Feature Wiki

Information about planned and released features

Tabs

Extend Booking Tool Permission

Page Overview

[Hide]

1 Initial Problem
2 Conceptual Summary
3 User Interface Modifications
- 3.1 List of Affected Views
- 3.2 User Interface Details
- 3.3 New User Interface Concepts
- 3.4 Accessibility Implications
4 Technical Information
5 Privacy
6 Security
7 Contact
8 Funding
9 Discussion
10 Implementation

1 Initial Problem

Booking tools are used in a variety of ways. If course administrators want to assign topics, e.g. for a final paper or a presentation, using a booking tool, learners should not be able to cancel or delete the reservation afterwards.
If a role has the "Edit Settings"-permission, it can manage reservations of other users. Many users are not aware of this. To make the behavior more understandable, the permission "Edit Settings" should be divided.

2 Conceptual Summary

For this reason, the rights of the booking tool should be extended as follows:

The permission "Manage own Reservations" is to be introduced. Topics, rooms or times should only be assigned by tutors or course admins, this permission controls whether a role e.g. course members can book booking objects and delete or cancel reservations their own reservations.
The permission "Manage all Reservations" is to be introduced. This permission controls whether a role is allowed to book booking objects, delete or cancel bookings for all users.

3 User Interface Modifications

3.1 List of Affected Views

Booking Tool » Permission

3.2 User Interface Details

See Conceptual Summary.

3.3 New User Interface Concepts

None.

3.4 Accessibility Implications

No accessiblity issues.

4 Technical Information

No technical issues.

5 Privacy

For current state see: https://github.com/ILIAS-eLearning/ILIAS/blob/trunk/Modules/BookingManager/PRIVACY.md

Privacy related changes due to this feature:

The creation and deletion of own reservations is controlled by the new "Manage Own Reservations" permission.
The creation and deletion of reservations for other users is controlled by the new "Manage All Reservations" permission.

6 Security

No security issues. The new permissions must be set accordingly.

7 Contact

Author of the Request: Zenzen, Enrico [ezenzen]
Maintainer: Killing, Alexander [alex]
Implementation of the feature is done by: {The maintainer must add the name of the implementing developer.}

8 Funding

If you are interest in funding this feature, please add your name and institution to this list.

9 Discussion

Kunkel, Matthias [mkunkel], 06 JUN 2023: How will the migration be realised? I assume, roles with EDIT SETTINGS in 8 will have the both new permissions as well. But what about the several permission templates, e.g. course tutors?

JourFixe, ILIAS [jourfixe], 12 JUN 2023: We highly appreciate this suggestion and accept the feature request for ILIAS 9. Existing permission in ILIAS 8 will be kept after migrating to 9 (a role that is allowed to edit settings can manage all reservations). A short statement about the new impact of the permission with 9 in chap. 10 would be highly appreciated.

Kunkel, Matthias [mkunkel], 12 JUN 2023: I just want to clarify the implications of the current permissions in booking pools:

READ ➞ A user can see available booking objects (if pool is online), make own bookings, see personal reservations and cancel them. User sees also bookings of other users – if related setting is activated.
EDIT SETTINGS ➞ A user can make bookings for oneself and for other users, as well as canceling all of them. User can create booking objects, edit the settings of them and the pool as a whole, create and edit schedules, a.s.o.

When I understand the actual feature request correctly, the future behavious will be as follows:

READ ➞ A user can see available booking objects and already made bookings (reservations). If activated, the user sees also the reservations of other users. But is no longer able to make own bookings.
MANAGE OWN RESERVATIONS ➞ A user can see available booking objects and make bookings for himself.
MANAGE ALL RESERVATIONS ➞ A user can make bookings for oneself and for other users, as well as canceling all of them.
EDIT SETTINGS ➞ A user can create booking objects, edit the settings of them and of the pool as a whole, create and edit schedules, a.s.o. But the user can neither create bookings for himherself nor for others.

If this assumption is correct, the permission migration of existing roles and role templates has to be as follows:

Current permission READ ➞ READ and MANAGE OWN RESERVATIONS
Current permission EDIT SETTINGS ➞ MANAGE ALL RESERVATIONS and EDIT SETTINGS

25 Mar 2024, Killing, Alexander [alex]: Yes, this is correct.

JourFixe, ILIAS [jourfixe], 29 APR 2024: We still would like to have this feature and re-schedule it for ILIAS 10 / trunk. Please contact the test case author for RBAC, Kunkel, Matthias [mkunkel], when creating the related test cases.

10 Implementation

Implemented as outlined under "2 Conceptual Summary".

Test Cases

Test cases completed at 19.09.2024 by Elagamy, Ahmed [Ahmed]

Privacy

Information in privacy.md of component: updated on {date} by {user} | no change required

Approval

Approved at 04.10.2024 by Schulz, Britta [BKSchulz]

Last edited: 25. Oct 2024, 15:00, Elagamy, Ahmed [Ahmed]