Feature Request/Idea: Roles/Permissions/Groups #2534
Thanks for the great project!
Given I have a website with lots of different usergroups (that have different access permissions) it seems that it is not safely possible to embed/use Talk. As all Talk comments only have one shared global "authorization realm". So every (authenticated) user can read/comment on every comment thread..
What would be needed is that I can categorize and assign Threads to different usergroups. And then limit access to these usergroups by using permissions. Example: Threads in category "finance" (can be read by users that are assigned the finance usergroup) will not be able to be accessed by people wo are assigned the "tech" usergroup... This would be a typical RBAC (role based access) system.
Maybe a better example in the context of Newspapers is: You have free and paid user accounts. And you do not want that "free users" can read the comments/threads of "paid users". Talk seems to generate an id/hash for every thread. And there is no feature that prevents anyone who has got hold of this id, to access the thread/comments. There are a lot of use-cases where this is not secure enough... Every access should check if the user is really allowed (has the permission) to access the thread/comments...
Are there any plans to introduce features like this?
What are your suggestions how this could be implemented (it seems no plugins are supported for extension in V5, but most likely this is a core feature anyway)?