internal API: Problem when adding an owner that is not present on Opencast-Server

[okaufman]

Describe the bug
We use the internal API to create series. We like to give the Ilias-object of the opencast-series the owner root. This owner does not make sense to the opencast-server and when we send root as owner to opencast, the series doe not get created.
As far as I can see, there is no need to send the owner to the opencast server. The owner gets treated the same way as "producers" gets treated by opencast.

To Reproduce
Steps to reproduce the behavior:
You can reproduce this bug only, if you use the internal-api with some other plugin on you ilias-installation.

Expected behavior
I woud like to name root as the owner of the ilias object. I would like for the opencast-series to still be created without the root user being sent to the opencast-server

Environment (please complete the following information):

• ILIAS version: 7.16
• PHP version: 7.3
• Plugin version: 5.1.0
• Opencast version 12.0.0

[mtneug]

Opencast does not care about the role name. It is possible to add custom role names, but by default, the Opencast Admin UI limits the selection. I would expect the error to be something else.

[reiferschris]

I'm not quite sure if I understand the problem.
You want to create the ilias object via an API in ILIAS therefore root (ilias root user) becomes the owner of that object in ilias, correct?
I thought that only users that are in the local auto generated role course admin would be transferred to opencast. While the owner indicates who is responsible. The owner can only be changed if you enable set permissions per event.

At least educast already uses the ROLE_OWNER_XYZ. And we (UoC and educast) do not use the producer group. Therefore, I would not agree with your assumption in your description of the bug. I am however fine with your suggestion in the expected behaviour that no ROLE_OWNER_ROOT is set.

If I made false assumptions about this we should discuss this in more detail because it sounds like something that could potentially interfere with other use cases.

[okaufman]

I'm not quite sure if I understand the problem. You want to create the ilias object via an API in ILIAS therefore root (ilias root user) becomes the owner of that object in ilias, correct?

yes

I thought that only users that are in the local auto generated role course admin would be transferred to opencast. While the owner indicates who is responsible. The owner can only be changed if you enable set permissions per event.

The readme of the internal API (https://github.com/opencast-ilias/OpenCast/blob/main/classes/Service/README.md) says about the owner:
'ILIAS user id which will be set as the object's owner. This user will also receive producers rights on this series in Opencast.'
So in theory the account should also be added to the series in opencast.
"producers rights" does not mean you have to use the producers group in the plugin config. It means the "owner" will only receive the regular user rights on the series.

At least educast already uses the ROLE_OWNER_XYZ. And we (UoC and educast) do not use the producer group. Therefore, I would not agree with your assumption in your description of the bug. I am however fine with your suggestion in the expected behaviour that no ROLE_OWNER_ROOT is set.

The owner-role defined over the plugin-config doesn't really influence the "owner" that is sent when using the internal API to create a series. The 'ROLE_OWNER_XYZ' would still be used when creating events. In series the 'ROLE_OWNER_XYZ' never gets set.

If I made false assumptions about this we should discuss this in more detail because it sounds like something that could potentially interfere with other use cases.

I know that this could interfere with someone using the internal API. But if someone wanted to use the API with "owner" as is, they could send the owner they want to send over the "producers"-parameter as well as the "owner"-parameter. Then everything would continue to work the same for them. I do not know if somebody else actually uses the "owner"-parameter with the internal API.

[reiferschris]

Ok thanks for the explanation. Seems like there was indeed a misunderstanding on my side regarding internal api and what you mean by owner of the ilias object. Do you know if the event object uses this internal api?

I still don't quite understand what solution/workaround you suggest. Not granting the user that owns the ilias object any permissions in opencast? That sounds reasonable because those should be derived from the course/group admin/member roles IMHO.

[okaufman]

Owner of the ilias-Object is the Account that is shown under "owner", when you click on the "Info"-Tab in a Opencast-Series.
I do want to no longer send that Account to the Opencast-Server so that person wont have any rights on the opencast-server.

In the OpencastEvent-Plugin the xoctSeriesAPI is not used. I would want to change this file, so I don't think it would have any effect on that plugin.