Group 2.x compatible version

So my initial thoughts were to use the calculator because it'd work much the same as the current version, and doesn't have any potential 'out of sync' errors. Plus having a good excuse to use the new flexible permissions calculators would be great.

However, I'm now wondering, if it might not be better to have the forum content appear in the group administration lists, gnode and maybe even group_comments. It could also even be used to get group context that people could use in site implementations, rather than just be only access control on a central forum. Just has the issue of correcting membership if there is any way content gets out of sync, terms are added to groups etc.

> What extra benefit would we get, if the nodes and their content were also attached to the groups?

I'd guess the primary case is the UX (and DX) when dealing with nodes and maybe even comments. They would be listed as group content in the same way that all other content is. The relationship would be available too if the desire is to back reference the group in the same way that you would other group content (Usually linking to, including colour or logos from, parent group/s).

I find the site I'm dealing with having all the forum content under /forum rather than having multiple /group/id/forum is confusing. Everything else lives within a group, and it's not super clear why you see individual forum containers (and not others). But I don't think either route would stop extending the forum.inde and forum.page controllers to have group filtered versions.

The suggestion to split the forums was very much optional extension; and actually can be done which ever way the access control is done. So I think adding that rather confused things. It is one of the possible solutions for the site I'm looking at though; which is very focused on people working on content from within the context of their groups. The other option, for that site, is to keep the one forum but make it clear what groups forum content is in (which I think would be much easier with the group content relationship).

OK I spent a bit of time running through steps for implementation and I can see @jurenhaas your reservations about actually making the content part of the group; even when the content might even only be shown in the group. So running through details - for my own clarity and if anyone else has options.

Forum has:

• Forum taxonomy terms in which Topics are posted, and other (child) Forum and Forum Container terms.
• Forum container taxonomy terms which are identical to Forum terms (same vocabulary) but have a boolean field which means that Topics cannot be posted in them, just other (child). Forum and Forum containers.
• Topic nodes which are posted into Forum terms. There is a single Forum for a Topic and a sql lookup table forum and index table forum_index for this. When moving nodes between terms there's also some idea of shadow Forums I think this can be ignored?
• Reply comments to Topic nodes.

When a Forum (container) is placed in a group it makes sense that all child content Forum (container), Topic and Reply are under the same access control as the Forum (container) itself. Doing so by making Relationship entities for every Term, Node and even Comment entity is clear if maybe a bit fiddly if large Forum with lots of child terms and nodes are moved into, or out of, group. But where I thought this would bring clarity about what content is in a group it adds complexity as it does not make sense that you could remove a child Forum or Topic from a group when its parent is in the group.

The present 1.x compatible Forum Group does this by adding entity_access hooks and node access grants. Which is similar to how the Group 1.x module implements its access control. Group 2.x/3.x drop using node access and go for a comprehensive entity access system by not only implementing entity_access hooks, but also query_alter hooks. What gets added to the queries, and in the access hooks, is based on the permissions that come out of the permissions calculator. Original permissions, in this case, come from the permissions plugins in the modules providing group content relationships. What permissions are relevant to the user (individual), group roles (outsider, insider role), anonymous are computed with the calculator. Group Permissions module, for example, adds to the calculator so you can have different permissions per group (rather than group type).

Thus if forum_group does not add Relationship entities for all the Terms, Nodes (and Comments) in a group. It will have to re-implement the 1,x logic for grants as a query alter; and update the entity_access hooks. I don't think adding a permissions calculator plugin here helps. We are using the output of the group one to find which permissions to apply. Where Group has a reasonable set of JOINs to do this, based on the group relationship entities, Group Forum doesn't because of the taxonomy tree. Just adding the node forum lookup table seems sane. But as 1.x we'll have to do an additional set of queries to get parent terms that might be in groups.

https://git.drupalcode.org/issue/group_forum-3349564/-/compare/2.0.x...3... contains a first pass at reimplementing the option of just one forum (container) in the group and all children forum (containers) and topics being access controlled using the group 2.x style entity access and query alter.

2.x version of this module is Group 1.x compatible.

The branch referenced in this issue is Group 2 compatible.
https://git.drupalcode.org/issue/group_forum-3349564/-/tree/3349564-grou...
We're using it. If it's good it could become a 3.x version of this module.