You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Allowing students, and other PL users with API tokens to access resources that they have view-access to will prove useful in any third-party integrations and students tinkering with fetching their own workload.
Currently, the only way to access upcoming coursework and other information is to scrape HTML pages, which is not only complicated (Automating SAML2 login workflow), but also doesn't provide all the information that could be returned from querying the database.
Proposal
I believe that a few small changes will allow the PrairieLearn API to correctly handle API tokens on student accounts accessing resources that they have permission to.
SQL queries from the pages/studentXXXX can be easily copied to files in the api/v1/endpoints folder, and since the API token middleware already initializes authz_data in the same way as a web-interface user's requests would, little to no changes should be required in the code.
Personally, I would appreciate if this issue was addressed, since it seems like something that should only take a few minutes to setup and test by someone who is knowledgable about the codebase. If I had more time and the ability to setup a local test environment without too much hassle, I would try to address this and submit a PR, but I simply can't allocate hours to getting setup with developing in this environment.
Thanks.
The text was updated successfully, but these errors were encountered:
Thanks for submitting this request! We'd be happy to take a PR adding this functionality, but it's unlikely to be prioritized for now by the core devs. I suspect it'd take more than a few minutes to implement this though: there are likely some intricacies with authorization that'll need to be handled and thoroughly tested.
Motivation
Allowing students, and other PL users with API tokens to access resources that they have view-access to will prove useful in any third-party integrations and students tinkering with fetching their own workload.
Currently, the only way to access upcoming coursework and other information is to scrape HTML pages, which is not only complicated (Automating SAML2 login workflow), but also doesn't provide all the information that could be returned from querying the database.
Proposal
I believe that a few small changes will allow the PrairieLearn API to correctly handle API tokens on student accounts accessing resources that they have permission to.
SQL queries from the
pages/studentXXXX
can be easily copied to files in theapi/v1/endpoints
folder, and since the API token middleware already initializesauthz_data
in the same way as a web-interface user's requests would, little to no changes should be required in the code.Personally, I would appreciate if this issue was addressed, since it seems like something that should only take a few minutes to setup and test by someone who is knowledgable about the codebase. If I had more time and the ability to setup a local test environment without too much hassle, I would try to address this and submit a PR, but I simply can't allocate hours to getting setup with developing in this environment.
Thanks.
The text was updated successfully, but these errors were encountered: