search

France-ioi / AlgoreaBackend

Backend for the new Algorea platform
MIT License
2 stars 2 forks source link

LTI: Score publish service #476

Closed smadbe closed 4 years ago

smadbe commented 4 years ago

Overview

Our platform has to support LTI (Learning Tools Interoperability) for being able to integrate into other learning platform such as EdX.

Once a score has been obtained, it has to be sent to the LTI Consumer (e.g., edX). This may be automatic or manual, as in this example: image

LTI workflows

On POST /attempts/{attempt_id}/items/{item_id}/publish (we keep the service LTI agnostic, just publishing the results to login-module).

Input

Actions

POST to the login-module lti_result/send with:

Output

Generic output

zenovich commented 4 years ago

Should we check that 1) the attempt_id is linked to the user, 2) the item_id is visible to the user, 3) there is a result linking the attempt with attempt_id to the item with item_id?

smadbe commented 4 years ago

Should we check that

1. the attempt_id is linked to the user,

An attempt entry is identified by a participant and an attempt anyway, so you could not do anything with the attempt alone. So yes, but that's not really a check.

2. the item_id is visible to the user,

Yes.

3. there is a result linking the attempt with attempt_id to the item with item_id?

Same as 1, actually, it is not really a check but if you have nothing, it is difficult to send something. But you have a good point here, you should return "0" if there is no result.

zenovich commented 4 years ago

Should we check something about the participant_id (which is a part of attempt_id)? For instance, we could check that it is the id of the current user, or his team, or a team the current user can manage...

zenovich commented 4 years ago

Same as 1, actually, it is not really a check but if you have nothing, it is difficult to send something. But you have a good point here, you should return "0" if there is no result.

So we send 0 to LTI instead of failing with an error in this case, right?

zenovich commented 4 years ago

So as attempt_id is actually 'participant_id/attempt_id', the route will be POST /attempts/{participant_id}/{attempt_id}/items/{item_id}/publish, right? For me, it looks a bit strange. Probably, POST /attempts/{attempt_id}/items/{item_id}/publish?as_team_id={participant_id} would be better.

smadbe commented 4 years ago

Should we check something about the participant_id (which is a part of attempt_id)? For instance, we could check that it is the id of the current user, or his team, or a team the current user can manage...

Why do you say "participant_id (which is a part of attempt_id)" ? The participant_id is not given, only the attempt_id is given. The team_id cannot be given as specified. So the participant is explicitly the current user, as it was done in many other services. (or did I misunderstand something in your question?)

So we send 0 to LTI instead of failing with an error in this case, right?

Right

So as attempt_id is actually 'participant_id/attempt_id', the route will be POST /attempts/{participant_id}/{attempt_id}/items/{item_id}/publish, right? For me, it looks a bit strange. Probably, POST /attempts/{attempt_id}/items/{item_id}/publish?as_team_id={participant_id} would be better.

Mh... no that's the same as the many other services on attempts which are working on the current user as participant except if team_id is given. As stated "as_team_id: in query (optional): fail if given, this service does not currently support team work". And so the participant is always the current user. A user always only publishes for himself (at least for the moment).

zenovich commented 4 years ago

Should we check something about the participant_id (which is a part of attempt_id)? For instance, we could check that it is the id of the current user, or his team, or a team the current user can manage...

Why do you say "participant_id (which is a part of attempt_id)" ? The participant_id is not given, only the attempt_id is given. The team_id cannot be given as specified. So the participant is explicitly the current user, as it was done in many other services. (or did I misunderstand something in your question?)

Probably I misunderstood your comment "An attempt entry is identified by a participant and an attempt anyway, so you could not do anything with the attempt alone. So yes, but that's not really a check." That's why so many weird questions. Sorry about this.

smadbe commented 4 years ago

Now that's ok? By "An attempt entry is identified by a participant and an attempt", I meant that the "attempts" table is indexed by (participant_id, attempt_id) basically.

zenovich commented 4 years ago

Now that's ok? By "An attempt entry is identified by a participant and an attempt", I meant that the "attempts" table is indexed by (participant_id, attempt_id) basically.

Yes, thanks.