Private redirecting link for support from a Studio Admin

[rtibbles]

🙂 Looking for an issue? Welcome! This issue is open for contribution. If this is the first time you’re requesting an issue, please:

• Read Contributing guidelines carefully. Pay extra attention to Using generative AI. Pull requests and comments that don’t follow the guidelines won’t be answered.
• Confirm that you’ve read the guidelines in your comment.

Desired behavior

Within the channel edit view, under the top right dropdown menu:

We can navigate into "Share channel".

Within this page:

A new section should be added above "Invite collaborators".

This will display either the link for the support link in the same style (disabled text box and copy button) as the channel token sharing:

Or, if no link yet exists, a button to generate a link.

This link will include a specially generated token that is not otherwise displayed to the user, and does not allow for channel import, and the link will only properly redirect for Studio administrators.

Technical implementation

A new support_token ForeignKey field should be added to the ChannelModel. This should be nullable and have no default. It should foreign key to the same SecretToken model that is used for this field: https://github.com/learningequality/studio/blob/unstable/contentcuration/contentcuration/models.py#L798 but as it is distinct, it will not be able to be used for channel import look ups.

To support the redirect, a new view should be created that has permissions restricted to admin only, and then looks up the token in the URL. It should then redirect to the channel edit page for the channel associated with the support token. If the token does not exist, or the token is a valid token but not a support token, then it should return a 404.

To support the frontend functionality, a new detail endpoint on the main channel viewset should be created for fetching the support token. Additionally, the endpoint should support creation of a token, but only if a token does not already exist. Attempts to create a token when one already exists should return a 409 error code.

In the frontend, loading the token and creating the token can happen using direct interaction with the API endpoints, and do not need to happen via the indexedDB layer/sync endpoint.

[adibmbrk]

Hey @rtibbles @MisRob @AlexVelezLl , can you assign this issue to me please?

[rtibbles]

Sure thing! Please feel free to ask any questions or clarifications here!

[adibmbrk]

Hey @rtibbles,

Here's an update on the progress of this task.

• Added support token to the channel model
  However you mentioned to make it a foreign key and make it foreign key to SecretModel , This gave me a warning since Foreign Key with unique = true is the same as OnetoOneFIeld, Therefore I decided to switch to OnetoOneField.
• Added support_token_redirect in the admin view, since its an admin only endpoint
• Added get_support_token and create_support_token to the channel viewset

Currently im trying to test the endpoints I have defined, However i'm not sure how to setup the authentication in postman. Would you have an idea on how I could go about this? I tried basic auth with the following credentials a@a.com and a but it didn't seem to work.

I have raised a draft PR, it would be great if you could have a look at it and let me know if i'm going in the right direction.

[MisRob]

Hi @adibmbrk, I believe you connected with Richard already on Slack about this, right?

[adibmbrk]

Yes! @MisRob Thanks for asking

[adibmbrk]

Hi @rtibbles! Thanks for having a look at my draft PR. Just a quick update on this task:

• The GET and POST request to read and create a token works as expected. I have verified it with unit tests which i've also added to the draft PR.
• I have also implemented the logic along with the suggested changes for the support_token_redirect, However I faced an error when writing tests for it AssertionError: 403 != 302. Although I've defined the user as self.user.is_admin = True when setting up the test case, I still get a 403 forbidden error. Im actively trying to solve this error at the moment. Any insight on what might be causing the error would be super helpful.

FAILED contentcuration/contentcuration/tests/views/test_admin.py::SupportTokenRedirectTestCase::test_valid_token_redirects_to_channel - AssertionError: 403 != 302

[rtibbles]

Hrm, I'm not seeing anything obvious why this would be a problem. One thing you do need to do is to create a Django migration for the model change though:

python contentcuration/manage.py makemigrations

and commit the resulting file.

Clearly that's not a problem in your local testing though, so I don't think that's the root of the issue. But doing this would let me see the test run on the PR and look at the code locally potentially.

[adibmbrk]

The test run is now available on the PR @rtibbles, and the issue seems to be reproducible on the PR builder as well. I'll try a couple of different approaches as well to see if I could solve this issue.