@@ -169,19 +169,43 @@ $LTIMassUpdateInterval = 86400; #in seconds
169169# the tab will not be shown. Note that the default values for the variables that will be shown
170170# in the LTI tab are the values that are set above. Further note that only the commented out
171171# variables listed below may be added to the LTI config tab. In addition, only the variables that
172- # pertain to the active LTI version will be shown in the tab.
172+ # pertain to the active LTI version will be shown in the tab. Warning: Allowing users to modify
173+ # the BasicConsumerSecret for LTI 1.1 or the IDs, URLs, etc for LTI 1.3 can expose the values
174+ # of the variables and allow users to lock themselves out of logging in via an LMS.
173175@LTIConfigVariables = (
174176 # 'LTI{v1p1}{LMS_name}',
175177 # 'LTI{v1p3}{LMS_name}',
176178 # 'LTI{v1p1}{LMS_url}',
177179 # 'LTI{v1p3}{LMS_url}',
178180 # 'external_auth',
179181 # 'LTIGradeMode',
182+ # 'LTIGradeOnSubmit',
183+ # 'LTIMassUpdateInterval',
180184 # 'LMSManageUserData',
185+ # 'LTI{v1p1}{BasicConsumerSecret}',
186+ # 'LTI{v1p3}{PlatformID}',
187+ # 'LTI{v1p3}{ClientID}',
188+ # 'LTI{v1p3}{DeploymentID}',
189+ # 'LTI{v1p3}{PublicKeysetURL}',
190+ # 'LTI{v1p3}{AccessTokenURL}',
191+ # 'LTI{v1p3}{AccessTokenAUD}',
192+ # 'LTI{v1p3}{AuthReqURL}',
181193 # 'debug_lti_parameters',
182194 # 'lms_context_id'
183195);
184196
197+ # By default only admin users can modify the LTI secrets and lms_context_id. The following
198+ # permissions need to be modified to allow other users the permission to modify the values.
199+ # $permissionLevels{'change_config_LTI{v1p1}{BasicConsumerSecret}'} = "admin",
200+ # $permissionLevels{'change_config_LTI{v1p3}{PlatformID}'} = "admin",
201+ # $permissionLevels{'change_config_LTI{v1p3}{ClientID}'} = "admin",
202+ # $permissionLevels{'change_config_LTI{v1p3}{DeploymentID}'} = "admin",
203+ # $permissionLevels{'change_config_LTI{v1p3}{PublicKeysetURL}'} = "admin",
204+ # $permissionLevels{'change_config_LTI{v1p3}{AccessTokenURL}'} = "admin",
205+ # $permissionLevels{'change_config_LTI{v1p3}{AccessTokenAUD}'} = "admin",
206+ # $permissionLevels{'change_config_LTI{v1p3}{AuthReqURL}'} = "admin",
207+ # $permissionLevels{'change_config_lms_context_id'} = "admin",
208+
185209# Note that the lms_context_id is actually a database setting. It must be set for a course in
186210# order for the instructor to utilize LTI content selection. This can also be set in the admin
187211# course.
0 commit comments