Logged in users other than superadmin cannot see recordings in Engage

Steps to reproduce

Steps to reproduce:
1. Upload a recording without assigning it a series
2. Log into matterhorn as a user other than superadmin (e.g. admin1) and go to engage

OR
1. Create a series and assign privileges to ootb roles for Series 1 (instructor, student, admin)
2. Upload a recording, assigning it to the series you created in step 1.
3. Log into matterhorn as as a user other than superadmin (e.g. admin1) and go to engage

Actual Results:
Don't see the recording in the Media Gallery (although if go to the Media Gallery page without being logged in, you do see it. This is correct in the case of the recording with no series, incorrect in the case of the series for which only series 1 roles were given access)

Expected Results:

Workaround (if any):

Activity

Show:
Adam McKenzie
February 7, 2012, 9:50 PM

Hi Xavier,

I went through the following links on my test server to see if any links that should be exposed to all of the users (admin, admin1, student1, anonymous) or shouldn't be exposed to users were available but to me it looks like everything except the videos are still locked down properly.

I wasn't sure how to test the oaipmh and lti links as well I don't know if any services that live at:

192.168.153.131:8080/services/* access='ROLE_ADMIN'
192.168.153.131:8080/users/** access='ROLE_ADMIN'
192.168.153.131:8080/admin/users.html access='ROLE_ADMIN'

Cheers,
Adam

Xavier Butty
February 8, 2012, 10:50 PM

Hi Adam,

I have to say that i don't have much knowledge in this area. How did you test it?

Cheers,
Xavier

Adam McKenzie
February 8, 2012, 11:05 PM

Hi Xavier,

I looked at our default spring security configuration file (https://opencast.jira.com/svn/MH/trunk/docs/felix/conf/security/mh_default_org.xml) and tried to find one asset or web page that fit the requirements for each of those categories. I then classified each of those locations for each of the types of users (anonymous, ROLE_USER, ROLE_COURSE_ADMIN, ROLE_ADMIN) as places they should or shouldn't be able to go. Then I logged in as each user and tried to access all of those links to see if they could or couldn't get to them. I plan to automate this process as part of the integration tests but I am trying to come up with a way that won't break easily

Cheers,
Adam

Tobias Wunden
February 10, 2012, 9:04 AM

Applied patch by Xavier and Lukas

Tobias Wunden
February 10, 2012, 11:20 AM

Reopening to fix role handling in test cases

Assignee

Rüdiger Rolf

Reporter

Judy Stern

Severity

Non Functioning

Tags (folksonomy)

None

Components

Fix versions

Affects versions

Priority

Blocker
Configure