diff --git a/public/forum/forum.php b/public/forum/forum.php
index df19c3dd..0e9ae89d 100644
--- a/public/forum/forum.php
+++ b/public/forum/forum.php
@@ -17,6 +17,15 @@ if (empty($forum) || ($forum['forum_type'] == MSZ_FORUM_TYPE_LINK && empty($foru
     return;
 }
 
+$perms = forum_perms_get_user(MSZ_FORUM_PERMS_GENERAL, $forum['forum_id'], $app->getUserId());
+
+if (!perms_check($perms, MSZ_FORUM_PERM_VIEW_FORUM)) {
+    echo render_error(403);
+    return;
+}
+
+tpl_var('forum_perms', $perms);
+
 if ($forum['forum_type'] == MSZ_FORUM_TYPE_LINK) {
     forum_increment_clicks($forum['forum_id']);
     header('Location: ' . $forum['forum_link']);
diff --git a/public/forum/posting.php b/public/forum/posting.php
index b6194163..0899b9b7 100644
--- a/public/forum/posting.php
+++ b/public/forum/posting.php
@@ -68,13 +68,18 @@ if (empty($forum)) {
     return;
 }
 
-if ($forum['forum_type'] != MSZ_FORUM_TYPE_DISCUSSION) {
-    echo render_error(400);
+$perms = forum_perms_get_user(MSZ_FORUM_PERMS_GENERAL, $forum['forum_id'], $app->getUserId());
+
+if ($forum['forum_archived']
+    || !empty($topic['topic_locked'])
+    || !perms_check($perms, MSZ_FORUM_PERM_VIEW_FORUM | MSZ_FORUM_PERM_CREATE_POST)
+    || (empty($topic) && !perms_check($perms, MSZ_FORUM_PERM_CREATE_TOPIC))) {
+    echo render_error(403);
     return;
 }
 
-if ($forum['forum_archived'] || !empty($topic['topic_locked'])) {
-    echo render_error(403);
+if (!forum_may_have_topics($forum['forum_type'])) {
+    echo render_error(400);
     return;
 }
 
diff --git a/public/forum/topic.php b/public/forum/topic.php
index 943f090a..85d8d3fe 100644
--- a/public/forum/topic.php
+++ b/public/forum/topic.php
@@ -22,6 +22,13 @@ if (!$topic) {
     return;
 }
 
+$perms = forum_perms_get_user(MSZ_FORUM_PERMS_GENERAL, $topic['forum_id'], $app->getUserId());
+
+if (!perms_check($perms, MSZ_FORUM_PERM_VIEW_FORUM)) {
+    echo render_error(403);
+    return;
+}
+
 $posts = forum_post_listing($topic['topic_id'], $postsOffset, $postsRange);
 
 if (!$posts) {
diff --git a/src/Application.php b/src/Application.php
index 5cf6018d..5c6dd389 100644
--- a/src/Application.php
+++ b/src/Application.php
@@ -294,11 +294,11 @@ class Application extends ApplicationBase
         tpl_add_function('parse_text', true);
         tpl_add_function('asset_url', true);
         tpl_add_function('vsprintf', true);
+        tpl_add_function('perms_check', true);
 
         tpl_add_function('git_commit_hash');
         tpl_add_function('git_branch');
         tpl_add_function('csrf_token', false, 'tmp_csrf_token');
-        tpl_add_function('perms_check');
 
         tpl_var('app', $this);
     }
diff --git a/src/Forum/perms.php b/src/Forum/perms.php
index 4f88505f..eef59377 100644
--- a/src/Forum/perms.php
+++ b/src/Forum/perms.php
@@ -41,7 +41,7 @@ function forum_perms_get_user_sql(
         '
             SELECT BIT_OR(`%1$s_perms`)
             FROM `msz_forum_permissions_view`
-            WHERE `forum_id` = %2$s
+            WHERE (`forum_id` = %2$s OR `forum_id` IS NULL)
             AND (
                 (`user_id` IS NULL AND `role_id` IS NULL)
                 OR (`user_id` = %3$s AND `role_id` IS NULL)
@@ -72,8 +72,8 @@ function forum_perms_get_user(string $prefix, int $forum, int $user): int
 
     $getPerms = Database::prepare(forum_perms_get_user_sql($prefix));
     $getPerms->bindValue('perm_forum_id', $forum);
-    $getPerms->bindValue('perm_user_id_1', $user);
-    $getPerms->bindValue('perm_user_id_2', $user);
+    $getPerms->bindValue('perm_user_id_user', $user);
+    $getPerms->bindValue('perm_user_id_role', $user);
     return $getPerms->execute() ? (int)$getPerms->fetchColumn() : 0;
 }
 
@@ -84,12 +84,9 @@ function forum_perms_get_role(string $prefix, int $forum, int $role): int
     }
 
     $getPerms = Database::prepare("
-        SELECT `{$prefix}_perms_allow` &~ `{$prefix}_perms_deny`
-        FROM `msz_forum_permissions`
-        WHERE (
-            `forum_id` = :forum_id
-            OR `forum_id` IS NULL
-        )
+        SELECT BIT_OR(`{$prefix}_perms`)
+        FROM `msz_forum_permissions_view`
+        WHERE (`forum_id` = :forum_id OR `forum_id` IS NULL)
         AND `role_id` = :role_id
         AND `user_id` IS NULL
     ");
diff --git a/src/Forum/post.php b/src/Forum/post.php
index 9a5d2872..b20459ea 100644
--- a/src/Forum/post.php
+++ b/src/Forum/post.php
@@ -59,7 +59,7 @@ function forum_post_find(int $postId): array
     ');
     $getPostInfo->bindValue('post_id', $postId);
 
-    return $getPostInfo->execute() ? $getPostInfo->fetch() : false;
+    return $getPostInfo->execute() ? $getPostInfo->fetch() : [];
 }
 
 define('MSZ_FORUM_POST_LISTING_QUERY_STANDARD', '
diff --git a/src/Forum/validate.php b/src/Forum/validate.php
index e743ce6a..850a397b 100644
--- a/src/Forum/validate.php
+++ b/src/Forum/validate.php
@@ -1,7 +1,7 @@
 <?php
 define('MSZ_TOPIC_TITLE_LENGTH_MIN', 5);
 define('MSZ_TOPIC_TITLE_LENGTH_MAX', 100);
-define('MSZ_POST_TEXT_LENGTH_MIN', 5);
+define('MSZ_POST_TEXT_LENGTH_MIN', 3);
 define('MSZ_POST_TEXT_LENGTH_MAX', 60000);
 
 function forum_validate_title(string $title): string
diff --git a/templates/forum/forum.twig b/templates/forum/forum.twig
index a9eb1863..a448da06 100644
--- a/templates/forum/forum.twig
+++ b/templates/forum/forum.twig
@@ -16,7 +16,7 @@
     {% endif %}
 
     {% if forum_info.forum_type == 0 %}
-        {% set fcbuttons = app.hasActiveSession ? forum_category_buttons(forum_info) : '' %}
+        {% set fcbuttons = app.hasActiveSession ? forum_category_buttons(forum_info, forum_perms) : '' %}
         {% set fcpagination = pagination(
             forum_info.forum_topic_count,
             forum_range,
diff --git a/templates/forum/macros.twig b/templates/forum/macros.twig
index a601e9a2..069419cf 100644
--- a/templates/forum/macros.twig
+++ b/templates/forum/macros.twig
@@ -17,9 +17,11 @@
     </div>
 {% endmacro %}
 
-{% macro forum_category_buttons(forum) %}
+{% macro forum_category_buttons(forum, perms) %}
     <div class="forum__actions forum__actions__content">
-        <a href="/forum/posting.php?f={{ forum.forum_id }}" class="input__button forum__actions__button">New Topic</a>
+        {% if perms|perms_check(constant('MSZ_FORUM_PERM_CREATE_TOPIC')) %}
+            <a href="/forum/posting.php?f={{ forum.forum_id }}" class="input__button forum__actions__button">New Topic</a>
+        {% endif %}
     </div>
 {% endmacro %}