i want to rewrite apioforum's permissions system because the current system is confusing and hard to understand. firstly, inheritance of subforums will be removed. (forums will instead be able to link to other forums on their main page). this is because the inheritance system makes everything a lot more complicated to understand and reason about, but doesn't really add much value imo.

then, i am currently unable to decide between the following models:

option 1

every forum is either 'public' or 'private'. 'public' forums have a list of managers. a manager of a public forum can do anything in that forum. 'public' forums also have a set of permissions, which describe what actions (create thread, reply to thread, vote on polls, etc...) can be done by everyone who is not a manager of that forum.

'private' forums have a list of managers, and a list of members. a manager of a private forum can do anything in that forum. 'private' forums have a set of permissions, which describe what actions can be done by everyone who is a member of that forum. people who aren't a manager or a member of a private forum can't do anything at all in that forum, not even view posts in it or see that it exists.

option 2

all forums have a list of managers and a list of members. a manager of a forum can always do anything in that forum. each forum also has two sets of permissions. the first describes what actions members of that forum can perform, and the second describes what actions users who are neither managers nor members of that forum can do.

this generalizes option 1: a 'private' forum is just a forum where non-members can't view things. i feel like this one is more useful, maybe

option 3

in all forums, every user has a 'role'. if a user doesn't have a role explicitly set in a forum, its role is considered to be 'other'. if a user's role in a forum is 'manager', that user can always do anything in that forum.

for every role that is used in a forum (including 'other'), that forum has a set of permissions, describing what actions can be taken by users with that role.

this is very similar to the current system, just without inheritance


i am not sure which of these options would be the best to use. if you have any thoughts on these options, or if you have any other ideas for how it should work, post them below