dhelmert
commented
3 years ago The call would be: if lecturer: 1) Fetch all courses of the invoking lecturer 2) Fetch all CourseAdmissions to all courses of the lecturer 3) From that, retrieve list of all enrollmentIds of students that are in his courses; these he is allowed to fetch
Now, step 2) requires a query to HL for every one of the lecturer's courses, since getCourseAdmission only takes a single courseId as filter, not multiple. This needs an api change to take multiple courseIds, otherwise this call might take way too long.
So, this issue is postponed until api changes can be made.
A Lecturer should only be able to fetch the usernames of enrollmentIds, which were enrolled in one of his courses (at one point), or one of his exams