all

2026-05-05 20:23:26 -04:00 · 2026-04-20 09:46:39 +03:00
parent 1261719996
commit 9539741d11
8 changed files with 66 additions and 19 deletions
@@ -700,7 +700,8 @@ class EmbedMediaLTIView(View):
        if lti_session and request.user.is_authenticated:
            context_id = lti_session.get('context_id')
            platform_id = lti_session.get('platform_id')
-            if context_id and platform_id:
+
+            if media.is_shared and context_id and platform_id:
                try:
                    resource_link = (
                        LTIResourceLink.objects.filter(
@@ -728,6 +729,18 @@ class EmbedMediaLTIView(View):
                except Exception:
                    logger.exception('EmbedMediaLTIView: error checking course access for user=%s media=%s', request.user, friendly_token)

+            if not can_view and media.state == 'private':
+                has_rbac_access = media.category.filter(
+                    is_rbac_category=True,
+                    rbac_groups__members=request.user,
+                ).exists()
+                has_direct_permission = MediaPermission.objects.filter(
+                    media=media,
+                    user=request.user,
+                ).exists()
+                if has_rbac_access or has_direct_permission:
+                    can_view = True
+
        if not can_view and media.state in ["public", "unlisted"]:
            can_view = True