Merge branch 'develop' into fix/SOLAR-624/add-reviewer-role-to-conten…

…t-developer

composer.json

@@ -61,7 +61,7 @@
         "oat-sa/lib-lti1p3-ags": "^1.2",
         "oat-sa/lib-lti1p3-core": "^6.0.0",
         "oat-sa/generis" : ">=15.22",
-        "oat-sa/tao-core" : ">=50.24.6"
+        "oat-sa/tao-core" : ">=54.10.0"
     },
     "autoload" : {
         "psr-4" : {

controller/AuthoringTool.php

@@ -28,8 +28,6 @@
 use helpers_Random;
 use InterruptedActionException;
 use OAT\Library\Lti1p3Core\Message\Payload\LtiMessagePayloadInterface;
-use oat\tao\model\featureFlag\FeatureFlagChecker;
-use oat\tao\model\featureFlag\FeatureFlagCheckerInterface;
 use oat\taoLti\models\classes\LtiException;
 use oat\taoLti\models\classes\LtiMessages\LtiErrorMessage;
 use oat\taoLti\models\classes\LtiService;
@@ -106,18 +104,6 @@ public function launch(): void
         $this->forward('run', null, null, $_GET);
     }
 
-    /**
-     * @throws ContainerExceptionInterface
-     * @throws NotFoundExceptionInterface
-     */
-    private function isFeatureTaoAsToolEnabled(): bool
-    {
-        return $this->getServiceManager()
-            ->getContainer()
-            ->get(FeatureFlagChecker::class)
-            ->isEnabled(FeatureFlagCheckerInterface::FEATURE_FLAG_TAO_AS_A_TOOL);
-    }
-
     /**
      * @throws ContainerExceptionInterface
      * @throws InterruptedActionException
@@ -126,13 +112,6 @@ private function isFeatureTaoAsToolEnabled(): bool
      */
     private function getLtiMessageOrRedirectToLogin(): LtiMessagePayloadInterface
     {
-        if (!$this->isFeatureTaoAsToolEnabled()) {
-            $this->getLogger()->info(
-                'TAO as tool feature is disabled. The user will be redirected to the login page.'
-            );
-            $this->redirect(_url('login', 'Main', 'tao'));
-        }
-
         try {
             $message = $this->getValidatedLtiMessagePayload();
         } catch (LtiException $exception) {

models/classes/DynamicConfig/LtiConfigProvider.php

@@ -0,0 +1,88 @@
+<?php
+
+/**
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; under version 2
+ * of the License (non-upgradable).
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+ *
+ * Copyright (c) 2024 (original work) Open Assessment Technologies SA;
+ */
+
+declare(strict_types=1);
+
+namespace oat\taoLti\models\classes\DynamicConfig;
+
+use oat\oatbox\session\SessionService;
+use oat\tao\model\DynamicConfig\DynamicConfigProviderInterface;
+use oat\taoLti\models\classes\LtiLaunchData;
+use oat\taoLti\models\classes\TaoLtiSession;
+use Psr\Log\LoggerInterface;
+use Throwable;
+
+class LtiConfigProvider implements DynamicConfigProviderInterface
+{
+    private DynamicConfigProviderInterface $configFallback;
+
+    private SessionService $session;
+    private LoggerInterface $logger;
+
+    public function __construct(
+        DynamicConfigProviderInterface $configFallback,
+        SessionService $session,
+        LoggerInterface $logger
+    ) {
+        $this->configFallback = $configFallback;
+        $this->session = $session;
+        $this->logger = $logger;
+    }
+
+    public function getConfigByName(string $name): ?string
+    {
+        return $this->getConfigByLtiClaimName($name) ?? $this->configFallback->getConfigByName($name);
+    }
+
+    public function hasConfig(string $name): bool
+    {
+        return $this->getConfigByName($name) !== null;
+    }
+
+    private function getConfigByLtiClaimName(string $name): ?string
+    {
+        $currentSession = $this->session->getCurrentSession();
+
+        if (!$currentSession instanceof TaoLtiSession) {
+            return null;
+        }
+
+        $ltiLaunchData = $currentSession->getLaunchData();
+
+        if ($name === self::LOGIN_URL_CONFIG_NAME) {
+            return $ltiLaunchData->getCustomParameter(LtiLaunchData::LTI_TAO_LOGIN_URL);
+        }
+        if ($name === self::LOGOUT_URL_CONFIG_NAME) {
+            return $ltiLaunchData->getCustomParameter(LtiLaunchData::LTI_REDIRECT_AFTER_LOGOUT_URL);
+        }
+
+        try {
+            if ($name === self::PLATFORM_URL_CONFIG_NAME && $ltiLaunchData->hasReturnUrl()) {
+                return $ltiLaunchData->getReturnUrl();
+            }
+        } catch (Throwable $exception) {
+            $this->logger->warning(
+                sprintf('It was not possible to recover return url claim. Exception: %s', $exception)
+            );
+        }
+
+        return null;
+    }
+}

models/classes/LtiLaunchData.php

@@ -26,10 +26,10 @@
 use OAT\Library\Lti1p3Core\Message\Payload\Claim\AgsClaim;
 use OAT\Library\Lti1p3Core\Message\Payload\LtiMessagePayloadInterface;
 use OAT\Library\Lti1p3Core\Platform\PlatformInterface;
-use oat\taoLti\models\classes\LtiMessages\LtiErrorMessage;
-use tao_helpers_Request;
 use oat\oatbox\log\LoggerAwareTrait;
+use oat\taoLti\models\classes\LtiMessages\LtiErrorMessage;
 use Psr\Http\Message\ServerRequestInterface;
+use tao_helpers_Request;
 
 class LtiLaunchData implements \JsonSerializable
 {
@@ -66,6 +66,10 @@ class LtiLaunchData implements \JsonSerializable
     public const LTI_SHOW_SCORE = 'custom_show_score';
     public const LTI_SHOW_CORRECT = 'custom_show_correct';
 
+    public const LTI_REDIRECT_AFTER_LOGOUT_URL = 'authoringSettings.redirectAfterLogoutUrl';
+
+    public const LTI_TAO_LOGIN_URL = 'authoringSettings.taoLoginUrl';
+
     // for user claim
     private const LTI_FOR_USER_ID = 'lti_for_user_id';
     private const LTI_FOR_USER_EMAIL = 'lti_for_user_email';
@@ -242,7 +246,7 @@ private static function getParametersFromUrl(string $url): array
         // encoded in url
         $parts = explode('/', tao_helpers_Request::getRelativeUrl($url), 4);
         if (count($parts) == 4) {
-            list($extension, $module, $action, $codedUri) = $parts;
+            [$extension, $module, $action, $codedUri] = $parts;
             $base64String = base64_decode($codedUri);
             if ($base64String !== false) {
                 // old serialised url

models/classes/LtiService.php

@@ -35,6 +35,8 @@
 use oat\oatbox\service\ConfigurableService;
 use oat\oatbox\service\ServiceManager;
 use oat\oatbox\session\SessionService;
+use oat\tao\model\session\Context\TenantDataSessionContext;
+use oat\tao\model\session\Context\UserDataSessionContext;
 use oat\tao\model\TaoOntology;
 use oat\taoLti\models\classes\LtiMessages\LtiErrorMessage;
 use oat\taoLti\models\classes\user\Lti1p3User;
@@ -111,10 +113,27 @@ public function createLti1p3Session(
 
             $ltiUser->setRegistrationId($registration->getIdentifier());
 
-            $session = TaoLtiSession::fromVersion1p3($ltiUser);
+            $contexts = [];
+            if ($clientId) {
+                $userId = $messagePayload->getUserIdentity();
+                $clientIdParts = explode('-', $clientId);
+                $contexts = [
+                    new UserDataSessionContext(
+                        $userId->getIdentifier(),
+                        $userId->getIdentifier(),
+                        $userId->getName(),
+                        $userId->getEmail(),
+                        $userId->getLocale()
+                    ),
+                    new TenantDataSessionContext(end($clientIdParts))
+                ];
+            }
+
+            $session = TaoLtiSession::fromVersion1p3($ltiUser, $contexts);
 
             $this->getServiceLocator()->propagate($session);
 
+
             return $session;
         } catch (LtiInvalidVariableException $e) {
             $this->logInfo($e->getMessage());

models/classes/ServiceProvider/LtiServiceProvider.php

@@ -47,7 +47,12 @@
 use oat\oatbox\cache\factory\CacheItemPoolFactory;
 use oat\oatbox\cache\ItemPoolSimpleCacheAdapter;
 use oat\oatbox\log\LoggerService;
+use oat\oatbox\session\SessionService;
+use oat\tao\model\DynamicConfig\DynamicConfigProviderInterface;
+use oat\tao\model\accessControl\RoleBasedContextRestrictAccess;
+use oat\tao\model\menu\SectionVisibilityByRoleFilter;
 use oat\taoLti\models\classes\Client\LtiClientFactory;
+use oat\taoLti\models\classes\DynamicConfig\LtiConfigProvider;
 use oat\taoLti\models\classes\LtiAgs\LtiAgsScoreService;
 use oat\taoLti\models\classes\LtiAgs\LtiAgsScoreServiceInterface;
 use oat\taoLti\models\classes\LtiRoles;
@@ -64,13 +69,19 @@
 use Psr\Cache\CacheItemPoolInterface;
 use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
 
-use function Symfony\Component\DependencyInjection\Loader\Configurator\inline_service;
-use function Symfony\Component\DependencyInjection\Loader\Configurator\service;
 use function Symfony\Component\DependencyInjection\Loader\Configurator\env;
+use function Symfony\Component\DependencyInjection\Loader\Configurator\inline_service;
 use function Symfony\Component\DependencyInjection\Loader\Configurator\param;
+use function Symfony\Component\DependencyInjection\Loader\Configurator\service;
 
 class LtiServiceProvider implements ContainerServiceProviderInterface
 {
+    private const PORTAL_ACCESS_ROLES = [
+        LtiRoles::CONTEXT_LTI1P3_ADMINISTRATOR_SUB_DEVELOPER,
+        LtiRoles::CONTEXT_LTI1P3_CONTENT_DEVELOPER_SUB_CONTENT_DEVELOPER,
+        LTIRoles::CONTEXT_INSTITUTION_LTI1P3_ADMINISTRATOR,
+        LtiRoles::CONTEXT_LTI1P3_INSTRUCTOR
+    ];
     public function __invoke(ContainerConfigurator $configurator): void
     {
         $services = $configurator->services();
@@ -83,11 +94,14 @@ public function __invoke(ContainerConfigurator $configurator): void
 
         $parameters->set(
             'rolesAllowed',
+            self::PORTAL_ACCESS_ROLES
+        );
+
+        $parameters->set(
+            'restrictedRolesForSectionMap',
             [
-                LtiRoles::CONTEXT_LTI1P3_ADMINISTRATOR_SUB_DEVELOPER,
-                LtiRoles::CONTEXT_LTI1P3_CONTENT_DEVELOPER_SUB_CONTENT_DEVELOPER,
-                LTIRoles::CONTEXT_INSTITUTION_LTI1P3_ADMINISTRATOR,
-                LtiRoles::CONTEXT_LTI1P3_INSTRUCTOR
+                'help' => self::PORTAL_ACCESS_ROLES,
+                'settings_my_password' => self::PORTAL_ACCESS_ROLES,
             ]
         );
 
@@ -259,5 +273,27 @@ public function __invoke(ContainerConfigurator $configurator): void
                     param('rolesAllowed')
                 ]
             );
+
+        $services
+            ->get(RoleBasedContextRestrictAccess::class)
+            ->arg('$restrictedRoles', [
+                'ltiAuthoringLaunchRestrictRoles' => param('rolesAllowed')
+            ]);
+
+        $services->set(SectionVisibilityByRoleFilter::class, SectionVisibilityByRoleFilter::class)
+            ->public()
+            ->args([param('restrictedRolesForSectionMap')]);
+
+        $services
+            ->set(LtiConfigProvider::class)
+            ->decorate(DynamicConfigProviderInterface::class)
+            ->public()
+            ->args(
+                [
+                    service(LtiConfigProvider::class . '.inner'),
+                    service(SessionService::SERVICE_ID),
+                    service(LoggerService::SERVICE_ID),
+                ]
+            );
     }
 }

models/classes/TaoLtiSession.php

@@ -37,14 +37,14 @@ class TaoLtiSession extends common_session_DefaultSession
     /** @var string */
     private $version = self::VERSION_LTI_1P1;
 
-    public function __construct(LtiUserInterface $user)
+    public function __construct(LtiUserInterface $user, array $contexts = [])
     {
-        parent::__construct($user);
+        parent::__construct($user, $contexts);
     }
 
-    public static function fromVersion1p3(LtiUserInterface $user): self
+    public static function fromVersion1p3(LtiUserInterface $user, array $contexts = []): self
     {
-        $session = new self($user);
+        $session = new self($user, $contexts);
 
         $session->version = self::VERSION_LTI_1P3;