I consider this more as a privacy issue than an H5P issue, so I post it here.
We run Moodle 3.9.
A non-editing teacher can see results and e-mailadress in H5P-activity by changing user-id in URL.
I have a non-editing teacher and students in groups in course. Course is set with separate groups.
The non-editing teacher access the Grades by the navigation meny in the course to see the students results. By clicking the grade analysis button at a h5p activity, the score is shown, so is the students e-mail-adress.
If the non-editing-teacher changes the user-id in the URL, the teacher will se the results and e-mailadress to an other user, that is not connected to this non-editing teacher, and is in an other group.
When I try the same in a Moodle quiz, the non-editing teacher get the message:
«You are not allowed to review this attempt.»Is this a known issue?