Comments (4)
thomasplevy
commented on August 24, 2024
1
From the PR:
Can you please review this with particular attention to the LLMS_REST_Enrollments_Controller::handle_creation_date()
I'm not sure whether that's the kind of creation date update you wanted (with direct alteration of the updated_date db table column for that enrollment meta whose value is _start_date), with NO effects on the "enrollment's update date".
This looks good enough. It's not ideal but I think that's more because of the way the existing db is structured. It works. We can improve later. Nice work.
Also please take a look at the permissions, I thought that enrollments can only be listed to those who can 'view_others_lifterlms_reports', mimicking the lllms core.
I think we want to do something more like this (using new caps I added last week to the core): https://github.com/gocodebox/lifterlms-rest/blob/master/includes/server/class-llms-rest-students-controller.php#L163-L183 and https://github.com/gocodebox/lifterlms-rest/blob/master/includes/server/class-llms-rest-students-controller.php#L42-L58
The view_students cap will check to see if the current can view the student in question.
An admin/manager will get to see everyone. An instructor/assistant can see only students enrolled in their courses/memberships and everyone else can only see themselves.
Here's the logic in the core: https://github.com/gocodebox/lifterlms/blob/master/includes/class.llms.user.permissions.php#L166
While the current reporting in the core does rely on the view_lifterlms_reports the api can use these new permissions.
For today this is fine though.
from lifterlms-rest.
eri-trabiccolo
commented on August 24, 2024
1
I think we can close this.
from lifterlms-rest.
eri-trabiccolo
commented on August 24, 2024
Status of this resource:
- List
- Create
- Retrieve
- Update
- Delete
- List Content
- Test Coverage 90% or greater
Test Coverage at the moment is at 87%.
Also not sure if it what I wrote here has been looked into.
from lifterlms-rest.
eri-trabiccolo
commented on August 24, 2024
I'm on this.
So... I leave the update/create/delete permissions as they are right now: current_user_can('enroll') && || current_user_can('unenroll')
The single enrollment read permission will become as you suggested:
current_user_can( 'view_students', $enrollment->student_id )
While, listing the enrollments will be allowed to anyone as we do for llms posts:
https://github.com/gocodebox/lifterlms-rest/blob/1.0.0-beta.3/includes/abstracts/class-llms-rest-posts-controller.php#L99
keeping in mind that, when processing the collection, the single enrollment read permissions will be check as above.
[Edit] I might make this a little more complex actually, as when we're listing a single student enrollment I can already check if the current user can view this student and forbid the access.
from lifterlms-rest.
Related Issues (20)
- Cannot enable access plan `forced_redirect` property
- Creating or Updating access plans when there are 6 (max) plans associated with a course/membership results in errors
- Enrollment status update provides two triggers HOT 3
- Improve github pages (specs) cache busting
- Changing the Parent_ID for a lesson trigger using the API triggers an error HOT 2
- CodeQL Error
- Improve response fields filtering HOT 1
- multiple webhooks, same topic HOT 2
- Avoid fatals when searching for courses/memberships but the query post type parameter is forced to be something else
- Setup webhook automatic retries HOT 2
- Add webhook failure email (and admin?) notice(s)
- In the get enrollments for student API call I think there is an error where the pages available is greater than the actual pages for the paginated call. Happens when the page size is equal to the enrolments. HOT 2
- Try enrolling a user with ID 0 into a course: the current user will be enrolled into the course
- PHP Notice when listing API keys.
- Expose assignments and grades through REST API
- test
- Test
- test
- Student endpoint /wp-json/llms/v1/students also returns non-students. HOT 1
- Inform the user that they need to use HTTPS instead of HTTP when usage of HTTP is the problem.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lifterlms-rest.