Skip to content

Post visibility by role#28

Merged
katiez667 merged 7 commits intomainfrom
post-visibility-by-role
Feb 17, 2026
Merged

Post visibility by role#28
katiez667 merged 7 commits intomainfrom
post-visibility-by-role

Conversation

@Val551
Copy link

@Val551 Val551 commented Feb 17, 2026

This PR implements role-based post visibility, allowing TAs and Professors to create posts that are only visible to instructors. Students cannot see these posts in any view. The implementation adds a targetRole field to posts and enforces visibility checks across all post-loading paths.

Changes Included
Added isUserInRole() helper in src/user/roles.js to check group membership for visibility checks
Added authorization guard in src/api/topics.js that strips targetRole from the payload if the caller is not an admin, TA, or
Professor

Enforced visibility in src/privileges/posts.js in both filter() and get() so restricted posts are hidden from students in search, recent posts, and direct API access

Added role-based filter in src/topics/posts.js for the topic page view and src/topics/teaser.js for category listing teasers
Added "Everyone / Instructors only" dropdown to the quick reply composer in public/src/modules/quickreply.js, only visible to TAs and Professors via isInstructor flag added insrc/controllers/topics.js

Updated OpenAPI schemas and src/posts/summary.js to include targetRole so API validation tests pass
Added 12 automated tests in test/role-visibility.js and user documentation in UserGuide.md

I used the targetRole field directly on posts rather than a separate permissions table. Since NodeBB uses a schemaless Redis store, no migration was needed. The visibility check follows the same pattern as user.blocks.filter() in the existing codebase.

Resolved #22

@coveralls
Copy link

Pull Request Test Coverage Report for Build 22083820104

Details

  • 32 of 32 (100.0%) changed or added relevant lines in 8 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage increased (+0.05%) to 78.924%

Totals Coverage Status
Change from base Build 21888879291: 0.05%
Covered Lines: 25490
Relevant Lines: 30458

💛 - Coveralls

@katiez667 katiez667 merged commit 2718d5f into main Feb 17, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Link Post To options to backend capabilities, define viewing abilities

3 participants

Comments