I have a requirement to allow users to "cross-post" content (in this case, discussions, but could apply to any content type) to multiple sites. Note that this is NOT referring to a copy of the content, but instead is allowing users to see the same content object in different sites. I have found 2 different ways to do this:
1) create the content and assign multiple parents to it
2) create the content in the original site, and then create link objects in the other sites that refer back to the original object.
Either method works fine if the discussion is created in a public site is cross-posted to any other site type. But if the discussion is created in a moderated site, that's where the problems occur. For example, if user 1 creates a discussion in a moderated site, and cross-posts it to a community site, and user 2 is not a member of the moderated site, I get "access denied" errors when user 2 trying to view the discussion from the community site.
I extended the ForumTopicsGet code in order to retrieve either the link objects or the multiple parent objects for the current site, but when I try to get information from the nodeRef to render the topics, that's when the errors occur (usually on the getProperties call). I have tried to use groups or roles of some kind to enable temporary access, but can't quite get the right combination and usually get errors like "transaction is read-only" when trying to do anything with permissions or authorities as part of the ForumTopicsGet execution. What did work was to call authenticationService.authenticate() with the admin user, but that seems to be a risky operation. Do you have any suggestions as to how I can get around the permissions problems? I thought that using multiple parents would work, but it seems to be using the primary parent (the moderated site) for access permissions instead of the current site. Any suggestions would be greatly appreciated!
