There is one specific case where a user may encounter a score screen for an instance they don't have rights to: when viewing single scores via LTI in an LMS, for example the submission details for a student's grade in Canvas.
The scores are being displayed through an LTI POST request to the following URL:
Scores will load fine if the user/instructor has access rights (view scores || owner) to the widget but the API will return a permissions error if they do not. The score screen should either:
a) indicate the permissions error and explain or
b) allow anyone to view the score screen in this particular context without having explicit access to the widget instance
There is one specific case where a user may encounter a score screen for an instance they don't have rights to: when viewing single scores via LTI in an LMS, for example the submission details for a student's grade in Canvas.
The scores are being displayed through an LTI POST request to the following URL:
Scores will load fine if the user/instructor has access rights (view scores || owner) to the widget but the API will return a permissions error if they do not. The score screen should either:
a) indicate the permissions error and explain or b) allow anyone to view the score screen in this particular context without having explicit access to the widget instance