Uploaded image for project: 'OpenOLAT'
  1. OpenOLAT
  2. OO-2937

Allow authors to lookup users via REST API

    XMLWordPrintable

    Details

      Description

      The REST API URL 

      http://localhost:8080/olat/restapi/users?login=test

       is currently restricted to users with the role user manger and system administrator. When adding a user to a course, the user-ID must be known. Normally the user-ID is not known to normal users, this is a technical identifier that is not exposed in the UI. 

      So, when a user can not use the user lookup service above there is no way to add the user to a course using the course REST API. 

      So far so good. The problem now is that the course addParticipant methods can be executed by the course author. Since a normal course author is not user manager this becomes useless. 

      Therefore the security check for executing the users lookup is extended to include users with the author role. 

       Authors can then do: 

       

      1) Start REST session (GET)

      http://localhost:8080/olat/restapi/auth/author?password=test1
      HTTP/1.1 200 OK
      ---------------------------------REQUEST--------------------------------------
      Accept = application/xml
      Accept-Encoding = gzip
      Cookie = JSESSIONID=1DEA85E8547C006962BABDFC411E1445
      User-Agent = Fetcher 1.4 (Macintosh; Mac OS X 10.12.6; de_CH)
      ---------------------------------RESPONSE------------------------------------
      X-OLAT-TOKEN = 127684fb-7b5c-4daa-b97b-c315d4787944
      Transfer-Encoding = Identity
      Content-Type = application/xml
      Server = Apache-Coyote/1.1
      Date = Mon, 31 Jul 2017 11:30:32 GMT
      <hello identityKey="196609">Hello author</hello>
      

      2) Lookup a user (GET)

      http://localhost:8080/olat/restapi/users?login=test
      HTTP/1.1 200 OK
      ---------------------------------REQUEST--------------------------------------
      User-Agent = Fetcher 1.4 (Macintosh; Mac OS X 10.12.6; de_CH)
      Accept-Encoding = gzip
      X-OLAT-TOKEN = 127684fb-7b5c-4daa-b97b-c315d4787944
      Cookie = JSESSIONID=1DEA85E8547C006962BABDFC411E1445
      Accept = application/xml
      ---------------------------------RESPONSE------------------------------------
      Content-Type = application/xml
      Content-Length = 576
      Server = Apache-Coyote/1.1
      Date = Mon, 31 Jul 2017 11:32:26 GMT
      <?xml version="1.0" encoding="UTF-8" standalone="yes"?><userVOes><userVO><key>196613</key><login>test</login><firstName>Thomas</firstName><lastName>Est</lastName><email>test@olat-newinstallation.org</email><properties/></userVO><userVO><key>196614</key><login>test2</login><firstName>Till</firstName><lastName>Estobesto</lastName><email>test2@olat-newinstallation.org</email><properties/></userVO><userVO><key>196615</key><login>test3</login><firstName>Tanja</firstName><lastName>Estelle</lastName><email>test3@olat-newinstallation.org</email><properties/></userVO></userVOes>
      

      3) Add user to course (PUT)

      http://localhost:8080/olat/restapi/repo/courses/94254396996491/participants/196613
      HTTP/1.1 200 OK
      ---------------------------------REQUEST--------------------------------------
      User-Agent = Fetcher 1.4 (Macintosh; Mac OS X 10.12.6; de_CH)
      Accept-Encoding = gzip
      X-OLAT-TOKEN = 127684fb-7b5c-4daa-b97b-c315d4787944
      Cookie = JSESSIONID=1DEA85E8547C006962BABDFC411E1445
      Accept = application/xml
      ---------------------------------RESPONSE------------------------------------
      Server = Apache-Coyote/1.1
      Date = Mon, 31 Jul 2017 11:35:56 GMT
      Content-Length = 0
      

       

       

        Attachments

          Activity

            People

            Assignee:
            gnaegi Florian Gnägi
            Reporter:
            gnaegi Florian Gnägi
            Tester:
            Stéphane Rossé
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 5 minutes
                5m