public function doBltiHandshake() { //first obtain the details of the LTI configuration they chose $instanceFromDB = LtiConfigurations::find($this->property('ltiInstance')); $approver = $this->property('approver'); $arr = $this->getApproverOptions(); $approverRole = $arr[$approver]; if (!isset($_SESSION)) { session_start(); } $_SESSION['baseUrl'] = Config::get('app.url', 'backend'); $_SESSION['courseID'] = \Input::get('custom_canvas_course_id'); $_SESSION['userID'] = \Input::get('custom_canvas_user_id'); $_SESSION['domain'] = \Input::get('custom_canvas_api_domain'); //TODO: make sure this parameter below works with all other LMSs $_SESSION['lms'] = \Input::get('tool_consumer_info_product_family_code'); //check to see if user is an Instructor $rolesStr = \Input::get('roles'); $consumerKey = $instanceFromDB['ConsumerKey']; $clientId = $instanceFromDB['DeveloperId']; //Check to see if the lti handshake passes $context = new Blti($consumerKey, false, false); if ($context->valid) { // query DB to see if user has token, if yes, go to LTI. $userCheck = User::where('course_id', $_SESSION['courseID'])->first(); if (!$userCheck) { //if no user is found, redirect to canvas permission page if (stristr($rolesStr, $approverRole)) { //As per my discussion with Jared, we will use the instructor's token only. This is the token that will be stored in the DB //and the one that will be used to make all requests. We will NOT store student's tokens. //TODO: take this redirectUri out into some parameter somewhere... $redirectUri = "{$_SESSION['baseUrl']}saveUserInfo?lti={$this->property('ltiInstance')}"; $url = "https://{$_SESSION['domain']}/login/oauth2/auth?client_id={$clientId}&response_type=code&redirect_uri={$redirectUri}"; $this->redirect($url); } else { echo "A(n) {$approverRole} must authorize this course. Please contact your instructor."; return; } } else { //set the professor's token $_SESSION['userToken'] = $userCheck->encrypted_token; //get the timezone $roots = new Roots(); $course = $roots->getCourse(); $account_id = $course->account_id; $account = $roots->getAccount($account_id); $_SESSION['timezone'] = new \DateTimeZone($account->default_time_zone); } } else { echo 'There is a problem. Please notify your instructor'; } }
public function getUser($courseId, $userId) { $user = User::where(array('user_id' => $userId, 'course_id' => $courseId))->first(); return $user; }