Community help

ahess4 · ‎04-25-2016

Does anyone have suggestions on how to prevent instructors from installing non-vetted LTI tools or preventing tools from being added at the course level?

Thanks,

Anthony Hess

shane_ohara · ‎04-26-2016

Anthony,

This is what I am using to exclude the buttons from everyone except an account-level admin. You should be able to add the button for "Add App" in there to hide it from all other roles as well.

$(document).ready(function(){

if($.inArray('admin',ENV['current_user_roles']) == -1) {

$("a.btn.button-sidebar-wide.delete_course_link").hide();

$("a.btn.button-sidebar-wide.reset_course_content_button").hide();

$("a[href*='confirm_action?event=conclude']").hide();

$('a.no-hover.edit_section_link').hide();

$('a.no-hover.cant_delete_section_link').hide();

$('#add_section_form').hide();

$('input#course_section_name').hide();

$('#add_section_form > button').hide();

}

})

Shane

View solution in original post

shane_ohara · ‎04-25-2016

Are you referring to LTI apps from the eduappcenter? If so, you just have to hide the ones that you don't want available to instructors. Otherwise, so long as instructors aren't grant account-level admin access then they wouldn't be able to add LTIs manually.

Shane

ahess4 · ‎04-25-2016

Instructors can add apps regardless of the eduappcenter settings, simply by pasting in xml or the link to the xml in the eduappcenter. To see this, go to (as instructor):

Course Settings -> Apps

Select 'View App Configurations'

Select 'Add App'

You can add any app you like, no matter what is set in eduappcenter.

This is what I am referring to.

Thanks,

Anthony Hess

shane_ohara · ‎04-25-2016

Ah yes, we've not had this issue so I wasn't thinking of that way. You could always use a Javascript exclude to hide the button. Let me know if you need an example.

Shane

ahess4 · ‎04-26-2016

We've been using JS to customize permissions when there wasn't a permissions setting. Not the best way - but seems like the only way. If you don't mind providing an example, I'll compare it to what we use for blocking course reset and delete from instructors. Our JS blocks based on roles in any course, which is not ideal since it blocks admins also if they have an instructor enrollment in a course.

Plus, users could still use API if they really wanted to.

What we currently have (blocks add, modify, remove section; delete, reset, conclude course):

if (ENV.current_user_roles.indexOf("teacher") >= 1){

$("a[href*='confirm_action?event=conclude']").hide();

$("a.btn.button-sidebar-wide.delete_course_link").hide();

$("a.btn.button-sidebar-wide.reset_course_content_button").hide();

$("#add_section_form").hide();

$('a.no-hover.edit_section_link').hide();

$('a.no-hover.cant_delete_section_link').hide();

$('a.delete_section_link').hide();

Thanks,

Anthony Hess

shane_ohara · ‎04-26-2016

Anthony,

This is what I am using to exclude the buttons from everyone except an account-level admin. You should be able to add the button for "Add App" in there to hide it from all other roles as well.

$(document).ready(function(){

if($.inArray('admin',ENV['current_user_roles']) == -1) {

$("a.btn.button-sidebar-wide.delete_course_link").hide();

$("a.btn.button-sidebar-wide.reset_course_content_button").hide();

$("a[href*='confirm_action?event=conclude']").hide();

$('a.no-hover.edit_section_link').hide();

$('a.no-hover.cant_delete_section_link').hide();

$('#add_section_form').hide();

$('input#course_section_name').hide();

$('#add_section_form > button').hide();

}

})

Shane

michael_ainabe · ‎08-03-2016

@shane_ohara ahess4

I'm in the same situation as Anthony, we're trying to restrict the ability for instructors to manually add LTIs via a URL/XML by removing the 'Add App' button. I've added this $("#external_tools .AddExternalToolButton").hide(); and the above to our Canvas JavaScript file, but, for whatever reason, the button won't hide. Is this the same code that you added, or was it something different?

Thanks,

Michael

ahess4 · ‎08-04-2016

We just ended up hiding the entire apps tab as there was nothing useful for instructors in the tab (because we are managing apps at the institutional level). The JS to hide the tab is- $('#tab-tools-link').hide();

Thanks,

Anthony

shane_ohara · ‎08-04-2016

I would add the following to my JS, if I wanted to take that away....
$("a.btn.btn-primary.add_tool_link").hide();

Shane

awilliams · ‎04-26-2016

Hmm, we haven't done this at our institution so I'm no expert, but I believe you can manage this with:

How do I manage a whitelist in the Edu App Center? and

How do I manage an Edu App Center whitelist in Canvas?

ahess4 · ‎04-26-2016

We already manage apps there. I was referring to manually adding LTI tools with XML or link to XML.

Thanks,

Anthony

You're signed out

LTI Restrictions (for instructors)

Instructor

Community help

View our top guides and resources: