Feature Wiki

Information about planned and released features

Tabs

Permission Control for Media Objects

Page Overview

1 Initial Problem
2 Conceptual Summary
3 User Interface Modifications
- 3.1 List of Affected Views
- 3.2 User Interface Details
- 3.3 New User Interface Concepts
- 3.4 Accessibility Implications
4 Technical Information
5 Privacy
6 Security
7 Contact
8 Funding
9 Discussion
10 Implementation

1 Initial Problem

Media Objects in ILIAS are not under RBAC control directly since they are nor repository objects themselves. Access to media objects is controled by the container object, e.g. a media pool or a learning module containing a page with media objects.

Additionally media objects are referenced easily when copying content or when storing and re-using media objects in the clipboard. It is not possible to share/re-use media objects in a "read only" manner.

2 Conceptual Summary

With Supported Formats for Media Objects the media types supported are limited and can potentially be adressed by permissions. This proposal suggests to add a general and a HTML specific global permission to control media object editing on the administrative node "Media Objects and Pools".

Additionally it should be possible to optionally assign each media object to one permission container. For new created media objects the permission container is set per default to the current container object (e.g. learning module, media pool, ...). Properties of the media object can only be edited in the permission container. If the media object is referenced in additional container objects, no properties of the media object can be edited. Only instance properties in page editor content can be changed.

Since current media objects do not have any permission container assigned, and permission container may be deleted in general, an option to change the permission container will be available, if the global permission to do so is given.

New permissions on node "Media Objects and Pools":

Edit Media Objects (per default granted to the standard roles, not anonymous)
Edit HTML Media Objects (needed for editing HTML media objects, per default not granted for any role)
Change Permission Container

3 User Interface Modifications

3.1 List of Affected Views

Permission screen for "Media Objects and Pools"
Usage screen of Media Objects

3.2 User Interface Details

Permission screen for "Media Objects and Pools"

Three new checkboxes will appear for the new permissions.

Usage Screen of Media Objects

A Info Message Box will be added to the top of the screen stating the current "Permission Container".
If the user has "Change Permission Container" permission, a button "Change Permission Container" will appear in the message box. On click a modal will open and present a form with a selection dropdown containing all current container using the media object. The user selects another container and clicks save.

3.3 New User Interface Concepts

No new interface objects.

3.4 Accessibility Implications

No accessibility implications.

4 Technical Information

No technical issues.

5 Privacy

Current state of privacy for media objects:

https://github.com/ILIAS-eLearning/ILIAS/blob/trunk/Services/MediaObjects/PRIVACY.md

This suggestion does not include any additional privacy related functionality. Users will be assigned to the new permissions via RBAC as ususal.

6 Security

This request adds additional permissions and mechanisms to control the editing of media objects. This should improve the security especially for institutions that have to use HTML content, since it allows to control and restrict the number of users being able to do so.

7 Contact

Author of the Request: Killing, Alexander [alex]
Maintainer: Killing, Alexander [alex]
Implementation of the feature is done by: {The maintainer must add the name of the implementing developer.}

8 Funding

If you are interest in funding this feature, please add your name and institution to this list.

9 Discussion

Kergomard, Stephan [skergomard], 8 NOV 2023: I don't think we should do this, as it will complicate any refactoring of the `RBAC` considerably. As far as I can see, we do not have a corresponding use case yet, right? The refactoring of `RBAC` will need to come and I urge the community to not make it any more difficult as it already is.

JourFixe, ILIAS [jourfixe], 13 NOV 2023: We postpone the decision about this FR as it is strongly related to the decision about Create HTML Media Objects from HTML Snippets.

10 Implementation

{ The maintainer has to give a description of the final implementation and add screenshots if possible. }

Test Cases

Test cases completed at {date} by {user}

{Test case number linked to Testrail} : {test case title}

Privacy

Information in privacy.md of component: updated on {date} by {user} | no change required

Approval

Approved at {date} by {user}.

Last edited: 13. Nov 2023, 15:07, Kunkel, Matthias [mkunkel]