diff --git a/api_specification.md b/api_specification.md
index 1d982828c1d410880afef143ddd8108a45f386ba..c06a2b996a3f42f7214693a21936356a6e44f524 100644
--- a/api_specification.md
+++ b/api_specification.md
@@ -1,4 +1,4 @@
-# Specification of the Web API for the Video-AG Website (v0.52).
+# Specification of the Web API for the Video-AG Website (v0.53).
## Introduction
@@ -1025,7 +1025,7 @@ Executes the specified action.
| lecture_id | int | ✓ | Existence must be checked |
| user_id | int | ✓ | Existence must be checked |
| user_id_list | array of user_id | ✓ | |
-| course_id_string | id_string | ✓ | Must not be used by other course |
+| course_id_string | string | ✓ | Must match `[a-zA-Z0-9_-]{1,100}`, must not be used by other course, must **not** be one of: `courses`, `faq`, `imprint`, `licenses`, `search`, `site`, `internal` |
| job_state | id_string | | possible values: `ready`, `running`, `finished`, `failed`, `deleted` |
| job_type | id_string | | possible values: `probe`, `probe-raw`, `remux`, `thumbnail`, `transcode`, `publish_video`, `simple_live_transcode`, `complex_live_transcode`, `live_forward` |
@@ -1522,6 +1522,10 @@ Possible `error_code`:
## Changelog
+### v0.53
+
+* Changed type of `course_id_string` to regex. Added forbidden values.
+
### v0.52
* Added error code `site_is_overloaded`
diff --git a/src/api/objects/types.py b/src/api/objects/types.py
index 62faf7954713543ab4463110aacaf14661ab0c1f..27a51aa35f2f6ab709aa5ce6c84523b0159da6d0 100644
--- a/src/api/objects/types.py
+++ b/src/api/objects/types.py
@@ -1,5 +1,5 @@
+import re
-from api.miscellaneous import ID_STRING_REGEX_NO_LENGTH
from api.objects.type import (IntType, LongType,
SimpleType, ObjectIdType,
StringType, SimpleStringType, UniqueStringType, MappedStringType, SemesterStringType,
@@ -11,11 +11,15 @@ TYPE_BOOLEAN = SimpleType("boolean", lambda db: bool(db), lambda json_value: jso
TYPE_STRING_SHORT = StringType(256)
TYPE_STRING_LONG = StringType(8192)
TYPE_URL = SimpleStringType("url", 1024, 0, None)
+
+# Also update in API specification when modifying!
+FORBIDDEN_COURSE_ID_STRING_VALUES = ["courses", "faq", "imprint", "licenses", "search", "site", "internal"]
+# noinspection RegExpUnnecessaryNonCapturingGroup
TYPE_COURSE_ID_STRING = UniqueStringType(
"course_id_string",
100,
1,
- ID_STRING_REGEX_NO_LENGTH,
+ re.compile(f"(?!(?:{'|'.join(FORBIDDEN_COURSE_ID_STRING_VALUES)})$)[a-zA-Z0-9_-]+"),
"courses_data",
"id",
"handle"
diff --git a/tests/routes/object_modifications.py b/tests/routes/object_modifications.py
index 0f55c4f9aa6b3ce338cf52942422e5cf5a19499f..982c50e5a7a3ec1d244004ba8ed2aa027e191a6e 100644
--- a/tests/routes/object_modifications.py
+++ b/tests/routes/object_modifications.py
@@ -463,7 +463,19 @@ class ObjectModificationsTest(ApiTest):
"/object_management/course/2/configuration",
{
"updates": {
- "id_string": "00"
+ "id_string": "a/b"
+ },
+ "expected_current_values": {}
+ },
+ expected_response_code=HTTP_400_BAD_REQUEST,
+ use_moderator_login=True
+ )
+ self.do_json_request(
+ "PATCH",
+ "/object_management/course/2/configuration",
+ {
+ "updates": {
+ "id_string": "courses"
},
"expected_current_values": {}
},