enable write-only forums

when the role-write is lower than the role-read, a forum is considered write-only
for anyone who can write, but not read, they can create posts, but they can only see and reply to their own posts.

users who can read are able to see and reply to all posts in the forum.

app/controllers/forums_controller.rb

@@ -2,12 +2,12 @@ class ForumsController < ApplicationController
   before_filter :check_permission, only: [:show, :edit, :update, :destroy]
 
   def index
-     @groups = Forumgroup.select {|g| g.can_read?(current_user) }
+     @groups = Forumgroup.select {|g| g.can_view?(current_user) }
      @groups.sort_by!{ |g| g.position || 0 }
   end
 
   def show
-    @threads = @forum.forumthreads.to_a
+    @threads = @forum.forumthreads.select {|f| f.can_read?(current_user) }.to_a
     @threads.sort_by! do |t|
       # sticky goes first, then sort by last activity (new replies)
       [t.sticky ? 0 : 1, -(t.replies.last.try(:created_at) || t.created_at).to_i]
@@ -78,7 +78,7 @@ class ForumsController < ApplicationController
 
   def check_permission
     @forum = Forum.find(params[:id])
-    unless @forum.can_read?(current_user)
+    unless @forum.can_view?(current_user)
       flash[:alert] = "You are not allowed to view this forum"
       redirect_to forums_path
     end

app/models/forum.rb

@@ -22,7 +22,11 @@ class Forum < ActiveRecord::Base
   end
 
   def can_write?(user)
-    group.can_write?(user) && can_read?(user) && (role_write.nil? || (!user.nil? && user.role >= role_write))
+    group.can_write?(user) && (role_write.nil? || (!user.nil? && user.role >= role_write))
+  end
+
+  def can_view?(user)
+    can_read?(user) || can_write?(user)
   end
 
   def to_param

app/models/forumgroup.rb

@@ -18,7 +18,11 @@ class Forumgroup < ActiveRecord::Base
   end
 
   def can_write?(user)
-    !user.nil? && can_read?(user) && user.confirmed? && (role_write.nil? || user.role >= role_write)
+    !user.nil? && user.confirmed? && (role_write.nil? || user.role >= role_write)
+  end
+
+  def can_view?(user)
+    can_read?(user) || can_write?(user)
   end
 
   def to_param

app/models/forumthread.rb

@@ -36,11 +36,14 @@ class Forumthread < ActiveRecord::Base
   end
 
   def can_read?(user)
-    forum && forum.can_read?(user)
+    # we might have threads without a forum
+    # e.g. forum deleted
+    forum && forum.can_read?(user) || author == user
   end
 
   def can_write?(user)
-    forum.can_write?(user) && (!locked? || user.mod?)
+    # unlike forums, you shouldn't be able to write when you can't read
+    can_read?(user) && forum.can_write?(user) && (!locked? || user.mod?)
   end
 
   def send_new_mention_mail(old_content = "")

app/views/forums/index.html.erb

@@ -11,20 +11,28 @@
 
       <div class="items bold">
         <% group.forums.sort_by{ |f| f.position || 0 }.each do |f| %>
-          <% if f.can_read?(current_user) %>
+          <% if f.can_view?(current_user) %>
             <div class="item">
               <%= link_to f.name, f, id: "forum-#{f.id}"%>
               <div class="item-info">
                 <% if last_thread = f.threads.last %>
                   <% last_reply = Threadreply.where(forumthread: f.threads).order(:created_at).last %>
                   <% if last_reply && last_reply.created_at > last_thread.created_at %>
-                    <%= last_reply.author.name %>
-                    <%= link_to "replied", forumthread_path(last_reply.thread) + "#reply-#{last_reply.id}" %>
-                    <%= ago last_reply.created_at %>.
+                    <% if last_reply.thread.can_read?(current_user) %>
+                      <%= last_reply.author.name %>
+                      <%= link_to "replied", forumthread_path(last_reply.thread) + "#reply-#{last_reply.id}" %>
+                      <%= ago last_reply.created_at %>.
+                    <% else %>
+                      Hidden
+                    <% end %>
                   <% else %>
-                    <%= last_thread.author.name %>
-                    <%= link_to "posted", forumthread_path(last_thread) %>
-                    <%= ago last_thread.created_at %>.
+                    <% if last_thread.can_read?(current_user) %>
+                      <%= last_thread.author.name %>
+                      <%= link_to "posted", forumthread_path(last_thread) %>
+                      <%= ago last_thread.created_at %>.
+                    <% else %>
+                      Hidden
+                    <% end %>
                   <% end %>
                 <% else %>
                   No posts yet.

app/views/forums/show.html.erb

@@ -1,11 +1,14 @@
-<% title @forum.name %>
-
 <%= link_to @forum.group, forumgroup_path(@forum.group) %> → <%= @forum %>
 
-<h1><%= @forum %></h1>
+<h1><%= title @forum %></h1>
 <% if @forum.can_write?(current_user) %>
   <p><%= link_to "New thread", new_forumthread_path(forum: @forum), class: "btn blue" %></p>
 <% end %>
+
+<% if @forum.role_read && @forum.role_write && @forum.role_write < @forum.role_read %>
+  <div class="lockednote">This forum is write-only. You can only see your own posts.</div>
+<% end %>
+
 <div id="forum_groups">
   <% @threads.each do |thread| %>
     <div class="item-group with-avatar" id="thread-<%= thread.id %>">