EarthenSky
commented
3 weeks ago only visible by professors
The allow option for cas authentication lets us determine which group out of a list a user is part of. Even if a user is part of several groups, we will only get the first group in that list. Luckily, we're allowed to specify mail-lists too, so we can determine if a logged-in user is a CSSS-member!
The list we should use for now is: allow=faculty,!cmpt-students,student,alumni,sfu
- This lets us determine csss-members (!cmpt-students), however it also allows others to login who may only be slightly affiliated to sfu (under the "sfu" group).
One possible danger is that a student who logs in as !cmpt-students one semester, may fall back to student another, and even alumni another! We might want to store a list of authentication methods over time for a user, so that a person might be able to have a badge that says "csss alumni", etc...
- These kinds of features should be motivated by frontend developers. For the time being let's not implement this & just associate session level at login time with the current session.
This is a big project, which requires creating both frontend & backend tasks.
Backend:
[x] The exam bank will start by only being visible to sfu professors. This requires us to add support for determining whether a user is a professor or a student using SFU's API.
[ ] Next, we'll need to implement an endpoint for storing & retrieving pdfs from
/opt/csss-site/media/exam-bank/[ ] Finally, we'll need to store exam entries in the database & create functions for searching & accessing them.
Frontend: