Well, the vote is down to email and skinning. I have pretty much rewritten the Module Permissions enhancement and tested it in about one night. I checked out how UDT was doing it and it was exactly what I wanted so I took a 'skeleton' of their permissions code and used that to start with.
What this has done is allowed me to:
Remove module action dependancies on Admin perms for normal users. THis means the edit container does not have to load in all cases it normally would not. This, in turn, allows pages to be viewed with all other mods on the page in tact for most usage.
Made coding permission checks extremely simple. THe rules are all baked in the security file so you simply check the lowest common denominator function. (if look for ability to post, look for perms set that says yes. This perm set says yes if the user is a forum admin, global moderator, has mod edit perms, site admin - finally the check of the roles for with this ability being set under mod settings)
While I was in there it allowed me to catch a few minor bugs I saw in some logic (allowing people to reply to a closed thread was a bit off in mod situations) and I changed some of the parent items to make more sense when reading the code. (ie. instead of saying Post.Parent.Parent, this actually became Post.ParentThread.ParentForum). This allowed me to identify some other things neglected such as a person could find a way to post a reply to a forum that was no longer active if they used a direct url entry.
In the end, I added four permission sets for the module to use:
Forum Admin - Allows users to fully administrate forum module but not have total edit rights to the module (ie. module settings)
Forum Global Moderator - this allows global moderator assignment via roles (and module settings) These people can edit any post, move any post, approve any post, delete any post in any forum. (As long as it is not private and they cannot see it)
Start Post - This is basically the equivalent of giving edit rights to registered users. What this means is anyone who is in the roles assigned for this can post a reply or start a new thread. (Again, if they can see it and perms are not overriden at specific private forum level). This will eventually be divided further into Start Thread and Post Reply. I didn't want too much transition in this version to the next and I am affraid of a support nightmare if i do this in one swoop.
While I was in there I started working in the future possibiity of anonymous posting. Right now and in the next version this will still not be possible as everything in Start Post verifies the userid > 0. (The forum admin and global moderator will never allow unauthenticated users to do these roles no matter what!) I am not sure when I will work this in, there is much more to consider yet.
I also exposed the PM system. I have some testing to do here and still have to review the rest of the module because of the perm changes to make sure it is 100% solid. However, I feel it might not take too long for a release. I am also going to focus on the SQL 2k5 usage problems along with other outstanding bugs that are making usage of the module difficult.