Open EarthenSky opened 1 month ago
only visible by professors
The allow option for cas authentication lets us determine which group out of a list a user is part of. Even if a user is part of several groups, we will only get the first group in that list. Luckily, we're allowed to specify mail-lists too, so we can determine if a logged-in user is a CSSS-member!
The list we should use for now is: allow=faculty,!cmpt-students,student,alumni,sfu
One possible danger is that a student who logs in as !cmpt-students one semester, may fall back to student another, and even alumni another! We might want to store a list of authentication methods over time for a user, so that a person might be able to have a badge that says "csss alumni", etc...
This is a big project, which requires creating both frontend & backend tasks.
Backend:
[x] The exam bank will start by only being visible to sfu professors. This requires us to add support for determining whether a user is a professor or a student using SFU's API.
[ ] Next, we'll need to implement an endpoint for storing & retrieving pdfs from
/opt/csss-site/media/exam-bank/
[ ] Finally, we'll need to store exam entries in the database & create functions for searching & accessing them.
Frontend: