From 7a6266b72ccc9f6770190e2df12a2e7f7af0aa7b Mon Sep 17 00:00:00 2001
From: Angel Fernando Quiroz Campos <angelfqc.18@gmail.com>
Date: Mon, 8 Aug 2022 10:00:05 -0500
Subject: [PATCH] Plugin: LTI: Fix lineitem.readonly scope in AGS

---
 plugin/ims_lti/auth.php                          | 16 +++++++++++-----
 .../src/Service/Resource/LtiLineItemResource.php |  8 ++++++++
 .../Service/Resource/LtiLineItemsResource.php    |  4 ++++
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/plugin/ims_lti/auth.php b/plugin/ims_lti/auth.php
index ff8a9bc502..7cdcb68bbc 100644
--- a/plugin/ims_lti/auth.php
+++ b/plugin/ims_lti/auth.php
@@ -207,15 +207,21 @@ try {
             if (LtiAssignmentGradesService::AGS_NONE !== $advServices['ags']) {
                 $agsClaim = [
                     'scope' => [
-                        LtiAssignmentGradesService::SCOPE_LINE_ITEM,
                         LtiAssignmentGradesService::SCOPE_LINE_ITEM_READ,
+                        LtiAssignmentGradesService::SCOPE_RESULT_READ,
+                        LtiAssignmentGradesService::SCOPE_SCORE_WRITE,
                     ],
-                    'lineitems' => LtiAssignmentGradesService::getLineItemsUrl(
-                        $course->getId(),
-                        $tool->getId()
-                    ),
                 ];
 
+                if (LtiAssignmentGradesService::AGS_FULL === $advServices['ags']) {
+                    $agsClaim['scope'][] = LtiAssignmentGradesService::SCOPE_LINE_ITEM;
+                }
+
+                $agsClaim['lineitems'] = LtiAssignmentGradesService::getLineItemsUrl(
+                    $course->getId(),
+                    $tool->getId()
+                );
+
                 if ($tool->getLineItems()->count() === 1) {
                     $agsClaim['lineitem'] = LtiAssignmentGradesService::getLineItemUrl(
                         $course->getId(),
diff --git a/plugin/ims_lti/src/Service/Resource/LtiLineItemResource.php b/plugin/ims_lti/src/Service/Resource/LtiLineItemResource.php
index 0742822cbd..47120842d2 100644
--- a/plugin/ims_lti/src/Service/Resource/LtiLineItemResource.php
+++ b/plugin/ims_lti/src/Service/Resource/LtiLineItemResource.php
@@ -56,12 +56,20 @@ class LtiLineItemResource extends LtiAdvantageServiceResource
                 $this->processGet();
                 break;
             case Request::METHOD_PUT:
+                if (LtiAssignmentGradesService::AGS_FULL !== $this->tool->getAdvantageServices()['ags']) {
+                    throw new MethodNotAllowedHttpException([Request::METHOD_GET]);
+                }
+
                 $this->validateToken(
                     [LtiAssignmentGradesService::SCOPE_LINE_ITEM]
                 );
                 $this->processPut();
                 break;
             case Request::METHOD_DELETE:
+                if (LtiAssignmentGradesService::AGS_FULL !== $this->tool->getAdvantageServices()['ags']) {
+                    throw new MethodNotAllowedHttpException([Request::METHOD_GET]);
+                }
+
                 $this->validateToken(
                     [LtiAssignmentGradesService::SCOPE_LINE_ITEM]
                 );
diff --git a/plugin/ims_lti/src/Service/Resource/LtiLineItemsResource.php b/plugin/ims_lti/src/Service/Resource/LtiLineItemsResource.php
index a529ff7dac..35eeeb6fec 100644
--- a/plugin/ims_lti/src/Service/Resource/LtiLineItemsResource.php
+++ b/plugin/ims_lti/src/Service/Resource/LtiLineItemsResource.php
@@ -67,6 +67,10 @@ class LtiLineItemsResource extends LtiAdvantageServiceResource
     {
         switch ($this->request->getMethod()) {
             case Request::METHOD_POST:
+                if (LtiAssignmentGradesService::AGS_FULL !== $this->tool->getAdvantageServices()['ags']) {
+                    throw new MethodNotAllowedHttpException([Request::METHOD_GET]);
+                }
+
                 $this->validateToken(
                     [
                         LtiAssignmentGradesService::SCOPE_LINE_ITEM,