In my project I want to create a custom role. That role should be able to read other student's enrollments and progress through the REST API, but shouldn't be able to edit anything. If I assign the permissions view_students and view_others_students to that role, the role is able to do the request:
GET /students/{id}/enrollments/{post_id}
but not the request:
GET /students/{id}/progress/{post_id}
The role needs to have the edit permissions edit_post and edit_students to be able to read other student's progress.
I suggest that the permission view_others_students would be also a valid permission to read another student's progress, or that a new read permission would be created to be able to read the progress without being able to edit anything.
Hi,
In my project I want to create a custom role. That role should be able to read other student's enrollments and progress through the REST API, but shouldn't be able to edit anything. If I assign the permissions
view_studentsandview_others_studentsto that role, the role is able to do the request:GET /students/{id}/enrollments/{post_id}but not the request:GET /students/{id}/progress/{post_id}The role needs to have the edit permissions
edit_postandedit_studentsto be able to read other student's progress.I suggest that the permission
view_others_studentswould be also a valid permission to read another student's progress, or that a new read permission would be created to be able to read the progress without being able to edit anything.I had a discussion on this topic in the Slack channel: https://app.slack.com/client/T0H18E2VB/CCESQHE82/thread/CCESQHE82-1637950147.230000