Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT token scope extended to a playlist instead of a resource #2286

Closed
wants to merge 1 commit into from
Closed

JWT token scope extended to a playlist instead of a resource #2286

wants to merge 1 commit into from

Conversation

AlfredPichard
Copy link
Contributor

@AlfredPichard AlfredPichard commented Jun 15, 2023
edited
Loading

See #1342 and #2249

Purpose

The JWT token used in the application (the LTI one) is only focused on a resource (a video or a document). We would like to extend this scope to a playlist. If you can access a resource in a playlist, then you should also have the right to access the other resources in the same playlist.

Proposal

Create a new token focused on playlist access, and a new IsTokenPlaylistRouteObject permission verifying the user has access to a playlist in core.permissions.

Replace IsTokenResourceRouteObject and IsTokenResourceRouteObjectRelated___ occurences by the new IsTokenPlaylistRouteObject in the API in :

  • VideoViewSet
  • ClassroomViewSet
  • DocumentViewSet
  • FileDepositoryViewSet
  • MarkdownDocumentViewSet
    For IsTokenResourceRouteObject

And :

  • TimedTextTrackViewSet
  • LiveSessionViewSet
  • SharedLiveMediaViewSet
  • ThumbnailViewSet
  • class ClassroomDocumentViewSet
    For IsTokenResourceRouteObjectRelated___

@AlfredPichard
♻️(frontend) add a new playlist token
c36ff7d 
add this new playlist token in anticipation to the scope change
from resource token to playlist token
@AlfredPichard AlfredPichard marked this pull request as draft June 16, 2023 08:01
@kernicPanel kernicPanel self-assigned this Jul 10, 2023
@kernicPanel kernicPanel mentioned this pull request Jul 21, 2023
Closed
@kernicPanel kernicPanel mentioned this pull request Aug 8, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@kernicPanel kernicPanel

Labels
WIP
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AlfredPichard @kernicPanel