wtv

cms/version.py

@@ -1 +1 @@
-VERSION = "8.0.1f"
+VERSION = "8.0.1h"

files/urls.py

@@ -69,7 +69,7 @@ urlpatterns = [
     re_path(r"^api/v1/search$", views.MediaSearch.as_view()),
     re_path(
         rf"^api/v1/media/{friendly_token}/share$",
-        views.MediaShare.as_view(),
+        views.media_share,
     ),
     re_path(
         rf"^api/v1/media/{friendly_token}/actions$",

files/views/__init__.py

@@ -9,7 +9,7 @@ from .media import MediaBulkUserActions  # noqa: F401
 from .media import MediaDetail  # noqa: F401
 from .media import MediaList  # noqa: F401
 from .media import MediaSearch  # noqa: F401
-from .media import MediaShare  # noqa: F401
+from .media import media_share  # noqa: F401
 from .pages import about  # noqa: F401
 from .pages import add_subtitle  # noqa: F401
 from .pages import approval_required  # noqa: F401

files/views/media.py

@@ -3,9 +3,10 @@ from datetime import datetime, timedelta
 from django.conf import settings
 from django.contrib.postgres.search import SearchQuery
 from django.db.models import Count, F, Prefetch, Q, prefetch_related_objects
+from django.http import HttpResponse
 from django.shortcuts import get_object_or_404
-from django.utils.decorators import method_decorator
 from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.http import require_POST
 from drf_yasg import openapi
 from drf_yasg.utils import swagger_auto_schema
 from rest_framework import permissions, status
@@ -1237,27 +1238,27 @@ class MediaSearch(APIView):
             return paginator.get_paginated_response(serializer.data)
 
 
-@method_decorator(csrf_exempt, name='dispatch')
-class MediaShare(APIView):
+@csrf_exempt
+@require_POST
+def media_share(request, friendly_token):
     """Mark a media item as shared when the owner embeds it via the LTI plugin."""
+    if not request.user.is_authenticated:
+        return HttpResponse(status=401)
 
-    permission_classes = [permissions.IsAuthenticated]
+    media = get_object_or_404(Media, friendly_token=friendly_token)
+    if media.user != request.user:
+        return HttpResponse(status=403)
 
-    def post(self, request, friendly_token):
-        media = get_object_or_404(Media, friendly_token=friendly_token)
-        if media.user != request.user:
-            return Response(status=status.HTTP_403_FORBIDDEN)
+    MediaPermission.objects.get_or_create(
+        media=media,
+        user=request.user,
+        defaults={'owner_user': request.user, 'permission': 'owner'},
+    )
 
-        MediaPermission.objects.get_or_create(
-            media=media,
-            user=request.user,
-            defaults={'owner_user': request.user, 'permission': 'owner'},
-        )
+    courseid = request.POST.get('courseid')
+    if courseid:
+        category = Category.objects.filter(lti_context_id=str(courseid), is_rbac_category=True).first()
+        if category:
+            EmbedMediaCourse.objects.get_or_create(media=media, category=category)
 
-        courseid = request.data.get('courseid')
-        if courseid:
-            category = Category.objects.filter(lti_context_id=str(courseid), is_rbac_category=True).first()
-            if category:
-                EmbedMediaCourse.objects.get_or_create(media=media, category=category)
-
-        return Response(status=status.HTTP_200_OK)
+    return HttpResponse(status=200)

lms-plugins/mediacms-moodle/tiny/mediacms/amd/src/iframeembed.js

@@ -231,8 +231,7 @@ export default class IframeEmbed {
         fetch(`${baseUrl}/api/v1/media/${parsed.videoId}/share`, {
             method: 'POST',
             credentials: 'include',
-            headers: {'Content-Type': 'application/json'},
-            body: JSON.stringify({courseid: courseId}),
+            body: new URLSearchParams({courseid: courseId}),
         }).catch(() => {});
     }