panda_pal 5.10.0 → 5.11.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 818ff98db4420d43b028102fcd6f44ee7e7413f0ca069fd65b44a8e84aab0545
-  data.tar.gz: 923bdb90c19c89d0f3c1e4b98670ad8b495c68ee06cd872e2693f2881c96933d
+  metadata.gz: 75028dd065a6203af07a828ad23b78340b2b98c467ddc4def4b3935b6af31f15
+  data.tar.gz: dda65af42c0372f49c029508f9701093b99b81ca76c3cefa5448a35ba776031a
 SHA512:
-  metadata.gz: e5631603f5e7dba2552404725dae8e512999d1b25bbdfa6ce0bef3923c7698cbcb3e093f88d1d6ed8126804565c183723bac95bb3e585e9518059f4850a8e2df
-  data.tar.gz: 9af697df195ccb74891fef30a435de24b3c0099af4432cef4e5905f6ab4f12a0f33e80312af78259911ef200dd64586eb33954c83adcf8c541342183e3301282
+  metadata.gz: 911ca0334b047224f269121dd0a65e363c6239d763b73ef7ada18c439a66f29a11c51eae57ca1edfa8ffe18aa6b88bd7677aa41a5239c3517a2bc286668d30be
+  data.tar.gz: 25e362c44747b95d1316bec3c50ed508d6bf125a4b62328d1bc0c1a5bc1a498013d67db896422ff2e526ce111a29338f02481972b0a2fbe28d743baa4015ac07

data/README.md

@@ -57,34 +57,32 @@ Use one of these 6 options in `PandaPal.lti_options` hash.
 ### Task Scheduling
 `PandaPal` includes an integration with `sidekiq-scheduler`. You can define tasks on an Organization class Stub like so:
 ```ruby
-# <your_app>/app/models/panda_pal/organization.rb
-require File.expand_path('../../app/models/panda_pal/organization.rb', PandaPal::Engine.called_from)
+# <your_app>/app/models/organization_extension.rb
+module OrganizationExtension
+  extend ActiveSupport::Concern
 
-module PandaPal
-  class Organization
-    # Will invoke CanvasSyncStarterWorker.perform_async() according to the cron schedule
-    scheduled_task '0 15 05 * * *', :identifier, worker: CanvasSyncStarterWorker
+  # Will invoke CanvasSyncStarterWorker.perform_async() according to the cron schedule
+  scheduled_task '0 15 05 * * *', :identifier, worker: CanvasSyncStarterWorker
 
-    # Will invoke the method 'organization_method' on the Organization
-    scheduled_task '0 15 05 * * *', :organization_method_and_identifier
+  # Will invoke the method 'organization_method' on the Organization
+  scheduled_task '0 15 05 * * *', :organization_method_and_identifier
 
-    # If you need to invoke the same method on multiple schedules
-    scheduled_task '0 15 05 * * *', :identifier, worker: :organization_method
+  # If you need to invoke the same method on multiple schedules
+  scheduled_task '0 15 05 * * *', :identifier, worker: :organization_method
 
-    # You can also use a block
-    scheduled_task '0 15 05 * * *', :identifier do
-      # Do Stuff
-    end
+  # You can also use a block
+  scheduled_task '0 15 05 * * *', :identifier do
+    # Do Stuff
+  end
 
-    # You can use a Proc (called in the context of the Organization) to determine the schedule
-    scheduled_task -> { settings[:cron] }, :identifier
+  # You can use a Proc (called in the context of the Organization) to determine the schedule
+  scheduled_task -> { settings[:cron] }, :identifier
 
-    # You can specify a timezone. If a TZ is not coded and settings[:timezone] is present, it will be appended automatically
-    scheduled_task '0 15 05 * * * America/Denver', :identifier, worker: :organization_method
+  # You can specify a timezone. If a TZ is not coded and settings[:timezone] is present, it will be appended automatically
+  scheduled_task '0 15 05 * * * America/Denver', :identifier, worker: :organization_method
 
-    # Setting settings[:task_schedules][:identifier] will override the code cron schedule. Setting it to false will disable the Task
-    # :identifer values _must_ be unique, but can be nil, in which case they will be determined by where (lineno etc) scheduled_task is called
-  end
+  # Setting settings[:task_schedules][:identifier] will override the code cron schedule. Setting it to false will disable the Task
+  # :identifer values _must_ be unique, but can be nil, in which case they will be determined by where (lineno etc) scheduled_task is called
 end
 ```
 

data/app/controllers/panda_pal/lti_v1_p3_controller.rb

@@ -10,6 +10,7 @@ module PandaPal
 
     before_action :validate_launch!, only: [:resource_link_request]
     around_action :switch_tenant, only: [:resource_link_request]
+    before_action :enforce_environment!, only: [:resource_link_request]
 
     # Redirect to beta/test as necessary
     before_action :forward_to_env_and_region, only: [:login]
@@ -19,6 +20,8 @@ module PandaPal
 
       current_session_data[:lti_platform] = @current_lti_platform&.serialize
       current_session_data[:lti_oauth_nonce] = SecureRandom.uuid
+      current_session_data[:canvas_environment] = params['canvas_environment']
+      current_session_data[:canvas_region] = params['canvas_region']
       current_session.panda_pal_organization_id = -1
 
       @form_action = current_lti_platform.authentication_redirect_url
@@ -128,7 +131,7 @@ module PandaPal
       if (canvas_env = params['canvas_environment']).present?
         tdomain = PandaPal.lti_environments[:"#{canvas_env}_domain"]
 
-        if tdomain.present? && !request.url.include?(tdomain)
+        if tdomain.present? && !request.url.include?(tdomain) && PandaPal.lti_environments[:domain].present?
           return url.gsub(PandaPal.lti_environments[:domain], tdomain)
         end
       end
@@ -136,6 +139,17 @@ module PandaPal
       url
     end
 
+    def enforce_environment!
+      canvas_env = current_session_data[:canvas_environment]
+      return unless canvas_env.present?
+
+      org_canvas_url = current_organization.canvas_url
+
+      if (canvas_env == 'beta' || canvas_env == 'test') && org_canvas_url.present && !org_canvas_url.include?(".#{canvas_env}.")
+        render plain: "This tool is not properly configured for use in #{canvas_env}", status: 400
+      end
+    end
+
     private
 
     def auth_redirect_query

data/app/models/panda_pal/session.rb

@@ -42,24 +42,39 @@ module PandaPal
     end
 
     def custom_lti_params
-      # LT 1.3
-      custom_params = launch_params["https://purl.imsglobal.org/spec/lti/claim/custom"]
-      return custom_params if custom_params.present?
-
-      # LTI 1.0/1.1
-      custom_params = {}
-      launch_params.each do |k, v|
-        next unless k.start_with?("custom_")
-        custom_params[k[7..-1]] = v
-      end
+      @custom_lti_params ||= begin
+        # LT 1.3
+        custom_params = launch_params["https://purl.imsglobal.org/spec/lti/claim/custom"]
+        return custom_params if custom_params.present?
+
+        # LTI 1.0/1.1
+        custom_params = {}
+        launch_params.each do |k, v|
+          next unless k.start_with?("custom_")
+          custom_params[k[7..-1]] = v
+        end
 
-      custom_params.with_indifferent_access
+        custom_params.with_indifferent_access
+      end
     end
 
-    def get_lti_cust_param(key)
+    def get_lti_cust_param(key, default: :if_not_var)
       nkey = key.to_s.gsub(/^custom_/, '')
+      default_value = ->() { PandaPal.lti_custom_params[nkey] || PandaPal.lti_custom_params["custom_#{nkey}"] }
 
-      launch_params.dig("https://purl.imsglobal.org/spec/lti/claim/custom", nkey) || launch_params[nkey] || launch_params["custom_#{nkey}"]
+      val = launch_params.dig("https://purl.imsglobal.org/spec/lti/claim/custom", nkey) || launch_params[nkey] || launch_params["custom_#{nkey}"]
+
+      if default == :if_not_var
+        if val.is_a?(String) && /\$[\.\w]+/.match?(val) && val == default_value[]
+          return nil
+        end
+      elsif default && !val.present?
+        return default_value[]
+      elsif !default && val == default_value[]
+        return nil
+      end
+
+      val
     end
 
     def canvas_role_labels
@@ -71,7 +86,7 @@ module PandaPal
       account = 'self' if account.to_s == "root"
       account = account.canvas_id if account.respond_to?(:canvas_id)
 
-      if "::Admin".safe_constantize && ::Admin < ::ActiveRecord::Base
+      if defined?(::Admin) && ::Admin < ::ActiveRecord::Base
         account = current_organization.canvas_account_id if account == 'self'
         adm_query = ::Admin.where(canvas_account_id: account, workflow_state: "active")
         adm_query.pluck(:role_name)
@@ -88,6 +103,14 @@ module PandaPal
       @lti_roles ||= RoleStore.new(launch_params["https://purl.imsglobal.org/spec/lti/claim/roles"] || launch_params['ext_roles'] || '')
     end
 
+    def canvas_user_id
+      get_lti_cust_param('canvas_user_id')
+    end
+
+    def user
+      @user ||= ::User.find_by(canvas_id: canvas_user_id) if defined?(::User) && ::User < ::ActiveRecord::Base
+    end
+
     def canvas_site_admin?
       lti_roles.system_roles.include?("sys_admin")
     end

data/lib/panda_pal/version.rb

@@ -1,3 +1,3 @@
 module PandaPal
-  VERSION = "5.10.0"
+  VERSION = "5.11.0"
 end

data/lib/panda_pal.rb

@@ -43,7 +43,7 @@ module PandaPal
   end
 
   def self.lti_custom_params=(custom_params)
-    @@lti_custom_params = custom_params
+    @@lti_custom_params = custom_params.with_indifferent_access
   end
 
   def self.lti_custom_params

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: panda_pal
 version: !ruby/object:Gem::Version
-  version: 5.10.0
+  version: 5.11.0
 platform: ruby
 authors:
 - Instructure CustomDev
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-05-30 00:00:00.000000000 Z
+date: 2024-10-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -409,52 +409,52 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.6
+rubygems_version: 3.0.3.1
 signing_key: 
 specification_version: 4
 summary: LTI mountable engine
 test_files:
-- spec/rails_helper.rb
-- spec/models/panda_pal/api_call_spec.rb
-- spec/models/panda_pal/organization_spec.rb
-- spec/models/panda_pal/session_spec.rb
-- spec/models/panda_pal/organization/settings_validation_spec.rb
-- spec/models/panda_pal/organization/task_scheduling_spec.rb
-- spec/controllers/panda_pal/api_call_controller_spec.rb
 - spec/spec_helper.rb
-- spec/dummy/db/schema.rb
-- spec/dummy/public/422.html
-- spec/dummy/public/favicon.ico
-- spec/dummy/public/404.html
-- spec/dummy/public/500.html
-- spec/dummy/Rakefile
-- spec/dummy/app/views/layouts/application.html.erb
 - spec/dummy/app/controllers/application_controller.rb
-- spec/dummy/app/helpers/application_helper.rb
-- spec/dummy/app/assets/stylesheets/application.css
+- spec/dummy/app/views/layouts/application.html.erb
 - spec/dummy/app/assets/javascripts/application.js
+- spec/dummy/app/assets/stylesheets/application.css
+- spec/dummy/app/helpers/application_helper.rb
+- spec/dummy/bin/rake
+- spec/dummy/bin/setup
+- spec/dummy/bin/bundle
+- spec/dummy/bin/rails
 - spec/dummy/config/secrets.yml
-- spec/dummy/config/application.rb
-- spec/dummy/config/initializers/session_store.rb
-- spec/dummy/config/initializers/wrap_parameters.rb
-- spec/dummy/config/initializers/inflections.rb
-- spec/dummy/config/initializers/filter_parameter_logging.rb
-- spec/dummy/config/initializers/mime_types.rb
-- spec/dummy/config/initializers/backtrace_silencers.rb
-- spec/dummy/config/initializers/cookies_serializer.rb
+- spec/dummy/config/routes.rb
+- spec/dummy/config/locales/en.yml
+- spec/dummy/config/environments/production.rb
 - spec/dummy/config/environments/development.rb
 - spec/dummy/config/environments/test.rb
-- spec/dummy/config/environments/production.rb
+- spec/dummy/config/environment.rb
+- spec/dummy/config/application.rb
 - spec/dummy/config/database.yml
 - spec/dummy/config/boot.rb
-- spec/dummy/config/routes.rb
-- spec/dummy/config/environment.rb
-- spec/dummy/config/locales/en.yml
-- spec/dummy/README.rdoc
+- spec/dummy/config/initializers/backtrace_silencers.rb
+- spec/dummy/config/initializers/mime_types.rb
+- spec/dummy/config/initializers/filter_parameter_logging.rb
+- spec/dummy/config/initializers/session_store.rb
+- spec/dummy/config/initializers/wrap_parameters.rb
+- spec/dummy/config/initializers/cookies_serializer.rb
+- spec/dummy/config/initializers/inflections.rb
 - spec/dummy/config.ru
-- spec/dummy/bin/bundle
-- spec/dummy/bin/rake
-- spec/dummy/bin/setup
-- spec/dummy/bin/rails
-- spec/factories/panda_pal_organizations.rb
+- spec/dummy/Rakefile
+- spec/dummy/public/favicon.ico
+- spec/dummy/public/422.html
+- spec/dummy/public/500.html
+- spec/dummy/public/404.html
+- spec/dummy/db/schema.rb
+- spec/dummy/README.rdoc
+- spec/models/panda_pal/organization/settings_validation_spec.rb
+- spec/models/panda_pal/organization/task_scheduling_spec.rb
+- spec/models/panda_pal/session_spec.rb
+- spec/models/panda_pal/api_call_spec.rb
+- spec/models/panda_pal/organization_spec.rb
 - spec/factories/panda_pal_sessions.rb
+- spec/factories/panda_pal_organizations.rb
+- spec/controllers/panda_pal/api_call_controller_spec.rb
+- spec/rails_helper.rb