Roles mangled by Membership service due to hardcoded LTI version #52
Comments
|
Thanks for reporting this, I will take a closer look. On first glance the first call to parseRoles in Service/Membership looks correct as it relates to a JSON-LD response, but the second may be wrong. |
spvickers
added a commit
that referenced
this issue
Apr 3, 2023
|
Thanks again for reporting this,. You are quite correct, the LTI version passed to the parseRoles method should be the version to be used for the roles being returned. I have committed the change to fix this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In two places in Service/Membership/getMembers(),
Tool::parseRoles()is called, with a hardcoded LTI version ofUtil::LTI_VERSION2. This leads to a bug in LTI 1.3 tools, which can receive membership roles for a user such as this pair (for a user who is both a teacher and a TA in the same course):parseRoles() using LTI_VERSION2 incorrectly collapses these down into one role:
...which isn't even one of the roles that the LTI 1.3 spec allows, as far as I can tell.
Changing the hardcoded version in these calls to LTI_VERSION1P3 causes this pair of roles to be preserved correctly.
(Offhand, it looks like the Membership class has access to the platform's LTI version (through
$this->source->getPlatform()->ltiVersion)...maybe it could use that instead of hardcoding LTI_VERSION2?)The text was updated successfully, but these errors were encountered: