elan-ev / tobira

Video portal for Opencast
https://elan-ev.github.io/tobira/
Apache License 2.0
24 stars 17 forks source link

Change default of `auth.roles.editor` to `ROLE_USER` (allowing everyone to use the editor) #1203

Open LukasKalbertodt opened 4 months ago

LukasKalbertodt commented 4 months ago

The editor button is only shown for events that the user has write access to. So unlike the permissions for Studio and the uploader, there are other pre-conditions and generally, the risk of users abusing this power is a lot lower. Again: they had to be given write access to an event first.

There are very few reasons to disable the editor for users. For example, if there are custom workflows that don't work with the editor, or if users are supposed to use some other software for editing videos. On the other hand, having the editor button not show up for users with write access to a video can cause lots of confusion. So I think changing the default is a good idea.

Unfortunately, there is still one main reason to disable the editor: #600. So this issue is blocked by #600 and we should only change the default once we can make sure the auth works all the time.

oas777 commented 4 months ago

Quick question mainly for my understanding: This would allow everyone to see (and use) the editor

Correct?

LukasKalbertodt commented 4 months ago

Yes, but the second point is redundant as users have write-access to their own videos. (At least unless taken away somehow, but that's super rare). So the statement can be shortened to: "This would allow everyone to see (and use) the editor for videos they have write-access to."