Merge branch 'dev' into quiz-question-files

Author: dmols

Makefile

@@ -8,6 +8,11 @@ endif
 start:
 	docker compose -f docker-compose.nginx.yml up
 
+
+create-migrations:
+	make clean-cache
+	docker compose -f docker-compose.nginx.yml run php php bin/console doctrine:migrations:diff
+
 # set up the database
 migrate:
 	docker compose -f docker-compose.nginx.yml run php php bin/console doctrine:migrations:migrate
@@ -16,6 +21,10 @@ migrate:
 down:
 	docker compose -f docker-compose.nginx.yml down
 
+# rebuild the containers from the ground up
+build:
+	docker compose -f docker-compose.nginx.yml up --build
+
 # clear the Symfony cache
 clean-cache:
 	docker compose -f docker-compose.nginx.yml run php bin/console cache:clear

assets/js/Components/ReviewFilesPage.js

@@ -617,7 +617,7 @@ export default function ReviewFilesPage({
         contentUrl: contentUrl,
         contentId: contentId,
         contentType: contentType,
-        sectionIds: sectionIds?.length > 0 ? sectionIds : []
+        sectionIds: sectionIds?.length > 0 ? sectionIds : [],
       }
 
       return contentItemOption
@@ -660,11 +660,11 @@ const getSectionPostOptions = (newFile, sectionReferences) => {
     return postSectionOptions
   }
 
-  const updateAndScanContent = async (postContentItemOptions, postSectionItemOption) => {
+  const updateAndScanContent = async (postContentItemOptions, postSectionItemOption, fileId) => {
     const responseStatus = []
     try{
       let api = new Api(settings)
-      const responseStr = await api.updateContent(postContentItemOptions, postSectionItemOption)
+      const responseStr = await api.updateContent(postContentItemOptions, postSectionItemOption, fileId)
       const response = await responseStr.json()
       if (response.errors && response.errors.length > 0) {
       response.errors.forEach((error) => {
@@ -748,7 +748,7 @@ const getSectionPostOptions = (newFile, sectionReferences) => {
       const postSectionOptions = getSectionPostOptions(updatedFileData, sectionReferences)
 
       if((postContentItemOptions && postContentItemOptions.length > 0) ||  (postSectionOptions && postSectionOptions.length > 0)){
-        const responseStatus = await updateAndScanContent(postContentItemOptions, postSectionOptions)
+        const responseStatus = await updateAndScanContent(postContentItemOptions, postSectionOptions, updatedFileData.id)
         if(responseStatus && responseStatus[0]?.type == "error"){
           responseStatus.forEach((err) => addMessage({message: err.message, severity: 'error', visible:true}))
           updateActiveSessionFile(tempFile.id, settings.ISSUE_STATE.ERROR)
@@ -835,7 +835,7 @@ const getSectionPostOptions = (newFile, sectionReferences) => {
     const postSectionOptions = getSectionPostOptions(activeFile, sectionReferences)
 
     if((postContentItemOptions && postContentItemOptions.length > 0) ||  (postSectionOptions && postSectionOptions.length > 0)){
-        const responseStatus = await updateAndScanContent(postContentItemOptions, postSectionOptions)
+        const responseStatus = await updateAndScanContent(postContentItemOptions, postSectionOptions, activeFile.id)
         if(responseStatus && responseStatus[0]?.type == "error"){
           responseStatus.forEach((err) => addMessage({message: err.message, severity: 'error', visible:true}))
           updateActiveSessionFile(tempFile.id, settings.ISSUE_STATE.ERROR)

assets/js/Components/Widgets/MessageTray.js

@@ -16,7 +16,8 @@ export default function MessageTray ({
   const containerRef = useRef(null)
 
   const createMessage = (newMessage) => {
-    if(!newMessage.message) {
+
+    if(!newMessage?.message) {
       return
     }
     const id = Date.now() + Math.random().toString().slice(2)

assets/js/Services/Api.js

@@ -12,14 +12,13 @@ export default class Api {
             reviewFile: '/api/files/{file}/review',
             postFile: '/api/files/{file}/post',
             deleteFile: '/api/files/{file}/delete',
-            updateContent: '/api/content',
+            updateContent: '/api/{file}/content',
             reportPdf: '/download/courses/{course}/reports/pdf',
             adminCourses: '/api/admin/courses/account/{account}/term/{term}',
             scanContent: '/api/sync/content/{contentItem}?report={getReport}',
             scanCourse: '/api/sync/{course}',
             scanLmsCourse: '/api/admin/sync/lms/{lmsCourseId}',
             fullRescan: '/api/sync/rescan/{course}',
-            scanIssue: '/api/issues/{issue}/scan',
             adminReport: '/api/admin/courses/{course}/reports/latest',
             adminCourseReport: '/api/admin/courses/{course}/reports/full',
             adminReportHistory: '/api/admin/reports/account/{account}/term/{term}', 
@@ -184,9 +183,10 @@ export default class Api {
 
     }
 
-    updateContent(contentOptions, sectionOptions){
+    updateContent(contentOptions, sectionOptions, fileId){
         const authToken = this.getAuthToken()
         let url = `${this.apiUrl}${this.endpoints.updateContent}`
+        url = url.replace('{file}', fileId)
 
         return fetch(url, {
             method: 'POST',
@@ -351,21 +351,6 @@ export default class Api {
         })
     }
 
-    scanIssue(issueId)
-    {
-        const authToken = this.getAuthToken()
-        let url = `${this.apiUrl}${this.endpoints.scanIssue}`
-        url = url.replace('{issue}', issueId)
-
-        return fetch(url, {
-            method: 'GET',
-            headers: {
-                'Content-Type': 'application/json',
-                'X-AUTH-TOKEN': authToken,
-            },
-        })
-    }
-
     getIssueContent(issueId) {
       const authToken = this.getAuthToken()
       let url = `${this.apiUrl}${this.endpoints.getIssueContent}`

src/Controller/AdminController.php

@@ -54,7 +54,8 @@ public function index(
         if (!$user) {
             $this->util->exitWithMessage('User authentication failed.');
         }
-        if (!$lmsUser->validateApiKey($user)) {
+        $apiStatus = $lmsUser->validateApiKey($user);
+        if (!$apiStatus['success']) {
             $this->session->set('destination', 'admin');
             return $this->redirectToRoute('authorize', ['auth_token' => $this->session->getUuid()]);
         }

src/Controller/ApiController.php

@@ -3,16 +3,47 @@
 namespace App\Controller;
 
 use App\Entity\Course;
+use App\Services\SessionService;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\Console\Output\ConsoleOutput;
 
 abstract class ApiController extends AbstractController
 {
-    public function userHasCourseAccess(Course $course) : bool {
-        // Check if course belongs to user's institution
+    protected function userHasCourseAccess(Course $course, SessionService $sessionService) : bool {
+        $output = new ConsoleOutput();
+
+        // Check if user actually exists
         /** @var \App\Entity\User */
         $user = $this->getUser();
+        if (!$user) {
+            return false;
+        }
+
+        // Check if we can get a session
+        $userSession = $sessionService->getSession();
+        if (!$userSession) {
+            return false;
+        }
+
+        // Check if course belongs to user's institution
         $userInstitutionId = $user?->getInstitution()?->getId();
         $resourceInstitutionId = $course->getInstitution()->getId();
-        return $resourceInstitutionId === $userInstitutionId;
+
+        if ($resourceInstitutionId !== $userInstitutionId) {
+            return false;
+        }
+
+        $userCourseId = $userSession->get('lms_course_id');
+
+        // No course ID found in the session
+        if (!$userCourseId) {
+            return false;
+        }
+
+        if ($course->getLmsCourseId() !== $userCourseId) {
+            return false;
+        }
+
+        return true;
     }
 }

src/Controller/DashboardController.php

@@ -48,7 +48,8 @@ public function index(
         if (!$user) {
             $this->util->exitWithMessage('User authentication failed.');
         }
-        if (!$this->isUiDevelopment() && !$lmsUser->validateApiKey($user)) {
+        $apiStatus = $lmsUser->validateApiKey($user);
+        if (!$apiStatus['success']) {
             if ($this->session->get('oauthAttempted', false)) {
                 $this->util->exitWithMessage('API authentication failed. Contact your administrator.');
             }
@@ -57,9 +58,6 @@ public function index(
         }
 
         $lmsCourseId = $this->session->get('lms_course_id');
-        if($this->isUiDevelopment() && !isset($lmsCourseId)) {
-          $lmsCourseId = 616;
-        }
         if (!$lmsCourseId) {
             $this->util->exitWithMessage('Missing LMS course ID.');
         }
@@ -145,10 +143,4 @@ protected function createCourse(Institution $institution, $lmsCourseId)
 
         return $course;
     }
-
-    private function isUiDevelopment()
-    {
-      return $this->getParameter('app.use_development_auth') == 'YES';
-    }
-
 }

src/Controller/FileItemsController.php

@@ -7,6 +7,7 @@
 use App\Response\ApiResponse;
 use App\Services\LmsPostService;
 use App\Services\LmsFetchService;
+use App\Services\SessionService;
 use App\Services\UtilityService;
 use Doctrine\Persistence\ManagerRegistry;
 use Symfony\Component\HttpFoundation\JsonResponse;
@@ -24,7 +25,7 @@ public function __construct(ManagerRegistry $doctrine)
     }
 
     #[Route('/api/files/{file}/review', name: 'review_file')]
-    public function reviewFile(FileItem $file, Request $request, UtilityService $util)
+    public function reviewFile(SessionService $sessionService, Request $request, UtilityService $util, FileItem $file)
     {
         $apiResponse = new ApiResponse();
         $user = $this->getUser();
@@ -33,14 +34,13 @@ public function reviewFile(FileItem $file, Request $request, UtilityService $uti
         try {
             // Check if user has access to course
             $course = $file->getCourse();
-            if (!$this->userHasCourseAccess($course)) {
+            if (!$this->userHasCourseAccess($course, $sessionService)) {
                 throw new \Exception("You do not have permission to access this issue.");
             }
 
             $updates = \json_decode($request->getContent(), true);
             $file->setReviewed($updates['reviewed']);
             if ($updates['replacement']){
-                $output->writeln("Triggers");
                 $file->removeReplacementFile();
             }
             $file->setReviewedBy($user);
@@ -71,17 +71,16 @@ public function reviewFile(FileItem $file, Request $request, UtilityService $uti
     }
 
     #[Route('/api/files/{file}/post', methods: ['POST'], name: 'file_post')]
-    public function postFile(FileItem $file, Request $request, UtilityService $util, LmsPostService $lmsPost, LmsFetchService $lmsFetch)
+    public function postFile(SessionService $sessionService, Request $request, UtilityService $util, LmsPostService $lmsPost, LmsFetchService $lmsFetch, FileItem $file)
     {
         $output = new ConsoleOutput();
         $apiResponse = new ApiResponse();
         $user = $this->getUser();
-        $output->writeln("Getting here on the backend");
 
         try {
             // Check if user has access to course
             $course = $file->getCourse();
-            if (!$this->userHasCourseAccess($course)) {
+            if (!$this->userHasCourseAccess($course, $sessionService)) {
                 throw new \Exception("You do not have permission to access this issue.");
             }
 
@@ -134,8 +133,8 @@ public function postFile(FileItem $file, Request $request, UtilityService $util,
     }
 
     // This route is created here as files are the primary items using this route
-    #[Route('/api/content', methods: ['POST'], name: 'upload_content')]
-    public function uploadContent(Request $request, UtilityService $util, LmsPostService $lmsPost, LmsFetchService $lmsFetch){
+    #[Route('/api/{file}/content', methods: ['POST'], name: 'upload_content')]
+    public function uploadContent(SessionService $sessionService, Request $request, UtilityService $util, LmsPostService $lmsPost, LmsFetchService $lmsFetch, FileItem $file){
         $output = new ConsoleOutput();
         $apiResponse = new ApiResponse();
         $user = $this->getUser();
@@ -145,6 +144,15 @@ public function uploadContent(Request $request, UtilityService $util, LmsPostSer
             $contentOptions = $content['content'];
             $sectionOptions = $content['section'];
 
+            if(empty($contentOptions) && empty($sectionOptions)){
+                throw new \Exception("Tried to update content without any content avaliable");
+            }
+
+            $course = $file->getCourse();
+            if (!$this->userHasCourseAccess($course, $sessionService)) {
+                throw new \Exception("You do not have permission to access this issue.");
+            }
+            
             $lmsContent = $lmsPost->uploadContentToLms($contentOptions, $sectionOptions, $user);
             if(!$lmsContent){
                 throw new \Exception("Failed to change references in canvas");
@@ -165,12 +173,17 @@ public function uploadContent(Request $request, UtilityService $util, LmsPostSer
     }
 
     #[Route('/api/files/{file}/delete', methods: ['DELETE'], name: 'delete_file')]
-    public function deleteFile(FileItem $file, UtilityService $util, LmsPostService $lmsPost, LmsFetchService $lmsFetch){
+    public function deleteFile(SessionService $sessionService, FileItem $file, UtilityService $util, LmsPostService $lmsPost, LmsFetchService $lmsFetch){
         $output = new ConsoleOutput();
         $apiResponse = new ApiResponse();
         $user = $this->getUser();
 
         try{
+            $course = $file->getCourse();
+            if (!$this->userHasCourseAccess($course, $sessionService)) {
+                throw new \Exception("You do not have permission to access this issue.");
+            }
+
             $fileDeletionResponse = $lmsPost->deleteFileFromLms($file, $user);
             if(!$fileDeletionResponse || isset($fileDeletionResponse->error)){
                 throw new \Exception("Failed to delete file!");