In the past OpenOLAT granted full author rights for users who have been added to a course as owner by another course owner. We call those users co-authors as they do not have the author role but only the author rights. In the user management those users appear in the co-author listing.
The Roles object so far checked for the author rights and not the role. This can have side effects when using the isGlobalAuthor() expert rule or it is intended to limit some content to real authors only. As every course owner can assign those rights even to students, the situation can get easily out of control. It is also not the expected behavior that the co-authors are global authors even though they do not have this role assignment.
Thus the code must be changed:
- The Roles object will not check for rights but for the roles configuration
- The admin role as a special case returns true for all other roles (except for the anonymous of course)
Special care must be taken:
- No author role toolboxes for co-authors in repository site to create new resources etc.
- My entries menu for co-authors even though not authors
- No access to BA repository entries for co-authors
- No selection and preview of BA repository entries for co-authors in the repository search workflow
- Uploading of new repository entries by from within course element should be possible for co-authors (e.g. upload SCORM module in repo site not possible as toolbox not available, however possible within the course where the co-author can upload it directly and the repo entry will be created on-the-fly.)