For this to work virtually every lti user needs to have admin role otherwise the Opencast workflows will fail at some point. To give every LTI user admin rights is obviously not an option in production environments.
Apparently the cronjob Opencast Queue later sets the correct permissions for the user. However, at that point the workflow usually already failed. Or, to make testing more confusing, the cronjob runs at a time where the workflow did not yet touch tasks that would make it fail and thus some workflows succeed.
Consequently, since all the information needed to set the ACL correctly is already known at the time of upload. The correct ACL should be set directly instead of in a cronjob update later on.
Currently the ACL that is initially set on every upload seems to allow only
ROLE_ADMINto handle the event (https://github.com/elan-ev/studip-opencast-plugin/blob/e16cff5c1df61a1034a0829ecd3887d35b51b8a8/vueapp/common/upload.service.js#L14).For this to work virtually every lti user needs to have admin role otherwise the Opencast workflows will fail at some point. To give every LTI user admin rights is obviously not an option in production environments.
Apparently the cronjob Opencast Queue later sets the correct permissions for the user. However, at that point the workflow usually already failed. Or, to make testing more confusing, the cronjob runs at a time where the workflow did not yet touch tasks that would make it fail and thus some workflows succeed.
Consequently, since all the information needed to set the ACL correctly is already known at the time of upload. The correct ACL should be set directly instead of in a cronjob update later on.