To prevent streams marked as "private" from being list anywhere (home page, course page and playlist) for a non course admin user. #1266 should be fixed with this.
(Currently they are listed, but unauthorized visiting of the stream is then blocked by a 403 page)
Description
Changes are done to backend APIs. Private streams of one course are filtered out in the responses, if the user is not admin of that course.
Steps for Testing
I tested using the example database setup, with:
Users:
Stephanie Studi (role: student, not admin of any course)
Anja Admin (role: admin, automatically admin of all courses)
Course "Einführung Brauereiwesen", visibility public, with the following lectures:
VL 1: Was ist Bier? (12:00pm 11.Apr.2022)
VL 2: Wie mache ich Bier? (12:00pm 18.Apr.2022)
VL 3: Rückblick (Sometime in the future)
(Note that VL 2 is more recent than VL 1)
Pre-steps:
Log in as Anja Admin
Edit course "Einführung Brauereiwesen", mark "VL 2: Wie mache ich Bier?" as private
Note that VL 2 is still listed everywhere
Tests:
Log in as Stephanie Studi (or impersonate them in admin panel)
Select the semester of course "Einführung Brauereiwesen" ("Summer 2022" under the example database setup)
Check the homepage:
The "most recent lecture" of "Einführung Brauereiwesen", listed under "My Courses", is dated at 11. Apr. 2022 (VL 2 at 18. Apr. 2022 is ignored)
Under "Recent VODs", VL 1 is listed (VL 2 is ignored)
Check the page for course "Einführung Brauereiwesen": VL 2 is not listed under "VODs"
Watch VL 1, check the playlist: VL 2 is not listed there
Additional tests:
Marking a stream without VoD (currently live, or planned in the future) as private is currently not supported, but can be done by direct edition in the database. If one does so, the private live stream / future lecture is as well then not listed
Motivation and Context
To prevent streams marked as "private" from being list anywhere (home page, course page and playlist) for a non course admin user. #1266 should be fixed with this. (Currently they are listed, but unauthorized visiting of the stream is then blocked by a 403 page)
Description
Changes are done to backend APIs. Private streams of one course are filtered out in the responses, if the user is not admin of that course.
Steps for Testing
I tested using the example database setup, with:
Pre-steps:
Tests:
Additional tests: Marking a stream without VoD (currently live, or planned in the future) as private is currently not supported, but can be done by direct edition in the database. If one does so, the private live stream / future lecture is as well then not listed
Screenshots
1. Home page
As admin:
As student:
2. Course page
As admin:
As student:
3. Playlist
As admin:
As student: