Skip to content
Snippets Groups Projects
Commit 304c99a3 authored by Dennis Benz's avatar Dennis Benz
Browse files

Reduce user roles to pevent errors in Opencast (#1340) 

* Reduce user roles by checking config setting `episode_id_role_access`

* Fix broken playlist roles by adding playlist migration check

(cherry picked from commit 54735d93)
parent 3af327ee
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/Routes/Opencast/UserRoles.php
+ 54
32
View file @ 304c99a3
......@@ -10,6 +10,8 @@ use Opencast\OpencastController;
use Opencast\Models\VideosUserPerms;
use Opencast\Models\VideosShares;
use Opencast\Models\PlaylistsUserPerms;
use Opencast\Models\Config;
use Opencast\Helpers\PlaylistMigration;
......@@ -25,6 +27,12 @@ class UserRoles extends OpencastController
// parse username, they are of the type lti:instid:1234567890acbdef
$plugin_id = $this->container->get('plugin')->getPluginId();
// Check whether all opencast configs support episode ID role access.
$episode_id_role_access = true;
foreach (Config::findBySQL('1') as $config) {
$episode_id_role_access &= $config->settings['episode_id_role_access'] ?? false;
}
$user_id = null;
$share_uuid = null;
$email = null;
......@@ -45,8 +53,11 @@ class UserRoles extends OpencastController
if (!empty($share_uuid)) {
$video_share = VideosShares::findByUuid($share_uuid);
if (!empty($video_share)) {
$roles[] = $video_share->video->episode . '_read';
$roles[] = 'ROLE_EPISODE_' . $video_share->video->episode . '_READ';
if ($episode_id_role_access) {
$roles[] = 'ROLE_EPISODE_' . $video_share->video->episode . '_READ';
} else {
$roles[] = $video_share->video->episode . '_read';
}
} else {
throw new Error('Share not found', 404);
}
......@@ -96,12 +107,18 @@ class UserRoles extends OpencastController
if (!$vperm->video->episode) continue;
if ($vperm->perm == 'owner' || $vperm->perm == 'write') {
$roles[$vperm->video->episode . '_write'] = $vperm->video->episode . '_write';
$roles['ROLE_EPISODE_' . $vperm->video->episode . '_READ'] = 'ROLE_EPISODE_' . $vperm->video->episode . '_READ';
$roles['ROLE_EPISODE_' . $vperm->video->episode . '_WRITE'] = 'ROLE_EPISODE_' . $vperm->video->episode . '_WRITE';
if ($episode_id_role_access) {
$roles['ROLE_EPISODE_' . $vperm->video->episode . '_READ'] = 'ROLE_EPISODE_' . $vperm->video->episode . '_READ';
$roles['ROLE_EPISODE_' . $vperm->video->episode . '_WRITE'] = 'ROLE_EPISODE_' . $vperm->video->episode . '_WRITE';
} else {
$roles[$vperm->video->episode . '_write'] = $vperm->video->episode . '_write';
}
} else {
$roles[$vperm->video->episode . '_read'] = $vperm->video->episode . '_read';
$roles['ROLE_EPISODE_' . $vperm->video->episode . '_READ'] = 'ROLE_EPISODE_' . $vperm->video->episode . '_READ';
if ($episode_id_role_access) {
$roles['ROLE_EPISODE_' . $vperm->video->episode . '_READ'] = 'ROLE_EPISODE_' . $vperm->video->episode . '_READ';
} else {
$roles[$vperm->video->episode . '_read'] = $vperm->video->episode . '_read';
}
}
}
......@@ -114,8 +131,11 @@ class UserRoles extends OpencastController
$stmt_courseware->execute([':user_id' => $user_id]);
while($episode = $stmt_courseware->fetchColumn()) {
$roles[$episode . '_read'] = $episode . '_read';
$roles['ROLE_EPISODE_' . $episode . '_READ'] = 'ROLE_EPISODE_' . $episode . '_READ';
if ($episode_id_role_access) {
$roles['ROLE_EPISODE_' . $episode . '_READ'] = 'ROLE_EPISODE_' . $episode . '_READ';
} else {
$roles[$episode . '_read'] = $episode . '_read';
}
}
$stmt_courses = \DBManager::get()->prepare("SELECT seminar_id FROM seminar_user
......@@ -162,39 +182,41 @@ class UserRoles extends OpencastController
// Handle playlist roles
// get all playlists the user has permissions on
foreach (PlaylistsUserPerms::findByUser_id($user_id) as $pperm) {
if ($pperm->perm == 'owner' || $pperm->perm == 'write') {
$roles[$pperm->playlist->service_playlist_id . '_write'] = 'PLAYLIST_' . $pperm->playlist->service_playlist_id . '_write';
} else {
$roles[$pperm->playlist->service_playlist_id . '_read'] = 'PLAYLIST_' . $pperm->playlist->service_playlist_id . '_read';
if (PlaylistMigration::isConverted()) {
// get all playlists the user has permissions on
foreach (PlaylistsUserPerms::findByUser_id($user_id) as $pperm) {
if ($pperm->perm == 'owner' || $pperm->perm == 'write') {
$roles[$pperm->playlist->service_playlist_id . '_write'] = 'PLAYLIST_' . $pperm->playlist->service_playlist_id . '_write';
} else {
$roles[$pperm->playlist->service_playlist_id . '_read'] = 'PLAYLIST_' . $pperm->playlist->service_playlist_id . '_read';
}
}
}
// find playlists with write access
$stmt = \DBManager::get()->prepare('SELECT service_playlist_id FROM oc_playlist AS op
// find playlists with write access
$stmt = \DBManager::get()->prepare('SELECT service_playlist_id FROM oc_playlist AS op
INNER JOIN oc_playlist_seminar AS ops ON (ops.playlist_id = op.id)
WHERE ops.seminar_id IN (:courses)'
);
$stmt->bindValue(':courses', $courses_write, \StudipPDO::PARAM_ARRAY);
$stmt->execute();
);
$stmt->bindValue(':courses', $courses_write, \StudipPDO::PARAM_ARRAY);
$stmt->execute();
foreach ($stmt->fetchAll(\PDO::FETCH_COLUMN) as $service_playlist_id) {
$roles[$service_playlist_id . '_write'] = 'PLAYLIST_' . $service_playlist_id . '_write';
}
foreach ($stmt->fetchAll(\PDO::FETCH_COLUMN) as $service_playlist_id) {
$roles[$service_playlist_id . '_write'] = 'PLAYLIST_' . $service_playlist_id . '_write';
}
// find playlists with read access
$stmt = \DBManager::get()->prepare('SELECT service_playlist_id FROM oc_playlist AS op
// find playlists with read access
$stmt = \DBManager::get()->prepare('SELECT service_playlist_id FROM oc_playlist AS op
INNER JOIN oc_playlist_seminar AS ops ON (ops.playlist_id = op.id)
WHERE ops.seminar_id IN (:courses)
AND ops.visibility = "visible"'
);
$stmt->bindValue(':courses', $courses_read, \StudipPDO::PARAM_ARRAY);
$stmt->execute();
);
$stmt->bindValue(':courses', $courses_read, \StudipPDO::PARAM_ARRAY);
$stmt->execute();
foreach ($stmt->fetchAll(\PDO::FETCH_COLUMN) as $service_playlist_id) {
// All seminar members have read permission on visible playlists
$roles[$service_playlist_id . '_read'] = 'PLAYLIST_' . $service_playlist_id . '_read';
foreach ($stmt->fetchAll(\PDO::FETCH_COLUMN) as $service_playlist_id) {
// All seminar members have read permission on visible playlists
$roles[$service_playlist_id . '_read'] = 'PLAYLIST_' . $service_playlist_id . '_read';
}
}
}
} else {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment