Plugin: LTI: Fix lineitem.readonly scope in AGS

chamilo · Aug 8, 2022 · 7a6266b · 7a6266b
1 parent e695cb1
commit 7a6266b
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 5 deletions.
diff --git a/plugin/ims_lti/auth.php b/plugin/ims_lti/auth.php
@@ -207,15 +207,21 @@
             if (LtiAssignmentGradesService::AGS_NONE !== $advServices['ags']) {
                 $agsClaim = [
                     'scope' => [
-                        LtiAssignmentGradesService::SCOPE_LINE_ITEM,
                         LtiAssignmentGradesService::SCOPE_LINE_ITEM_READ,
+                        LtiAssignmentGradesService::SCOPE_RESULT_READ,
+                        LtiAssignmentGradesService::SCOPE_SCORE_WRITE,
                     ],
-                    'lineitems' => LtiAssignmentGradesService::getLineItemsUrl(
-                        $course->getId(),
-                        $tool->getId()
-                    ),
                 ];
 
+                if (LtiAssignmentGradesService::AGS_FULL === $advServices['ags']) {
+                    $agsClaim['scope'][] = LtiAssignmentGradesService::SCOPE_LINE_ITEM;
+                }
+
+                $agsClaim['lineitems'] = LtiAssignmentGradesService::getLineItemsUrl(
+                    $course->getId(),
+                    $tool->getId()
+                );
+
                 if ($tool->getLineItems()->count() === 1) {
                     $agsClaim['lineitem'] = LtiAssignmentGradesService::getLineItemUrl(
                         $course->getId(),

diff --git a/plugin/ims_lti/src/Service/Resource/LtiLineItemResource.php b/plugin/ims_lti/src/Service/Resource/LtiLineItemResource.php
@@ -56,12 +56,20 @@ public function process()
                 $this->processGet();
                 break;
             case Request::METHOD_PUT:
+                if (LtiAssignmentGradesService::AGS_FULL !== $this->tool->getAdvantageServices()['ags']) {
+                    throw new MethodNotAllowedHttpException([Request::METHOD_GET]);
+                }
+
                 $this->validateToken(
                     [LtiAssignmentGradesService::SCOPE_LINE_ITEM]
                 );
                 $this->processPut();
                 break;
             case Request::METHOD_DELETE:
+                if (LtiAssignmentGradesService::AGS_FULL !== $this->tool->getAdvantageServices()['ags']) {
+                    throw new MethodNotAllowedHttpException([Request::METHOD_GET]);
+                }
+
                 $this->validateToken(
                     [LtiAssignmentGradesService::SCOPE_LINE_ITEM]
                 );

diff --git a/plugin/ims_lti/src/Service/Resource/LtiLineItemsResource.php b/plugin/ims_lti/src/Service/Resource/LtiLineItemsResource.php
@@ -67,6 +67,10 @@ public function process()
     {
         switch ($this->request->getMethod()) {
             case Request::METHOD_POST:
+                if (LtiAssignmentGradesService::AGS_FULL !== $this->tool->getAdvantageServices()['ags']) {
+                    throw new MethodNotAllowedHttpException([Request::METHOD_GET]);
+                }
+
                 $this->validateToken(
                     [
                         LtiAssignmentGradesService::SCOPE_LINE_ITEM,