-
Notifications
You must be signed in to change notification settings - Fork 4
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #396 from oat-sa/feat/AYT-3400/launching-authoring…
…-by-new-configurable-roles Feat/ayt 3400/launching authoring by new configurable roles
- Loading branch information
Showing
11 changed files
with
303 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
<?php | ||
|
||
declare(strict_types=1); | ||
|
||
namespace oat\taoLti\migrations; | ||
|
||
use core_kernel_classes_Resource; | ||
use core_kernel_users_Cache; | ||
use Doctrine\DBAL\Schema\Schema; | ||
use oat\oatbox\reporting\Report; | ||
use oat\tao\model\accessControl\func\AccessRule; | ||
use oat\tao\model\accessControl\func\AclProxy; | ||
use oat\tao\model\user\TaoRoles; | ||
use oat\tao\scripts\tools\migrations\AbstractMigration; | ||
use oat\tao\scripts\update\OntologyUpdater; | ||
use oat\taoLti\models\classes\LtiRoles; | ||
|
||
/** | ||
* Auto-generated Migration: Please modify to your needs! | ||
* | ||
* phpcs:disable Squiz.Classes.ValidClassName | ||
*/ | ||
final class Version202312051317263774_taoLti extends AbstractMigration | ||
{ | ||
public function getDescription(): string | ||
{ | ||
return 'Apply new http://purl.imsglobal.org/vocab/lis/v2/membership#Instructor and http://purl.imsglobal.org/vocab/lis/v2/institution/person#Administrator permission for AuthoringTool'; | ||
} | ||
|
||
public function up(Schema $schema): void | ||
{ | ||
AclProxy::applyRule($this->getLaunchActionRule()); | ||
AclProxy::applyRule($this->getRunActionRule(LtiRoles::CONTEXT_LTI1P3_INSTRUCTOR)); | ||
AclProxy::applyRule($this->getRunActionRule(LtiRoles::CONTEXT_INSTITUTION_LTI1P3_ADMINISTRATOR)); | ||
|
||
$this->addReport( | ||
Report::createInfo( | ||
sprintf( | ||
'Clearing the Generis cache for roles %s', | ||
LtiRoles::CONTEXT_LTI1P3_INSTRUCTOR, | ||
) | ||
) | ||
); | ||
core_kernel_users_Cache::removeIncludedRoles( | ||
new core_kernel_classes_Resource(LtiRoles::CONTEXT_LTI1P3_INSTRUCTOR) | ||
); | ||
core_kernel_users_Cache::removeIncludedRoles( | ||
new core_kernel_classes_Resource(LtiRoles::CONTEXT_INSTITUTION_LTI1P3_ADMINISTRATOR) | ||
); | ||
|
||
OntologyUpdater::syncModels(); | ||
|
||
$this->addReport(Report::createInfo('Apply new permission for AuthoringTool')); | ||
} | ||
|
||
public function down(Schema $schema): void | ||
{ | ||
AclProxy::revokeRule($this->getLaunchActionRule()); | ||
AclProxy::revokeRule($this->getRunActionRule(LtiRoles::CONTEXT_LTI1P3_INSTRUCTOR)); | ||
AclProxy::revokeRule($this->getRunActionRule(LtiRoles::CONTEXT_INSTITUTION_LTI1P3_ADMINISTRATOR)); | ||
|
||
$this->addReport(Report::createInfo('Revoke CONTEXT_INSTRUCTOR, CONTEXT_INSTITUTION_LTI1P3_ADMINISTRATOR permission for AuthoringTool')); | ||
} | ||
|
||
private function getLaunchActionRule(): AccessRule | ||
{ | ||
return new AccessRule( | ||
AccessRule::GRANT, | ||
TaoRoles::ANONYMOUS, | ||
['ext' => 'taoLti', 'mod' => 'AuthoringTool', 'act' => 'launch'] | ||
); | ||
} | ||
|
||
private function getRunActionRule(string $role): AccessRule | ||
{ | ||
return new AccessRule( | ||
AccessRule::GRANT, | ||
$role, | ||
['ext' => 'taoLti', 'mod' => 'AuthoringTool', 'act' => 'run'] | ||
); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
<?php | ||
|
||
/** | ||
* This program is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU General Public License | ||
* as published by the Free Software Foundation; under version 2 | ||
* of the License (non-upgradable). | ||
* | ||
* This program is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
* GNU General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU General Public License | ||
* along with this program; if not, write to the Free Software | ||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | ||
* | ||
* Copyright (c) 2023 (original work) Open Assessment Technologies SA; | ||
*/ | ||
|
||
declare(strict_types=1); | ||
|
||
namespace oat\taoLti\models\classes\Tool\Exception; | ||
|
||
use Exception; | ||
use Throwable; | ||
|
||
class WrongLtiRolesException extends Exception | ||
{ | ||
public function __construct(string $message = "Role not allowed", int $code = 0, ?Throwable $previous = null) | ||
{ | ||
parent::__construct($message, $code, $previous); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
<?php | ||
|
||
/** | ||
* This program is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU General Public License | ||
* as published by the Free Software Foundation; under version 2 | ||
* of the License (non-upgradable). | ||
* | ||
* This program is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
* GNU General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU General Public License | ||
* along with this program; if not, write to the Free Software | ||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | ||
* | ||
* Copyright (c) 2023 (original work) Open Assessment Technologies SA; | ||
*/ | ||
|
||
declare(strict_types=1); | ||
|
||
namespace oat\taoLti\models\classes\Tool\Service; | ||
|
||
use oat\taoLti\models\classes\Tool\Exception\WrongLtiRolesException; | ||
|
||
class AuthoringLtiRoleService | ||
{ | ||
public function __construct(array $roleAllowed) | ||
{ | ||
$this->roleAllowed = $roleAllowed; | ||
} | ||
|
||
/** | ||
* @throws WrongLtiRolesException | ||
*/ | ||
public function getValidRole(array $roles): string | ||
{ | ||
$commonRoles = array_intersect($roles, $this->roleAllowed); | ||
|
||
if (empty($commonRoles)) { | ||
throw new WrongLtiRolesException(); | ||
} | ||
return current($commonRoles); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
94 changes: 94 additions & 0 deletions
94
test/unit/models/classes/Tool/Service/AuthoringLtiRoleServiceTest.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,94 @@ | ||
<?php | ||
|
||
/** | ||
* This program is free software; you can redistribute it and/or | ||
* modify it under the terms of the GNU General Public License | ||
* as published by the Free Software Foundation; under version 2 | ||
* of the License (non-upgradable). | ||
* | ||
* This program is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
* GNU General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU General Public License | ||
* along with this program; if not, write to the Free Software | ||
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. | ||
* | ||
* Copyright (c) 2023 (original work) Open Assessment Technologies SA; | ||
*/ | ||
|
||
declare(strict_types=1); | ||
|
||
namespace oat\taoLti\test\unit\models\classes\Tool\Service; | ||
|
||
use oat\taoLti\models\classes\LtiRoles; | ||
use oat\taoLti\models\classes\Tool\Exception\WrongLtiRolesException; | ||
use oat\taoLti\models\classes\Tool\Service\AuthoringLtiRoleService; | ||
use PHPUnit\Framework\TestCase; | ||
|
||
class AuthoringLtiRoleServiceTest extends TestCase | ||
{ | ||
public function setUp(): void | ||
{ | ||
$this->subject = new AuthoringLtiRoleService( | ||
[ | ||
LtiRoles::CONTEXT_LTI1P3_ADMINISTRATOR_SUB_DEVELOPER, | ||
LtiRoles::CONTEXT_LTI1P3_CONTENT_DEVELOPER_SUB_CONTENT_DEVELOPER, | ||
LTIRoles::CONTEXT_INSTITUTION_LTI1P3_ADMINISTRATOR, | ||
LtiRoles::CONTEXT_LTI1P3_INSTRUCTOR | ||
] | ||
); | ||
} | ||
|
||
/** | ||
* @dataProvider ltiMessageRolesProvider | ||
*/ | ||
public function testValidRole(array $rolesProvided, string $expected): void | ||
{ | ||
self::assertEquals($expected, $this->subject->getValidRole($rolesProvided)); | ||
} | ||
|
||
/** | ||
* @dataProvider invalidRolesProvider | ||
* @throws WrongLtiRolesException | ||
*/ | ||
public function testExpectException(array $roles): void | ||
{ | ||
$this->expectException(WrongLtiRolesException::class); | ||
$this->subject->getValidRole($roles); | ||
} | ||
|
||
public function invalidRolesProvider(): array | ||
{ | ||
return [ | ||
'Empty array' => [ | ||
'roles' => [], | ||
], | ||
'UnsupportedRole' => [ | ||
'roles' => ['http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Support'] | ||
] | ||
]; | ||
} | ||
|
||
public function ltiMessageRolesProvider(): array | ||
{ | ||
return [ | ||
'When one valid roles' => [ | ||
'rolesProvided' => [ | ||
'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Administrator', | ||
'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Support' | ||
], | ||
'expected' => 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Administrator' | ||
], | ||
'When more than one valid roles' => [ | ||
'rolesProvided' => [ | ||
'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Administrator', | ||
'http://purl.imsglobal.org/vocab/lis/v2/membership/Administrator#Support', | ||
'http://purl.imsglobal.org/vocab/lis/v2/membership/ContentDeveloper#ContentDeveloper' | ||
], | ||
'expected' => 'http://purl.imsglobal.org/vocab/lis/v2/institution/person#Administrator' | ||
] | ||
]; | ||
} | ||
} |