Feature Wiki

Information about planned and released features

Tabs

Permission to upload HTML5 content

Page Overview

1 Initial Problem
2 Conceptual Summary
3 User Interface Modifications
- 3.1 List of Affected Views
- 3.2 User Interface Details
- 3.3 New User Interface Concepts
4 Technical Information
5 Contact
6 Funding
7 Discussion
8 Implementation

1 Initial Problem

As long as not prevented in the Administration of Media Objects and Pools, ILIAS allows to upload HTML5 content as media content. This capability is necessary to embed HTML5-based animations and content in learning content produced with the ILIAS page editor. But it also could be a gateway to infect ILIAS with bad code because everybody with access to the ILIAS page editor (e.g. in portfolios or groups) could upload such infected HTML code. At the time being, a system administrator can only prevent the upload of HTML content as media object in general (for all users). It would be very helpful if the upload of HTML content in media objects could be restricted to a known group of users.

2 Conceptual Summary

ILIAS should be able to control which users are allowed to upload HTML content. This should be done role-based controlled. A local role in the administration of media objects with a related permission should be checked for this.

A new setting "Role-based upload of HTML content" (checkbox) is introduced to 'Administration » Media Objects and Pools'.
A new permission "Upload HTML content" is introduced to the permission node of 'Administration » Media Objects and Pools'.

If the setting "Role-based upload of HTML content" is enabled, the permission "Upload HTML content" will be checked when media objects are uploaded. In case HTML content is uploaded and no permission is given, the upload is prevented and an error message is thrown. The byline for this setting has to explain the impact of this setting. A "reference" of this setting should be added to 'Administration » Privacy and Security : Security', too.

3 User Interface Modifications

3.1 List of Affected Views

Administration » Media Objects and Pools : Settings
Administration » Media Objects and Pools : Permissions : Object Permission Settings
Administration » Privacy and Security : Security

3.2 User Interface Details

1.) New checkbox in 'Administration » Media Objects and Pools', tab 'Settings':

Text for setting: "Role-based upload of HTML content"
Text for byline: "If enabled, HTML content can only be uploaded as media object when related permission 'HTML content upload' is given.

2.) New permission in 'Administration » Media Objects and Pools', tab 'Permissions', sub-tab 'Object Permission Settings'.

Text for permission: "Upload HTML content"
Text for description: "Allows upload of HTML content as media object"

3.) New setting (reference) in 'Administration » Privacy and Security : Security' that mirrors setting in 1.

3.3 New User Interface Concepts

No new UI elements

4 Technical Information

5 Contact

Author of the Request: Kunkel, Matthias [mkunkel]
Maintainer: Killing, Alexander [alex]
Implementation of the feature is done by: {The maintainer must add the name of the implementing developer.}

6 Funding

If you are interest in funding this feature, please add your name and institution to this list.

DHBW

7 Discussion

Lorenz, Katharina [klorenz] 2019-03-06: There is a new feature request that takes a general approach and solves the problem described here.

8 Implementation

{The maintainer has to give a description of the final implementation and add screenshots if possible.}

Test Cases

Test cases completed at {date} by {user}

{Test case number linked to Testrail} : {test case title}

Approval

Approved at {date} by {user}.

Last edited: 6. Mar 2019, 16:33, Schmid, Fabian [fschmid]