Allow users to self-issue webservice access tokens
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
For the generation 2 Mahara mobile app ( https:/
Instead, we envision a process the same as the Moodle Mobile app. The user is presented with a username/password field, they enter their credentials there, and the app then does the dirty work of talking to the Mahara server, requesting the access token, and storing it.
In order to support SSO options, there also needs to be an alternative flow, where the app opens an embedded iframe that displays the Mahara login form, and returns the access token value back to the app when done.
Aaron Wells (u-aaronw) wrote : | #1 |
Aaron Wells (u-aaronw) wrote : | #2 |
So, the one undetermined issue with users self-issuing tokens, is access control. In Moodle there's a capability for this, and also any user who is a site admin is *not* allowed to self-issue tokens through the REST interface, for security purposes. (Admins can still self-generate tokens through the web UI)
We can easily add the restriction on admin users if we want, but the bigger question is, how do we decide which normal users can self-issue webservices tokens?
Currently, the closest thing we have is the "webservice" auth method. However, this isn't quite what we need. It is written to allow "robot" users, which authenticate to webservices via a username and password, but cannot log in to Mahara via the normal methods. We could use its presence or absence in an institution to determine whether the institution as a whole allows webservices, but I don't think that's a good idea because it would confuse admins as to the purpose of this auth plugin. The last thing we want is admins assigning users the "webservice" auth to try to let them use the app, and then discovering the users can no longer log in to Mahara.
We also have per-institution connection manager setup. However, this also isn't appropriate, because the connection manager is only for configuring *outgoing* connections, i.e. Mahara using webservices to retrieve data from another service provider. In the token-issuing scenario, Mahara is instead accepting *incoming* connections.
So probably what would make the most sense, would be to turn this into another per-institution setting with a sitewide default. Ideally it'd be as granular as the connection manager; so individual institutions could enable/disable individual user-token-issuing for each service group. However, it could start with a simple institution-level "on-off": "Allow individual users to access webservices (for mobile applications)"
That said... since we're so late in the 16.10 release process we should probably go the simplest route. And the drop-dead simplest thing would be to piggyback this on the existing "Allow mobile uploads" sitewide admin setting. So for that route, we would hard-code the token-issuing scripts to *only* allow access to the Mahara mobile app service group, and access would be contingent on the "Allow mobile uploads" setting. (Or perhaps add a DB flag to service groups in the database to indicate that they are "mobile uploads"). So, I'll probably go that route.
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #3 |
Patch for "master" branch: https:/
Robert Lyon (robertl-9) wrote : | #4 |
- partially hidden delete button Edit (38.3 KiB, image/png)
During testing I noted a delete button being hidden by right sidebar - see attached
Aaron Wells (u-aaronw) wrote : | #5 |
As Robert pointed out, the webservice/
We should really redesign it to be less tabular and more flexible. For now, I've just disabled the display of the sidebars on that page.
Changed in mahara: | |
status: | New → In Progress |
importance: | Undecided → Medium |
milestone: | none → 16.10.0 |
importance: | Medium → Wishlist |
Mahara Bot (dev-mahara) wrote : | #6 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : | #7 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : | #8 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : | #17 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : | #18 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : | #9 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : | #10 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : | #11 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : | #12 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : | #13 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : | #14 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : | #15 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : | #16 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : | #19 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #20 |
Reviewed: https:/
Committed: https:/
Submitter: Aaron Wells (<email address hidden>)
Branch: master
commit d382d069581fd43
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 13:53:01 2016 +1300
Bug 1620879: Improve JSON error messages when JSON flag is on
JSON-encodes more information about the error or exception,
and adds an optional error number.
behatnotneeded: Can't test in Behat
Change-Id: I258e7a275d78c9
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #21 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #22 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit 8f55eefd9875bab
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 13:53:01 2016 +1300
Bug 1620879: Improve JSON error messages when JSON flag is on
JSON-encodes more information about the error or exception,
and adds an optional error number.
behatnotneeded: Can't test in Behat
Change-Id: I258e7a275d78c9
(cherry picked from commit d382d069581fd43
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #23 |
Patch for "master" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #24 |
Reviewed: https:/
Committed: https:/
Submitter: Aaron Wells (<email address hidden>)
Branch: master
commit d159aaf425c9453
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:16:41 2016 +1300
Bug 1620879: Changes to service groups to facilitate automation
- Adding "shortname" field to service groups
- Marking plugin-created service groups, as the ones that have
a "component" field. Make the function list for plugin-created
service groups not editable by users.
- Since users may have already edited the old "sample" service
groups, removing the "component" value from those.
- And, to avoid trouble going forward, preventing the install
of the sample service groups on new installations
behatnotneeded: Tests to be written later
Change-Id: I23c781d6f2bbf6
Mahara Bot (dev-mahara) wrote : | #25 |
Reviewed: https:/
Committed: https:/
Submitter: Aaron Wells (<email address hidden>)
Branch: master
commit 0633673a9772f3c
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:25:09 2016 +1300
Bug 1620879: Add "apiversion" field to external_services
To help clients determine which version of a webservice
they might be connecting to.
behatnotneeded: Tests to come later
Change-Id: I90abd0d9470cba
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #26 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : | #27 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #28 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit 75fb7791ff09a23
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:25:09 2016 +1300
Bug 1620879: Add "apiversion" field to external_services
To help clients determine which version of a webservice
they might be connecting to.
behatnotneeded: Tests to come later
Change-Id: I90abd0d9470cba
Mahara Bot (dev-mahara) wrote : | #29 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit ecc2b8daa129c94
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:16:41 2016 +1300
Bug 1620879: Changes to service groups to facilitate automation
- Adding "shortname" field to service groups
- Marking plugin-created service groups, as the ones that have
a "component" field. Make the function list for plugin-created
service groups not editable by users.
- Since users may have already edited the old "sample" service
groups, removing the "component" value from those.
- And, to avoid trouble going forward, preventing the install
of the sample service groups on new installations
behatnotneeded: Tests to be written later
Change-Id: I23c781d6f2bbf6
(cherry picked from commit d159aaf425c9453
Mahara Bot (dev-mahara) wrote : | #30 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit 6d8b81f4649ed6a
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 13:57:58 2016 +1300
Bug 1620879: Improve formatting of WS function descriptions
behatnotneeded
Change-Id: Idea08ba7827d93
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #31 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #32 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit 29076d44aadcbfd
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 13:57:58 2016 +1300
Bug 1620879: Improve formatting of WS function descriptions
behatnotneeded
Change-Id: Idea08ba7827d93
(cherry picked from commit 6d8b81f4649ed6a
Mahara Bot (dev-mahara) wrote : | #33 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit 98ca273e25d578d
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:34:31 2016 +1300
Bug 1620879: Remove extraneous "/webservice" from end of plugin components
Currently, a plugin has to list its component as e.g.
"module/
Since we're using the component string as part of the automated token
request system, it's better to change this now to something more sensible.
behatnotneeded: Tests to come later
Change-Id: Ia7663065b79598
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #34 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #35 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit ec8471aeead8371
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:34:31 2016 +1300
Bug 1620879: Remove extraneous "/webservice" from end of plugin components
Currently, a plugin has to list its component as e.g.
"module/
Since we're using the component string as part of the automated token
request system, it's better to change this now to something more sensible.
behatnotneeded: Tests to come later
Change-Id: Ia7663065b79598
(cherry picked from commit 98ca273e25d578d
Mahara Bot (dev-mahara) wrote : | #36 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit ef871685926ce87
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:38:23 2016 +1300
Bug 1620879: Combine duplicate "get_allowed_
Two of the server classes had their own implementations of this,
with slightly different logic. Moving it up into the parent class
in order to make sure everything works the same, all the time.
behatnotneeded: Can't test in Behat
Change-Id: I91c205822a1821
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #37 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #38 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit 75fb4eb6d533184
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:38:23 2016 +1300
Bug 1620879: Combine duplicate "get_allowed_
Two of the server classes had their own implementations of this,
with slightly different logic. Moving it up into the parent class
in order to make sure everything works the same, all the time.
behatnotneeded: Can't test in Behat
Change-Id: I91c205822a1821
(cherry picked from commit ef871685926ce87
Mahara Bot (dev-mahara) wrote : | #39 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit 872da91396efe09
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:42:45 2016 +1300
Bug 1620879: Allow a user to have multiple tokens for the same service
behatnotneeded: Test to come later
Change-Id: I77131ad76a5a9f
Mahara Bot (dev-mahara) wrote : | #40 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit 219e7553f5321ec
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:45:15 2016 +1300
Bug 1620879: Add fields to external_tokens to record client app
These fields can be used to indicate which client app
registered and/or is using the token
behatnotneeded: Can't be tested in Behat
Change-Id: I939c844cc5474f
Mahara Bot (dev-mahara) wrote : | #41 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit 72498ad745a4a5c
Author: Aaron Wells <email address hidden>
Date: Mon Oct 3 13:20:07 2016 +1300
Bug 1620879: Improved webservice param validation
- Respect the "optional" and "default" flags for
object and array params (not just scalar params)
- Allow REST server to handle file upload params ($_FILES)
behatnotneeded: Tests to come later
Change-Id: I3a6a6ccf7c9de1
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #42 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #43 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit 1f808bee841e8ee
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:42:45 2016 +1300
Bug 1620879: Allow a user to have multiple tokens for the same service
behatnotneeded: Test to come later
Change-Id: I77131ad76a5a9f
(cherry picked from commit 872da91396efe09
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #44 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #45 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit 949d2d606423373
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:45:15 2016 +1300
Bug 1620879: Add fields to external_tokens to record client app
These fields can be used to indicate which client app
registered and/or is using the token
behatnotneeded: Can't be tested in Behat
Change-Id: I939c844cc5474f
(cherry picked from commit 219e7553f5321ec
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #46 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #47 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit a03d2573ac9299e
Author: Aaron Wells <email address hidden>
Date: Mon Oct 3 13:20:07 2016 +1300
Bug 1620879: Improved webservice param validation
- Respect the "optional" and "default" flags for
object and array params (not just scalar params)
- Allow REST server to handle file upload params ($_FILES)
behatnotneeded: Tests to come later
Change-Id: I3a6a6ccf7c9de1
(cherry picked from commit 72498ad745a4a5c
Mahara Bot (dev-mahara) wrote : | #48 |
Reviewed: https:/
Committed: https:/
Submitter: Aaron Wells (<email address hidden>)
Branch: master
commit 9345d3e547948fe
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:59:04 2016 +1300
Bug 1620879: Add page for non-admin users to manager app tokens
behatnotneeded: Test to come later
Change-Id: I2663d376f6bc50
Mahara Bot (dev-mahara) wrote : | #49 |
Reviewed: https:/
Committed: https:/
Submitter: Aaron Wells (<email address hidden>)
Branch: master
commit 15334434f9a86df
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:55:01 2016 +1300
Bug 1620879: Adding mobileapi module
This module will hold most of the code specifically needed
by the Mahara Mobile app (as opposed to normal webservices
functionality, which is mostly meant to be server-to-server)
behatnotneeded: Test to come later
Change-Id: I8dca163ba9dd4c
Mahara Bot (dev-mahara) wrote : | #50 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit 2d93d2ee90c0bde
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:23:08 2016 +1300
Bug 1620879: Adding user self-service token gen scripts
behatnotneeded: Test to come later
Change-Id: I0c1b2b7ee9cc92
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #51 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #52 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit 9206fd44a2f0a2c
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:55:01 2016 +1300
Bug 1620879: Adding mobileapi module
This module will hold most of the code specifically needed
by the Mahara Mobile app (as opposed to normal webservices
functionality, which is mostly meant to be server-to-server)
behatnotneeded: Test to come later
Change-Id: I8dca163ba9dd4c
(cherry picked from commit 15334434f9a86df
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #53 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #54 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit bf45ba8edcf8af1
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:59:04 2016 +1300
Bug 1620879: Add page for non-admin users to manager app tokens
behatnotneeded: Test to come later
Change-Id: I2663d376f6bc50
(cherry picked from commit 9345d3e547948fe
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #55 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #56 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit 2ae5a4e430f5530
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:23:08 2016 +1300
Bug 1620879: Adding user self-service token gen scripts
behatnotneeded: Test to come later
Change-Id: I0c1b2b7ee9cc92
(cherry picked from commit 2d93d2ee90c0bde
Mahara Bot (dev-mahara) wrote : | #57 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit 08f5a3aff09e789
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:27:05 2016 +1300
Bug 1620879: Adding pre-auth JSON script to aid apps in using automatic registration
behatnotneeded: Test to come later
Change-Id: Ie57d662b8edf69
Mahara Bot (dev-mahara) wrote : | #58 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit 29324842c361302
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:30:49 2016 +1300
Bug 1620879: Adding script to help webservices download user icons
behatnotneeded: Covered by existing tests
Change-Id: Iec9939b02b7b38
Mahara Bot (dev-mahara) wrote : | #59 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit 2c8761b27eda168
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:02:50 2016 +1300
Bug 1620879: Make SAML auth return to initial URL after login
This is needed specifically for the
module/
Also adding an anchor "#sso" at the extra login elements,
to allow the app to scroll that part into view.
behatnotneeded: Can't test in Behat (yet)
Change-Id: I4363976522b833
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #60 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #61 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit 89147cceafcece4
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 14:02:50 2016 +1300
Bug 1620879: Make SAML auth return to initial URL after login
This is needed specifically for the
module/
Also adding an anchor "#sso" at the extra login elements,
to allow the app to scroll that part into view.
behatnotneeded: Can't test in Behat (yet)
Change-Id: I4363976522b833
(cherry picked from commit 2c8761b27eda168
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #62 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #63 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit 2533cf069c8fcbd
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:27:05 2016 +1300
Bug 1620879: Adding pre-auth JSON script to aid apps in using automatic registration
behatnotneeded: Test to come later
Change-Id: Ie57d662b8edf69
(cherry picked from commit 08f5a3aff09e789
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #64 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #65 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit e68c11248f0f2dd
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:30:49 2016 +1300
Bug 1620879: Adding script to help webservices download user icons
behatnotneeded: Covered by existing tests
Change-Id: Iec9939b02b7b38
(cherry picked from commit 29324842c361302
tags: | added: nominatedfeature |
Mahara Bot (dev-mahara) wrote : | #66 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit a617b3c21864aed
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:32:04 2016 +1300
Bug 1620879: Adding webservices to replicate api/mobile functionality.
behatnotneeded: can't test in behat
Change-Id: I9b8cfada9122ca
Mahara Bot (dev-mahara) wrote : | #67 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: master
commit 7cf66563a3ee1bc
Author: Aaron Wells <email address hidden>
Date: Wed Oct 5 17:07:20 2016 +1300
Bug 1620879: Language string changes
plus fix for non custom service groups edit button to have right side
border
behatnotneeded
Change-Id: Ib760673905f022
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #68 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #69 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit 032b6ba69ec7fc0
Author: Aaron Wells <email address hidden>
Date: Mon Sep 26 15:32:04 2016 +1300
Bug 1620879: Adding webservices to replicate api/mobile functionality.
behatnotneeded: can't test in behat
Change-Id: I9b8cfada9122ca
(cherry picked from commit a617b3c21864aed
Mahara Bot (dev-mahara) wrote : A patch has been submitted for review | #70 |
Patch for "16.10_STABLE" branch: https:/
Mahara Bot (dev-mahara) wrote : A change has been merged | #71 |
Reviewed: https:/
Committed: https:/
Submitter: Robert Lyon (<email address hidden>)
Branch: 16.10_STABLE
commit c9f30142a990805
Author: Aaron Wells <email address hidden>
Date: Wed Oct 5 17:07:20 2016 +1300
Bug 1620879: Language string changes
plus fix for non custom service groups edit button to have right side
border
behatnotneeded
Change-Id: Ib760673905f022
(cherry picked from commit 7cf66563a3ee1bc
Changed in mahara: | |
status: | In Progress → Fix Committed |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
See https:/ /github. com/agwells/ mahara/ tree/mobile for my work in progress on this.
The following API changes need to be included (hopefully these can squeak into 16.10.0). Most of these are cribbed from how the functionality works in Moodle (because our Webservices module is port of the Moodle webservices module):
1. Addition of the two token-generation scripts, one REST-based for the in-app-form scenario; the other a standard webpage for the embedded-iframe SSO scenario.
2. Add a "shortname" to WS service groups, that the token generation scripts can use to unambiguously refer to which service group they want a token for.
3. Use the presence or absence of a "component" value for WS service groups, to indicate whether the service group was created by a plugin, or manually created by a human. The "component" should indicate which plugin created them.
3a. Block the UI from adding/removing functions from plugin-created service groups.
3b. Update all the "example" service groups that currently ship with Mahara, so that they no longer have a "component" value
4. Implement any necessary functions and/or service groups for the mobile app. (The clean way of doing this would be to make the app do everything through the new webservices system, and get rid of the old /api/mobile directory. The quick-and-dirty way of doing this would be to create a function in the new webservice, for generating the tokens used by /api/mobile. [So yes, that would mean the app gets a token for the *new* webservices, then uses that to get a token for the *old* webservices.])
5. Determine the access control; which users are allowed to self-generate webservice tokens? Moodle does this via its capabilities system, which there is no direct equivalent of in Moodle. The current webservices permissions don't exactly work for this. See follow-up note for more details.
6. Give users the ability to inspect and cancel their self-issued webservices tokens. (This mainly means, changing the permissions and navigation menus for webservice/ apptokens. php, which is currently an admin-only script that handles this behavior.)