basic lti support

- external tools can be added on the course/account
  settings page
- external tools can be linked to from within modules
- clicking a tool in a module will load a new page
  with the tool embedded in an iframe
- see context_external_tools for standard procedures
  on retrieving settings for a specific link

fixes #4013

Change-Id: I8aa1934f8deac9af26d74036162b34fd1c4242e1
Reviewed-on: https://gerrit.instructure.com/2601
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>

Author: whitmer

app/controllers/application_controller.rb

@@ -771,7 +771,17 @@ def content_tag_redirect(context, tag, error_redirect_symbol)
       @tag = tag
       @module = tag.context_module
       tag.context_module_action(@current_user, :read)
-      render :action => 'url_show'
+      render :template => 'context_modules/url_show'
+    elsif tag.content_type == 'ContextExternalTool'
+      @tag = tag
+      @tool = ContextExternalTool.find_external_tool(tag.url, context)
+      tag.context_module_action(@current_user, :read)
+      if !@tool
+        flash[:error] = "Couldn't find valid settings for this this link"
+        redirect_to named_context_url(context, error_redirect_symbol)
+      else
+        render :template => 'external_tools/tool_show'
+      end
     else
       flash[:error] = "Didn't recognize the item type for this tag"
       redirect_to named_context_url(context, error_redirect_symbol)

app/controllers/external_tools_controller.rb

@@ -0,0 +1,61 @@
+class ExternalToolsController < ApplicationController
+  before_filter :require_context, :require_user
+  
+  def index
+    if authorized_action(@context, @current_user, :update)
+      if params[:include_parents]
+        @tools = ContextExternalTool.all_tools_for(@context)
+      else
+        @tools = @context.context_external_tools.active
+      end
+      respond_to do |format|
+        format.json { render :json => @tools.to_json(:include_root => false) }
+      end
+    end
+  end
+  
+  def finished
+    @headers = false
+    if authorized_action(@context, @current_user, :read)
+    end
+  end
+  
+  def create
+    if authorized_action(@context, @current_user, :update)
+      @tool = @context.context_external_tools.build(params[:external_tool])
+      respond_to do |format|
+        if @tool.save
+          format.json { render :json => @tool.to_json(:methods => :readable_state, :include_root => false) }
+        else
+          format.json { render :json => @tool.errors.to_json, :status => :bad_request }
+        end
+      end
+    end
+  end
+  
+  def update
+    @tool = @context.context_external_tools.find(params[:id])
+    if authorized_action(@tool, @current_user, :update)
+      respond_to do |format|
+        if @tool.update_attributes(params[:external_tool])
+          format.json { render :json => @tool.to_json(:methods => :readable_state, :include_root => false) }
+        else
+          format.json { render :json => @tool.errors.to_json, :status => :bad_request }
+        end
+      end
+    end
+  end
+  
+  def destroy
+    @tool = @context.context_external_tools.find(params[:id])
+    if authorized_action(@tool, @current_user, :delete)
+      respond_to do |format|
+        if @tool.destroy
+          format.json { render :json => @tool.to_json(:methods => :readable_state, :include_root => false) }
+        else
+          format.json { render :json => @tool.errors.to_json, :status => :bad_request }
+        end
+      end
+    end
+  end
+end

app/helpers/application_helper.rb

@@ -169,7 +169,7 @@ def context_url(context, *opts)
       opts.unshift context.id
       opts.push({}) unless opts[-1].is_a?(Hash)
       ajax = opts[-1].delete :ajax rescue nil
-      opts[-1][:only_path] = true
+      opts[-1][:only_path] = true unless opts[-1][:only_path] == false
       res = self.send name, *opts
     elsif opts[0].is_a? Hash
       opts = opts[0]

app/helpers/external_tools_helper.rb

@@ -0,0 +1,2 @@
+module ExternalToolsHelper
+end

app/models/account.rb

@@ -62,6 +62,7 @@ class Account < ActiveRecord::Base
   has_one :account_authorization_config
   has_many :account_reports
 
+  has_many :context_external_tools, :as => :context, :dependent => :destroy, :order => 'name'
   has_many :learning_outcomes, :as => :context
   has_many :learning_outcome_groups, :as => :context
   has_many :created_learning_outcomes, :class_name => 'LearningOutcome', :as => :context

app/models/content_tag.rb

@@ -83,7 +83,7 @@ def context_name
   end
 
   def enforce_unique_in_modules
-    if self.workflow_state != 'deleted' && self.content_id && self.content_id > 0 && self.tag_type == 'context_module'
+    if self.workflow_state != 'deleted' && self.content_id && self.content_id > 0 && self.tag_type == 'context_module' && self.content_type != 'ContextExternalTool'
       tags = ContentTag.find_all_by_content_id_and_content_type_and_tag_type_and_context_id_and_context_type(self.content_id, self.content_type, 'context_module', self.context_id, self.context_type)
       tags.select{|t| t != self }.each do |tag|
         tag.destroy

app/models/context_external_tool.rb

@@ -0,0 +1,171 @@
+class ContextExternalTool < ActiveRecord::Base
+  include Workflow
+  has_many :content_tags, :as => :content
+  belongs_to :context, :polymorphic => true
+  attr_accessible :privacy_level, :domain, :url, :shared_secret, :consumer_key, :name, :description, :custom_fields
+  validates_presence_of :name
+  validates_presence_of :consumer_key
+  validates_presence_of :shared_secret
+  
+  before_save :infer_defaults
+  adheres_to_policy
+  
+  workflow do
+    state :anonymous
+    state :name_only
+    state :public
+    state :deleted
+  end
+  
+  set_policy do 
+    given { |user, session| self.cached_context_grants_right?(user, session, :update) }
+    set { can :read and can :update and can :delete }
+  end
+  
+  def settings
+    read_attribute(:settings) || write_attribute(:settings, {})
+  end
+  
+  def readable_state
+    workflow_state.titleize
+  end
+  
+  def privacy_level=(val)
+    if ['anonymous', 'name_only', 'public'].include?(val)
+      self.workflow_state = val
+    end
+  end
+  
+  def custom_fields=(hash)
+    settings[:custom_fields] ||= {}
+    hash.each do |key, val|
+      settings[:custom_fields][key] = val if key.match(/\Acustom_/)
+    end
+  end
+  
+  def shared_secret=(val)
+    write_attribute(:shared_secret, val) unless val.blank?
+  end
+  
+  def infer_defaults
+    url = nil if url.blank?
+    domain = nil if domain.blank?
+  end
+  
+  def self.standardize_url(url)
+    return "" if url.empty?
+    url = "http://" + url unless url.match(/:\/\//)
+    res = URI.parse(url).normalize
+    res.query = res.query.split(/&/).sort.join('&') if !res.query.blank?
+    res.to_s
+  end
+  
+  alias_method :destroy!, :destroy
+  def destroy
+    self.workflow_state = 'deleted'
+    save!
+  end
+  
+  def include_email?
+    public?
+  end
+  
+  def include_name?
+    name_only? || public?
+  end
+  
+  def precedence
+    if domain
+      # Somebody tell me if we should be expecting more than
+      # 25 dots in a url host...
+      25 - domain.split(/\./).length
+    elsif url
+      25
+    else
+      26
+    end
+  end
+  
+  def matches_url?(url)
+    if !defined?(@standard_url)
+      @standard_url = !self.url.blank? && ContextExternalTool.standardize_url(self.url)
+    end
+    return true if url == @standard_url
+    host = URI.parse(url).host rescue nil
+    !!(host && ('.' + host).match(/\.#{domain}\z/))
+  end
+  
+  def self.all_tools_for(context)
+    contexts = []
+    tools = []
+    while context
+      if context.is_a?(Group)
+        contexts << context
+        context = context.context || context.account
+      elsif context.is_a?(Course)
+        contexts << context
+        context = context.account
+      elsif context.is_a?(Account)
+        contexts << context
+        context = context.parent_account
+      else
+        context = nil
+      end
+    end
+    return nil if contexts.empty?
+    contexts.each do |context|
+      tools += context.context_external_tools.active
+    end
+    tools.sort_by(&:name)
+  end
+  
+  # Order of precedence: Basic LTI defines precedence as first
+  # checking for a match on domain.  Subdomains count as a match 
+  # on less-specific domains, but the most-specific domain will 
+  # match first.  So awesome.bob.example.com matches an 
+  # external_tool with example.com as the domain, but only if 
+  # there isn't another external_tool where awesome.bob.example.com 
+  # or bob.example.com is set as the domain.  
+  # 
+  # If there is no domain match then check for an exact url match
+  # as configured by an admin.  If there is still no match
+  # then check for a match on the current context (configured by
+  # the teacher).
+  def self.find_external_tool(url, context)
+    url = ContextExternalTool.standardize_url(url)
+    account_contexts = []
+    other_contexts = []
+    while context
+      if context.is_a?(Group)
+        other_contexts << context
+        context = context.context || context.account
+      elsif context.is_a?(Course)
+        other_contexts << context
+        context = context.account
+      elsif context.is_a?(Account)
+        account_contexts << context
+        context = context.parent_account
+      else
+        context = nil
+      end
+    end
+    return nil if account_contexts.empty? && other_contexts.empty?
+    account_contexts.each do |context|
+      res = context.context_external_tools.active.sort_by(&:precedence).detect{|tool| tool.domain && tool.matches_url?(url) }
+      return res if res
+    end
+    account_contexts.each do |context|
+      res = context.context_external_tools.active.sort_by(&:precedence).detect{|tool| tool.matches_url?(url) }
+      return res if res
+    end
+    other_contexts.reverse.each do |context|
+      res = context.context_external_tools.active.sort_by(&:precedence).detect{|tool| tool.matches_url?(url) }
+      return res if res
+    end
+    nil
+  end
+  
+  named_scope :active, :conditions => ['context_external_tools.workflow_state != ?', 'deleted']
+  
+  def self.serialization_excludes; [:shared_secret,:settings]; end
+end

app/models/context_module.rb

@@ -257,6 +257,27 @@ def add_item(params, added_item=nil)
       added_item.workflow_state = 'active'
       added_item.save
       added_item
+    elsif params[:type] == 'context_external_tool'
+      title = params[:title]
+      added_item ||= self.content_tags.build(
+        :context_id => self.context_id, 
+        :context_type => self.context_type
+      )
+      tool = ContextExternalTool.find_external_tool(params[:url], self.context)
+      added_item.attributes = {
+        :content_id => tool ? tool.id : 0, 
+        :content_type => 'ContextExternalTool', 
+        :url => params[:url], 
+        :tag_type => 'context_module', 
+        :title => title, 
+        :indent => params[:indent], 
+        :position => position
+      }
+      added_item.context_module_id = self.id
+      added_item.indent = params[:indent] || 0
+      added_item.workflow_state = 'active'
+      added_item.save
+      added_item
     elsif params[:type] == 'context_module_sub_header'
       title = params[:title]
       added_item ||= self.content_tags.build(

app/models/course.rb

@@ -80,6 +80,7 @@ class Course < ActiveRecord::Base
   has_many :active_folders_with_sub_folders, :class_name => 'Folder', :as => :context, :include => [:active_sub_folders], :conditions => ['folders.workflow_state != ?', 'deleted'], :order => 'folders.name'
   has_many :active_folders_detailed, :class_name => 'Folder', :as => :context, :include => [:active_sub_folders, :active_file_attachments], :conditions => ['folders.workflow_state != ?', 'deleted'], :order => 'folders.name'
   has_many :messages, :as => :context, :dependent => :destroy
+  has_many :context_external_tools, :as => :context, :dependent => :destroy, :order => 'name'
   belongs_to :wiki
   has_many :default_wiki_wiki_pages, :class_name => 'WikiPage', :through => :wiki, :source => :wiki_pages, :conditions => ['wiki_pages.workflow_state != ?', 'deleted'], :order => 'wiki_pages.view_count DESC'
   has_many :wiki_namespaces, :as => :context, :dependent => :destroy

app/models/user.rb

@@ -893,6 +893,26 @@ def avatar_approved?
     [:approved, :locked, :re_reported].include?(avatar_state)
   end
 
+  def lti_role_types
+    memberships = current_enrollments.uniq + account_users.uniq
+    memberships.map{|membership|
+      case membership
+      when StudentEnrollment
+        'Student'
+      when TeacherEnrollment
+        'Instructor'
+      when TaEnrollment
+        'Instructor'
+      when ObserverEnrollment
+        'Observer'
+      when AccountUser
+        'AccountAdmin'
+      else
+        'Observer'
+      end
+    }.uniq
+  end
+  
   def avatar_url(size=nil, avatar_setting=nil, fallback=nil)
     size ||= 50
     avatar_setting ||= 'enabled'