Post visibility by role

[Val551]

This PR implements role-based post visibility, allowing TAs and Professors to create posts that are only visible to instructors. Students cannot see these posts in any view. The implementation adds a targetRole field to posts and enforces visibility checks across all post-loading paths.

Changes Included
Added isUserInRole() helper in src/user/roles.js to check group membership for visibility checks
Added authorization guard in src/api/topics.js that strips targetRole from the payload if the caller is not an admin, TA, or
Professor

Enforced visibility in src/privileges/posts.js in both filter() and get() so restricted posts are hidden from students in search, recent posts, and direct API access

Added role-based filter in src/topics/posts.js for the topic page view and src/topics/teaser.js for category listing teasers
Added "Everyone / Instructors only" dropdown to the quick reply composer in public/src/modules/quickreply.js, only visible to TAs and Professors via isInstructor flag added insrc/controllers/topics.js

Updated OpenAPI schemas and src/posts/summary.js to include targetRole so API validation tests pass
Added 12 automated tests in test/role-visibility.js and user documentation in UserGuide.md

I used the targetRole field directly on posts rather than a separate permissions table. Since NodeBB uses a schemaless Redis store, no migration was needed. The visibility check follows the same pattern as user.blocks.filter() in the existing codebase.

Resolved #22

[coveralls]

Pull Request Test Coverage Report for Build 22083820104

Details

• 32 of 32 (100.0%) changed or added relevant lines in 8 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+0.05%) to 78.924%

---

Totals
Change from base Build 21888879291:	0.05%
Covered Lines:	25490
Relevant Lines:	30458

---

💛 - Coveralls