k found it. Using the permissiondefinitions.xml i changed the collaborator rights:
<!– A collaborator can do anything that an editor and a contributor can do –>
<permissionGroup name="Collaborator" allowFullControl="false" expose="true">
<!– includePermissionGroup permissionGroup="Editor" type="cm:cmobject" / –>
<includePermissionGroup permissionGroup="Contributor" type="cm:cmobject" />
</permissionGroup>
This did solve the edit-all functionality for e.g. collaborators which is not needed by my client.
On the blog noderef in a single ex. script i added the add posts permissions:
permissionService.setPermission(nodeRef, "GROUP_site_XXX_ROLE", PermissionService.ADD_CHILDREN, false);
permissionService.setPermission(nodeRef, "GROUP_site_XXX_ROLE", PermissionService.CREATE_CHILDREN, false);
Where XXX is the sitename, ROLE: contributor & consumer
ForumModel.TYPE_POST nodes have onCreateNode behaviour which removes editor rights for collaborator and removes all write rights for contributor,consumer,collaborator, making it impossible to edit for non-owners except managers.
ForumModel.TYPE_TOPIC nodes gain create_children / add_children permission with use of onCreateNode behaviour to allow everyone to reply on a discussion.