Skip to content
Snippets Groups Projects
Commit 304c99a3 authored by Dennis Benz's avatar Dennis Benz
Browse files

Reduce user roles to pevent errors in Opencast (#1340) 

* Reduce user roles by checking config setting `episode_id_role_access`

* Fix broken playlist roles by adding playlist migration check

(cherry picked from commit 54735d93)
parent 3af327ee
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
lib/Routes/Opencast/UserRoles.php
+ 54
32
View file @ 304c99a3
...@@ -10,6 +10,8 @@ use Opencast\OpencastController; ...@@ -10,6 +10,8 @@ use Opencast\OpencastController;
use Opencast\Models\VideosUserPerms; use Opencast\Models\VideosUserPerms;
use Opencast\Models\VideosShares; use Opencast\Models\VideosShares;
use Opencast\Models\PlaylistsUserPerms; use Opencast\Models\PlaylistsUserPerms;
use Opencast\Models\Config;
use Opencast\Helpers\PlaylistMigration;
...@@ -25,6 +27,12 @@ class UserRoles extends OpencastController ...@@ -25,6 +27,12 @@ class UserRoles extends OpencastController
// parse username, they are of the type lti:instid:1234567890acbdef // parse username, they are of the type lti:instid:1234567890acbdef
$plugin_id = $this->container->get('plugin')->getPluginId(); $plugin_id = $this->container->get('plugin')->getPluginId();
// Check whether all opencast configs support episode ID role access.
$episode_id_role_access = true;
foreach (Config::findBySQL('1') as $config) {
$episode_id_role_access &= $config->settings['episode_id_role_access'] ?? false;
}
$user_id = null; $user_id = null;
$share_uuid = null; $share_uuid = null;
$email = null; $email = null;
...@@ -45,8 +53,11 @@ class UserRoles extends OpencastController ...@@ -45,8 +53,11 @@ class UserRoles extends OpencastController
if (!empty($share_uuid)) { if (!empty($share_uuid)) {
$video_share = VideosShares::findByUuid($share_uuid); $video_share = VideosShares::findByUuid($share_uuid);
if (!empty($video_share)) { if (!empty($video_share)) {
$roles[] = $video_share->video->episode . '_read'; if ($episode_id_role_access) {
$roles[] = 'ROLE_EPISODE_' . $video_share->video->episode . '_READ'; $roles[] = 'ROLE_EPISODE_' . $video_share->video->episode . '_READ';
} else {
$roles[] = $video_share->video->episode . '_read';
}
} else { } else {
throw new Error('Share not found', 404); throw new Error('Share not found', 404);
} }
...@@ -96,12 +107,18 @@ class UserRoles extends OpencastController ...@@ -96,12 +107,18 @@ class UserRoles extends OpencastController
if (!$vperm->video->episode) continue; if (!$vperm->video->episode) continue;
if ($vperm->perm == 'owner' || $vperm->perm == 'write') { if ($vperm->perm == 'owner' || $vperm->perm == 'write') {
$roles[$vperm->video->episode . '_write'] = $vperm->video->episode . '_write'; if ($episode_id_role_access) {
$roles['ROLE_EPISODE_' . $vperm->video->episode . '_READ'] = 'ROLE_EPISODE_' . $vperm->video->episode . '_READ'; $roles['ROLE_EPISODE_' . $vperm->video->episode . '_READ'] = 'ROLE_EPISODE_' . $vperm->video->episode . '_READ';
$roles['ROLE_EPISODE_' . $vperm->video->episode . '_WRITE'] = 'ROLE_EPISODE_' . $vperm->video->episode . '_WRITE'; $roles['ROLE_EPISODE_' . $vperm->video->episode . '_WRITE'] = 'ROLE_EPISODE_' . $vperm->video->episode . '_WRITE';
} else { } else {
$roles[$vperm->video->episode . '_read'] = $vperm->video->episode . '_read'; $roles[$vperm->video->episode . '_write'] = $vperm->video->episode . '_write';
}
} else {
if ($episode_id_role_access) {
$roles['ROLE_EPISODE_' . $vperm->video->episode . '_READ'] = 'ROLE_EPISODE_' . $vperm->video->episode . '_READ'; $roles['ROLE_EPISODE_' . $vperm->video->episode . '_READ'] = 'ROLE_EPISODE_' . $vperm->video->episode . '_READ';
} else {
$roles[$vperm->video->episode . '_read'] = $vperm->video->episode . '_read';
}
} }
} }
...@@ -114,8 +131,11 @@ class UserRoles extends OpencastController ...@@ -114,8 +131,11 @@ class UserRoles extends OpencastController
$stmt_courseware->execute([':user_id' => $user_id]); $stmt_courseware->execute([':user_id' => $user_id]);
while($episode = $stmt_courseware->fetchColumn()) { while($episode = $stmt_courseware->fetchColumn()) {
$roles[$episode . '_read'] = $episode . '_read'; if ($episode_id_role_access) {
$roles['ROLE_EPISODE_' . $episode . '_READ'] = 'ROLE_EPISODE_' . $episode . '_READ'; $roles['ROLE_EPISODE_' . $episode . '_READ'] = 'ROLE_EPISODE_' . $episode . '_READ';
} else {
$roles[$episode . '_read'] = $episode . '_read';
}
} }
$stmt_courses = \DBManager::get()->prepare("SELECT seminar_id FROM seminar_user $stmt_courses = \DBManager::get()->prepare("SELECT seminar_id FROM seminar_user
...@@ -162,6 +182,7 @@ class UserRoles extends OpencastController ...@@ -162,6 +182,7 @@ class UserRoles extends OpencastController
// Handle playlist roles // Handle playlist roles
if (PlaylistMigration::isConverted()) {
// get all playlists the user has permissions on // get all playlists the user has permissions on
foreach (PlaylistsUserPerms::findByUser_id($user_id) as $pperm) { foreach (PlaylistsUserPerms::findByUser_id($user_id) as $pperm) {
if ($pperm->perm == 'owner' || $pperm->perm == 'write') { if ($pperm->perm == 'owner' || $pperm->perm == 'write') {
...@@ -197,6 +218,7 @@ class UserRoles extends OpencastController ...@@ -197,6 +218,7 @@ class UserRoles extends OpencastController
$roles[$service_playlist_id . '_read'] = 'PLAYLIST_' . $service_playlist_id . '_read'; $roles[$service_playlist_id . '_read'] = 'PLAYLIST_' . $service_playlist_id . '_read';
} }
} }
}
} else { } else {
throw new Error('User not found', 404); throw new Error('User not found', 404);
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment