Vulnerability in EPiServer.Forms
What would be your approach when it comes to developing a simple forum for an EPiServer CMS 6 site (without depending on other EPi-software, only the CMS), a forum pretty much like this one? Or maybe I should just ask, how is this forum built up? :)
Just a bunch of different page types and some forum-specific logic? :s
There's a sample forum in the AlloyTech sample that you could take a look at.
EPiServer World is based on EPiServer Relate, i.e. EPiServer Community and Relate templates. You might want to look at that if you don't want to make the forum functionality all by your self.
Getting Relate+ just for a simple forum is not overkill? :)
You can use the Dynamic Data Store to store the forum data if you didn't want to use the page model
DDS would be quite a good option, I use it to store comments for pages and it seems to work well, I have also built moderation on top which was not much of a problem, think you will jsut need to expand on top of this, to get your simple forum.
Thanks guys. I previously looked at the Allow sample forum, and to be honest and didn't like that approach very much. Relate+ is indeed overkill in this scenario, and I don't really mind building the logic myself.
DDS is interesting, only read the docs about it, never found any application for it yet. This might be it. And I love the LINQ integration!
We wrote a simple forum for a client a couple months ago in respects to just using episerver cms 6r2. We did it with pagetypes and some plugins that hide comments -> child pages of the topic. We created a forum pagetype -> Topic PageType -> Thread PageType. On these pagetypes, there is some properties for how many items are being displayed per page, etc. Simple stuff. This is the approach we chose to take since it was for an intranet. If you have any questions, your more than welcome to email me. Thanks, hope this helps.
+1 for Joshua's take. Using pages you'll have the complete moderation functionality "for free" inside edit mode.
Iam also making a simple kind of forum, and I have a simple question ragarding that.
When a page gets created with the user input from the form I use: DataFactory.Instance.Save(newPostPage, SaveAction.Publish, AccessLevel.Read);
Should I instead use AccessLevel.NoAccess?
I want every visitor to be able to make posts. Does it matter - 'Read' or 'NoAccess'? In our EpiServer installation 'everyone' has read access to the page.
When would I want to use NoAccess?
'NoAccess' will allow you to save/publish the page regardless of the current users permissions
if you use 'Read' the user will need at least this permission to save / publish the page
Minesh Shah: Thank you for your answer. So If 'everyone' has read rights to the startpage node and its children, it doesnt really matter which I go with in this case? Just want to make sure, sorry if this is a newbie question.
NoAccess should be thought of as NoAccessCheckWillTakePlace. I normally use it for stuff such as forums and article comments. It should have a performance benefit over the other options.
Thank you kindly Johan.