From c2ee2b0cf2b9da64bbd210187c59e0482d339b03 Mon Sep 17 00:00:00 2001
From: "viktor.szpisjak" <viktor.szpisjak@instructure.com>
Date: Fri, 26 Aug 2022 15:34:52 +0200
Subject: [PATCH] Add rce_config endpoint to expose init configuration for RCE

refs QUIZ-9943
flag=none

test plan:
   - Create a JWT to your user in local Canvas
   - Call /api/v1/services/rce_config with the following header:
     'Authorization: Bearer [your token]'

   curl --location --request GET '[host]/api/v1/services/rce_config' \
   --header 'Authorization: Bearer [your token]' \
   --header 'Accept: application/json'

Change-Id: I2afa87010c0225d23d651abbe0fb54a1cfece447
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/300089
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Marton Balogh-Bodor <marton.balogh-bodor@instructure.com>
Reviewed-by: Ed Schiebel <eschiebel@instructure.com>
Product-Review: Roland Beres <roland.beres@instructure.com>
---
 app/controllers/services_api_controller.rb | 31 ++++++++++
 config/routes.rb                           |  1 +
 spec/apis/v1/services_api_spec.rb          | 68 ++++++++++++++++++++++
 spec/spec_helper.rb                        |  3 +-
 4 files changed, 102 insertions(+), 1 deletion(-)

diff --git a/app/controllers/services_api_controller.rb b/app/controllers/services_api_controller.rb
index 022f53c7650..21471962f40 100644
--- a/app/controllers/services_api_controller.rb
+++ b/app/controllers/services_api_controller.rb
@@ -20,6 +20,8 @@
 
 # @API Services
 class ServicesApiController < ApplicationController
+  before_action :require_user, :get_context, only: [:rce_config]
+
   # @API Get Kaltura config
   # Return the config information for the Kaltura plugin in json format.
   #
@@ -107,4 +109,33 @@ class ServicesApiController < ApplicationController
     end
     render json: hash
   end
+
+  def rce_config
+    @include_js_env = true
+    inst = inst_env
+    env = rce_js_env
+
+    should_add_base_url = !Canvas::Cdn.config.host
+    base_url = "#{request.scheme}://#{HostUrl.context_host(@domain_root_account, request.host)}"
+    add_base_url_if_needed = ->(url) { "#{should_add_base_url && base_url}#{url}" }
+
+    high_contrast_css_urls = env[:url_for_high_contrast_tinymce_editor_css] || []
+    editor_css_urls = env[:url_to_what_gets_loaded_inside_the_tinymce_editor_css] || []
+    active_brand_css_url = env[:active_brand_config_json_url]
+    locales = env[:LOCALES] || ["en"]
+
+    render json: env.slice(
+      :RICH_CONTENT_CAN_UPLOAD_FILES, :RICH_CONTENT_INST_RECORD_TAB_DISABLED, :RICH_CONTENT_FILES_TAB_DISABLED,
+      :RICH_CONTENT_CAN_EDIT_FILES, :K5_SUBJECT_COURSE, :K5_HOMEROOM_COURSE, :context_asset_string,
+      :DEEP_LINKING_POST_MESSAGE_ORIGIN, :current_user_id, :disable_keyboard_shortcuts, :rce_auto_save_max_age_ms
+    ).merge({
+              kalturaSettings: { hide_rte_button: inst.dig(:kalturaSettings, :hide_rte_button) || false },
+              LOCALES: locales,
+              LOCALE: locales[0],
+              active_brand_config_json_url: active_brand_css_url && add_base_url_if_needed.call(active_brand_css_url),
+              url_for_high_contrast_tinymce_editor_css: high_contrast_css_urls.map(&add_base_url_if_needed),
+              url_to_what_gets_loaded_inside_the_tinymce_editor_css: editor_css_urls.map(&add_base_url_if_needed),
+              FEATURES: env[:FEATURES]&.transform_values { |v| !!v },
+            })
+  end
 end
diff --git a/config/routes.rb b/config/routes.rb
index 60c6dfde7e5..d14819658c6 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -1664,6 +1664,7 @@ CanvasRails::Application.routes.draw do
     scope(controller: :services_api) do
       get "services/kaltura", action: :show_kaltura_config
       post "services/kaltura_session", action: :start_kaltura_session
+      get "services/rce_config", action: :rce_config
     end
 
     scope(controller: :calendar_events_api) do
diff --git a/spec/apis/v1/services_api_spec.rb b/spec/apis/v1/services_api_spec.rb
index 5bbc71640e7..3805d481193 100644
--- a/spec/apis/v1/services_api_spec.rb
+++ b/spec/apis/v1/services_api_spec.rb
@@ -89,6 +89,7 @@ describe "Services API", type: :request do
                                                                       "uid" => "#{@user.id}_#{Account.default.id}",
                                                                       "kaltura_setting" => {
                                                                         "domain" => "kaltura.example.com",
+                                                                        "hide_rte_button" => false,
                                                                         "kcw_ui_conf" => "1",
                                                                         "max_file_size_bytes" => 534_773_760,
                                                                         "partner_id" => "100",
@@ -108,4 +109,71 @@ describe "Services API", type: :request do
                                                                       },
                                                                     })
   end
+
+  describe "#rce_config" do
+    let(:rce_config_api_call) do
+      course_with_student(active_all: true)
+      api_call_as_user(@student, :get, "/api/v1/services/rce_config",
+                       {
+                         controller: "services_api",
+                         action: "rce_config",
+                         format: "json",
+                         course_id: @course.to_param
+                       },
+                       { expected_status: 200 }).deep_symbolize_keys
+    end
+
+    it "checks for auth" do
+      get("/api/v1/services/rce_config")
+      assert_status(401)
+    end
+
+    it "test if all the nil values are converted to false in FEATURES hash" do
+      expect_any_instance_of(ApplicationController).to receive(:cached_js_env_account_features)
+        .and_return({ test_feature_flag: nil })
+
+      json = rce_config_api_call
+
+      expect(json[:FEATURES][:test_feature_flag]).to an_instance_of(FalseClass)
+    end
+
+    it "test the urls are enhanced with the base url when CDN is not configured" do
+      json = rce_config_api_call
+
+      expect(json[:url_for_high_contrast_tinymce_editor_css]).to all(starting_with("http://localhost/dist"))
+      expect(json[:url_to_what_gets_loaded_inside_the_tinymce_editor_css]).to all(starting_with("http://localhost/dist"))
+      expect(json[:active_brand_config_json_url]).to starting_with("http://localhost/dist")
+    end
+
+    it "test the contract of the RCE configuration" do
+      a_bool_value = be_in([true, false])
+      a_hash_with_only_bool_values = satisfy { |hash| hash.values.all? { |value| value.in? [true, false] } }
+      a_not_empty_string_array = have_at_least(1).items & all(an_instance_of(String))
+      an_instance_of_string = an_instance_of(String)
+      an_instance_of_integer = an_instance_of(Integer)
+
+      json = rce_config_api_call
+
+      expect(json).to include({
+                                kalturaSettings: { hide_rte_button: a_bool_value },
+                                RICH_CONTENT_CAN_UPLOAD_FILES: a_bool_value,
+                                RICH_CONTENT_INST_RECORD_TAB_DISABLED: a_bool_value,
+                                RICH_CONTENT_FILES_TAB_DISABLED: a_bool_value,
+                                RICH_CONTENT_CAN_EDIT_FILES: a_bool_value,
+                                LOCALE: an_instance_of_string,
+                                LOCALES: a_not_empty_string_array,
+                                rce_auto_save_max_age_ms: an_instance_of_integer,
+                                active_brand_config_json_url: an_instance_of_string,
+                                url_for_high_contrast_tinymce_editor_css: a_not_empty_string_array,
+                                url_to_what_gets_loaded_inside_the_tinymce_editor_css: a_not_empty_string_array,
+                                FEATURES: a_hash_with_only_bool_values,
+                                K5_SUBJECT_COURSE: a_bool_value,
+                                K5_HOMEROOM_COURSE: a_bool_value,
+                                context_asset_string: an_instance_of_string,
+                                DEEP_LINKING_POST_MESSAGE_ORIGIN: an_instance_of_string,
+                                current_user_id: an_instance_of_integer,
+                                disable_keyboard_shortcuts: a_bool_value
+                              })
+    end
+  end
 end
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 716e5e10898..4b738a0508b 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -719,7 +719,8 @@ RSpec.configure do |config|
                                                                             "user_secret_key" => "1234821hrj3k21hjk4j3kl21j4kl321j4kl3j21kl4j3k2l1",
                                                                             "player_ui_conf" => "1",
                                                                             "kcw_ui_conf" => "1",
-                                                                            "upload_ui_conf" => "1"
+                                                                            "upload_ui_conf" => "1",
+                                                                            "hide_rte_button" => false
                                                                           })
   end