Test Question Pool: Change RBAC for editing and delete

1 Initial Problem

At the time being, we cannot just allow users to take questions from a question pool and use them in their test _and_ prevent them from modifying the questions in the pool. If they can use the questions from the pool they also can edit them.

Reason for this is that in the Test question pool one need only READ permission to edit and delete questions. This is not the case in the question pool of the Survey. There you need EDIT SETTINGS. And in other objects, editing is often linked to EDIT SETTIGS if there is no separate EDIT CONTENT or EDIT PAGE or similar permission.

2 Conceptual Summary

We change the RBAC settings of the Question Pool Test as follows:

• EDIT SETTINGS permission is required for editing test questions in and deleting test question from the pool.
• READ permission only provides the opportunity to read test questions and see the preview.
• READ permission is sufficient to use a question from a question pool in a test.

Existing Questions Pools will be migrated. Roles that actually have READ permission gets also EDIT SETTINGS.

3 User Interface Modifications

3.1 List of Affected Views

• no view is affected

3.2 User Interface Details

The GUI will not be changed.

3.3 New User Interface Concepts

none

3.4 Accessibility Implications

no changes

4 Additional Information

4.1 Involved Authorities

• Authority to Sign off on Conceptual Changes: Strassner, Denis [dstrassner]
• Authority to Sign off Code Changes: Kergomard, Stephan [skergomard], Joußen, Thomas [tjoussen]
  

If this request is related to multiple components, please list both authorities for all related components.

4.2 Technical Aspects

{ Necessary technical information have to be provided here, e.g. dependencies on other ILIAS components, necessary modifications in general services/architecture, potential security or performance issues. }

4.3 Privacy

{ Personal data that will need to be stored or processed to implement this feature have to be listed here. For each date give a short explanation why it is necessary to use that date. }

4.4 Security

{ Does the feature include any special security relevant changes, e.g. the introducion of new endpoints or other new possible attack vectors. If yes, please explain these implications and include a commitment to deliver a written security concept as part of the feature development. This concept will need an additional approvement by the JourFixe. }

4.5 Contact

Person to be contacted in case of questions about the feature or for funding offers:  Strassner, Denis [dstrassner]

4.6 Funding

Funding status and funding parties are listed in the block 'Status of Feature' in the right column of this page.

If you are interested to give funding for this feature, please get into contact with the person mentioned above as 'Contact'.

5 Discussion

6 Implementation

Feature has been implemented by {Please add related profile link of this person}

6.1 Description and Screenshots

{ Description of the final implementation and screenshots if possible. }

6.2 Test Cases

Test cases completed at {date} by {user}

• {Test case number linked to Testrail} : {test case title}

6.3 Privacy

Information in privacy.md of component: updated at {date} by {user} | no change required

6.4 Approval

Approved at {date} by {user}.