Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Imported course doesn't set correct ownership #2697

Closed
simondate opened this issue Feb 22, 2023 · 6 comments · Fixed by #2704
Closed

Imported course doesn't set correct ownership #2697

simondate opened this issue Feb 22, 2023 · 6 comments · Fixed by #2704
Labels
S: merged Completed, reviewed, and merged issues T: bug
Milestone
0.11.2

Comments

@simondate
Copy link
Member

Expected Behaviour

When an author imports a course (import account), they should be the owner of the course.

Actual Behaviour

The course that gets imported becomes owned by the AT installation account (Installer account). The import account cannot see the account.

Steps to Reproduce

  1. Create a new AAT
  2. Log into the installer account and add a new user as a super admin (import account)
  3. Log into the import account and import a course
  4. The course is not visible to this importer
  5. Log into the installer account and the course is visible on their dashboard.

Versions

  • Authoring Tool Version: 0.11.1
  • Framework Version: 5.26.0
  • Node.js Version: 14.16.1
  • Operating System: Debian 10
@danbuntu
Copy link

+1 I can confirm this is happening on my fresh install

@simondate
Copy link
Member Author

I've also noticed that the user profile screen shows you are logged in as the installer account

image

@taylortom taylortom added this to the v0.11.2 milestone Mar 23, 2023
@simondate
Copy link
Member Author

@cksachdev -

  • domain is not supported in mongodb driver 4 and above.
  • This issue is caused by the connect-mongodb-session module, version 3.1.1, which the AAT uses MongoDB driver 4, which is causing the issue. Reverting back to version 2.4.1 of this module fixes the issue.
  • It doesn't mean that collectively any dependency shouldn't be using mongodb driver 4 and above. We are using mongoose 5.7.3 with connect-mongodb-session 2.4.1

@simondate
Copy link
Member Author

simondate commented Apr 17, 2023
edited
Loading

I will apply this change to my own trial server and look for volunteers to help me test it further.

EDIT - I've changed the node module version and everything appears to be working fine. However, I ideally would like to have some concurrent users to test this with. I'll raise this on the 18th April meeting.

The main two issues (from my experience) are:

  1. imported courses always become owned by the super admin (who set up the AAT)
  2. Sessions seem to get mixed up, when you go onto certain screens (such as the user profile screen, shown above) or the user or plugin management screens, you might get shown someone else's details. If they aren't an admin you can be prevented from accessing user/pluigin management features.

@simondate
Copy link
Member Author

Seems to have been an issue 3 years ago (but was fixed then) #2540

@simondate
Copy link
Member Author

On a production AT with 15+ users I reverted the Mongoose version back to 5.8.13, which was the version reverted back to in the above issue and they have reported that everything seems to be working fine.

I'll create a PR for this version and once done I think everything will be ready for a 0.11.2 release.

@simondate simondate mentioned this issue May 14, 2023
Merged
cksachdev added a commit that referenced this issue May 15, 2023
@cksachdev
fix #2697
cb973f9 
#### Fixing domainsEnabled issue in Adapt Authoring
If you are getting following error in console
```
(node:23152) [DEP0097] DeprecationWarning: Using a domain property in MakeCallback is deprecated. Use the async_context variant of MakeCallback or the AsyncResource class instead. (Triggered by calling processImmediate on process.)
(Use `node --trace-deprecation ...` to show where the warning was created)
```
Then follow the steps mentioned below:
Steps:
1. Application.js
	1. Modify connection options with domainsEnabled for connect-mongodb-session
	2. Instead of requestDomain.enter use requestDomain.run(next) and comment next()
2. permissions.js inside policyChecker function
	1. Line 497, update to
		1. const user = app.usermanager.getCurrentUser() || JSON.parse(JSON.stringify(req.session.passport.user));
3. Manually install
	1. npm i [email protected]
	2. npm i [email protected]
@taylortom taylortom mentioned this issue May 19, 2023
Merged
3 tasks
@taylortom taylortom added S: merged Completed, reviewed, and merged issues T: bug labels Aug 14, 2023
@taylortom taylortom changed the title Imported courses ownership Imported course doesn't set correct ownership Aug 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
S: merged Completed, reviewed, and merged issues T: bug
Projects
None yet
Milestone
0.11.2
Development

Successfully merging a pull request may close this issue.

Reverted to stable Mongoose version adaptlearning/adapt_authoring
3 participants
@danbuntu @taylortom @simondate