Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Class coaches can access class pages even when they are not assigned to the class
See original GitHub issueObserved behavior
~I can access the class groups rename form as coach but I have 403 error after I submit it.~
Class Coaches can access a classroom page even if they are not assigned to the classroom.
Expected behavior
~The class groups rename form most not accessible in coach.~
Pages from classrooms not assigned to the coach should not be accessible to the coach.
It should be redirected in the auth-message refer at the screenshot below
Steps to reproduce
- Log in as admin, then navigate at
class groupspage then copy the link. - Log out as admin then Log in as coach then navigate at the
class groupspage using the link. - Try to rename a class groups then submit it.
Context
Tell us about your environment, including:
- Kolibri 0.10.0.dev1.dev+git-33-g268dd8a
- macOS 10.13.3
- Chome Version 65.0.3325.181 (Official Build) (64-bit)
…
Issue Analytics
- State:
- Created 5 years ago
- Comments:23 (23 by maintainers)
Top Results From Across the Web
My students joined my class, but they can't see it or any of my ...
If your student has successfully joined a class but they don't see it appear on their Learner Home page, it might be because...
Read more >How do I disable my students' access to last year's class?
Go to your old Canvas classroom,; Click on Settings,; Scroll down to the Course start/stop 3end dates fields, and enter an end date...
Read more >Teachers' Essential Guide to Google Classroom
Digitally organize, distribute, and collect assignments, course materials (think: videos, websites, PDFs, and more), and student work. Teachers ...
Read more >Frequently Asked Questions - Protecting Student Privacy
No, not automatically. These officials may be considered “school officials” with “legitimate educational interests” and have access to students' education ...
Read more >Getting Started Guide - Apex Learning Virtual School
Coaches receive a Weekly Progress report via email. This report shows summary and detailed progress information for all the courses a student is...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I think @ralphiee22’s solution is the right one, so that we can make role checks on the frontend more granular, but we should bump this to 0.12.
@ralphiee22 This came up when we were implementing class coaches. Should we change the permissions for Classrooms so not-assigned-to-this-class Coaches get a 40X error when going to these pages?