feat: Report email with LIT authorization path#3011
Conversation
e615a29 to
0c33eef
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #3011 +/- ##
==========================================
+ Coverage 70.05% 70.06% +0.01%
==========================================
Files 215 215
Lines 6846 6849 +3
==========================================
+ Hits 4796 4799 +3
Misses 2050 2050 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
I'm not very familiar with CodeOcean, but the changes make sense to me. |
MrSerth
left a comment
There was a problem hiding this comment.
As far as I understood the changes, the config setting is global. However, the URL is consumer-specific, which this setting doesn't reflect yet. Therefore, I would either use the "crazy" approach with the LTI params or add a new attribute to each consumer.
|
@MrSerth I think since we practically only have open.hpi.de as a consumer currently, this temporary solution is good enough.
I want to release this once and then see what kind of management we need. For the platform moderation, we should be able to moderate all user data without the LTI limitations on the study group. |
|
There are other consumers configured on CodeOcean (e.g., including a staging consumer for openHPI), and this feature would be the first to break the multi-tenant approach. Of course, most traffic currently originates from openHPI production. Regarding the LTI parameter, there should be only a single instance matching all search criteria. This is ensured by a validation we have in place: codeocean/app/models/lti_parameter.rb Line 9 in 445113e |
3b2c628 to
5cfd765
Compare
To act on spam reports the teacher needs to sign in through the course to authenticate in the study group. The LTI return URL is used to link back to the course.
5cfd765 to
4134422
Compare
|
@MrSerth I changed to the |
|
Thanks. I can confirm that the changes work as intended. There is one implicit assumption made: The exercise URL is static and doesn't change on a per-user basis, since a random element is picked from the LTI parameters. For all use cases we currently have, this is valid, but it could potentially change in dynamic environments (or with the advanced content tree in openHPI and content A/B/n testing, where this assumption might not hold true). This would be circumvented by using the RfC author's LTI params (which, in an unlikely case, could be missing) or by adding a comment about this and changing it on demand in the future. |
|
Thank you for this information. I think this is a solution for right now. In the future, we might need to consider a cleaner approach. Can this be approved as is? |
|
I acknowledge that the solution might be sufficient for now. To clarify our thoughts and persist them, I suggested adding a short comment:
|
|
I added a comment about the varying URL format. |
|
Just to ensure there is no misunderstanding: An hour ago, you wrote that you've added a comment (past tense), but I cannot see any differences in this PR, any other push activity in this repo, or within Slack/email. Since your previous post did not contain any other link or information on where to look for such a change, I am currently waiting patiently for further instructions. Please let me know if I am making a mistake and overlooking something obvious. |
|
I am very sorry I overlooked that the push failed. |
MrSerth
left a comment
There was a problem hiding this comment.
Thanks for pushing your changes, I just have a minor remark originally started by the spelling mistake.
Co-authored-by: Sebastian Serth <MrSerth@users.noreply.github.com>
To act on spam reports the teacher needs to sign in through the
course to authenticate in the study group. The LTI return URL is used
to link back to the course.
Relates to #2715