Allow setting privacy level on tool configurations

Closes PLAT-4113

Test Plan:
- Create an LTI key
- Set the privacy level to public or private
- Create a tool from the key
- Verify the workflow_state of the tool
  matches the privacy level you selected

Change-Id: I626b2d592b6d16feaa54f1cb46aeb189f55000ba
Reviewed-on: https://gerrit.instructure.com/177374
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>

app/controllers/lti/tool_configurations_api_controller.rb

@@ -125,7 +125,8 @@ class Lti::ToolConfigurationsApiController < ApplicationController
       settings: tool_configuration_params[:settings],
       settings_url: tool_configuration_params[:settings_url],
       disabled_placements: tool_configuration_params[:disabled_placements],
-      custom_fields: tool_configuration_params[:custom_fields]
+      custom_fields: tool_configuration_params[:custom_fields],
+      privacy_level: tool_configuration_params[:privacy_level]
     )
     update_developer_key!(tool_config)
 
@@ -175,7 +176,7 @@ class Lti::ToolConfigurationsApiController < ApplicationController
   end
 
   def tool_configuration_params
-    params.require(:tool_configuration).permit(:settings_url, :custom_fields, disabled_placements: []).merge(
+    params.require(:tool_configuration).permit(:settings_url, :custom_fields, :privacy_level, disabled_placements: []).merge(
       {settings: params.require(:tool_configuration)[:settings]&.to_unsafe_h}
     )
   end

app/jsx/developer_keys/actions/ltiKeyActions.js

@@ -151,7 +151,7 @@ actions.ltiKeysUpdateCustomizations = (scopes, disabled_placements, developerKey
         custom_fields: customFields,
         disabled_placements,
         settings: toolConfiguration,
-        workflow_state: privacyLevel
+        privacy_level: privacyLevel
       }
     })
     .then(() => {

app/models/lti/tool_configuration.rb

@@ -18,6 +18,7 @@
 module Lti
   class ToolConfiguration < ActiveRecord::Base
     CANVAS_EXTENSION_LABEL = 'canvas.instructure.com'.freeze
+    DEFAULT_PRIVACY_LEVEL = 'anonymous'.freeze
 
     belongs_to :developer_key
 
@@ -42,6 +43,7 @@ module Lti
       )
       tool.developer_key = developer_key
       tool.custom_fields_string = tool.custom_fields_string + "\n#{custom_fields}"
+      tool.workflow_state = privacy_level || DEFAULT_PRIVACY_LEVEL
       tool
     end
 

db/migrate/20190109210111_add_privacy_level_to_lti_tool_configurations.rb

@@ -0,0 +1,24 @@
+#
+# Copyright (C) 2018 - present Instructure, Inc.
+#
+# This file is part of Canvas.
+#
+# Canvas is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Affero General Public License as published by the Free
+# Software Foundation, version 3 of the License.
+#
+# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Affero General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+
+class AddPrivacyLevelToLtiToolConfigurations < ActiveRecord::Migration[5.1]
+  tag :predeploy
+
+  def change
+    add_column :lti_tool_configurations, :privacy_level, :string
+  end
+end

spec/controllers/lti/tool_configurations_api_controller_spec.rb

@@ -52,6 +52,7 @@ RSpec.describe Lti::ToolConfigurationsApiController, type: :controller do
       account_id: sub_account.id,
       developer_key_id: dev_key_id,
       tool_configuration: {
+        privacy_level: 'public',
         settings: settings
       }
     }.compact
@@ -114,7 +115,8 @@ RSpec.describe Lti::ToolConfigurationsApiController, type: :controller do
         tool_configuration: {
           settings_url: url,
           disabled_placements: ['course_navigation', 'account_navigation'],
-          custom_fields: "foo=bar\r\nkey=value"
+          custom_fields: "foo=bar\r\nkey=value",
+          privacy_level: 'public'
         }
       }
     end
@@ -367,6 +369,11 @@ RSpec.describe Lti::ToolConfigurationsApiController, type: :controller do
         new_settings = config_from_response.settings
         expect(new_settings['launch_url']).to eq new_url
       end
+
+      it 'sets the privacy level' do
+        subject
+        expect(config_from_response.privacy_level).to eq 'public'
+      end
     end
 
     it_behaves_like 'an endpoint that accepts a settings_url' do

spec/models/lti/tool_configuration_spec.rb

@@ -235,6 +235,7 @@ module Lti
       before do
         tool_configuration.developer_key = developer_key
         tool_configuration.custom_fields = "key=value\nfoo=bar"
+        tool_configuration.privacy_level = 'public'
       end
 
       shared_examples_for 'a new context external tool' do
@@ -250,6 +251,18 @@ module Lti
           end
         end
 
+        context 'when no privacy level is set' do
+          before { tool_configuration.privacy_level = nil }
+
+          it 'sets the workflow_state to "anonymous"' do
+            expect(subject.workflow_state).to eq 'anonymous'
+          end
+        end
+
+        it 'sets the correct workflow_state' do
+          expect(subject.workflow_state).to eq 'public'
+        end
+
         it 'sets the correct placements' do
           expect(subject.settings.keys).to include 'account_navigation'
           expect(subject.settings.keys).to include 'course_navigation'