LMSA-7975 - changed secure level and some text changes

README.md

@@ -124,3 +124,37 @@ that need to be accounted for while using this setup.
 
 This is marked as experimental due to the fact that we aren't running with this option at IU.  We are running into CORS
 issues when trying to talk to our OAuth2 service via swagger, so we can't verify if it really works or not!
+
+# Crosslister Lookup
+The Cross-listing Assistant in Canvas at Indiana University has a secondary launch that brings up a user interface to search for a parent
+crosslisted course.  This is restricted to administrator users only. Configuration is the same as the crosslister with the exceptions listed below.
+
+## Test a local launch
+Startup the application with the `LTI_CLIENTREGISTRATION_DEFAULTCLIENT` value set to `saltire`.
+Use an LTI tool consumer launcher, like https://saltire.lti.app/platform.
+Default values are fine, with the below exceptions...
+
+In the `Message` section, set the following:
+<table>
+<tr><th>Property</th><th>Value</th></tr>
+<tr><td>Custom parameters</td><td>
+
+```
+canvas_user_login_id=johnsmith
+instructure_membership_roles=http://purl.imsglobal.org/vocab/lis/v2/institution/person#Administrator
+```
+
+</td></tr>
+</table>
+
+Use an appropriate `canvas_user_login_id`.
+
+From the `Security Model` section, set the following:
+<table>
+<tr><th>Property</th><th>Value</th></tr>
+<tr><td>LTI version</td><td>1.3.0</td></tr>
+<tr><td>Message URL</td><td>http://localhost:8080/app/lookup-launch</td></tr>
+<tr><td>Client ID</td><td>dev (or whatever is appropriate based on the record inserted in the database table from above)</td></tr>
+<tr><td>Initiate login URL</td><td>http://localhost:8080/lti/login_initiation/lms_lti_crosslisting</td></tr>
+<tr><td>Redirection URI(s)</td><td>http://localhost:8080/lti/login</td></tr>
+</table>

examples/crosslisting-lookup.json

@@ -12,7 +12,7 @@
         "placements": [
           {
             "enabled": true,
-            "placement": "course_settings_sub_navigation",
+            "placement": "account_navigation",
             "message_type": "LtiResourceLinkRequest"
           }
         ]
@@ -22,7 +22,6 @@
   "public_jwk_url": "http://localhost:8080/.well-known/jwks.json",
   "custom_fields": {
     "instructure_membership_roles": "$com.Instructure.membership.roles",
-    "canvas_course_id": "$Canvas.course.id",
     "canvas_user_login_id": "$Canvas.user.loginId"
   }
 }

src/main/java/edu/iu/uits/lms/crosslist/controller/CrosslistController.java

@@ -880,7 +880,7 @@ public String endSelfImpersonation(@PathVariable("courseId") String courseId, @M
     }
 
     @RequestMapping("/lookup-launch")
-    @Secured({LTIConstants.ADMIN_AUTHORITY, LTIConstants.INSTRUCTOR_AUTHORITY})
+    @Secured({LTIConstants.ADMIN_AUTHORITY})
     public String lookupLaunch(@ModelAttribute FindParentModel findParentModel, Model model, HttpSession session) {
         getTokenWithoutContext();
 
@@ -903,7 +903,7 @@ public String lookupLaunch(@ModelAttribute FindParentModel findParentModel, Mode
     }
 
     @PostMapping(value = "/lookup-search-sisid")
-    @Secured({LTIConstants.BASE_USER_AUTHORITY})
+    @Secured({LTIConstants.ADMIN_AUTHORITY})
     public String lookupSearchBySisId(@ModelAttribute FindParentModel findParentModel, Model model, HttpSession session) {
         getTokenWithoutContext();
 
@@ -925,7 +925,7 @@ public String lookupSearchBySisId(@ModelAttribute FindParentModel findParentMode
     }
 
     @PostMapping(value = "/lookup-search-termandclassnumber")
-    @Secured({LTIConstants.BASE_USER_AUTHORITY})
+    @Secured({LTIConstants.ADMIN_AUTHORITY})
     public String lookupSearchByTermAndClassNUmber(@ModelAttribute FindParentModel findParentModel, Model model, HttpSession session) {
         getTokenWithoutContext();