured per-group, I could create as many as I’d like, and trust levels are already groups:
https://meta.discourse.org/groups/trust_level_1
This would also allow me to modularize permissions, so instead of applying restrictions to the trust_level_1 group, I could create a “new user restrictions” group and add that to anyone who gets TL0 or TL1. This could all be done without having to hire someone to modify Discourse and make updating an extreme pain.