[Admin Tools] Support required_permissions on more placements
Currently there is an undocumented property that can be set on LTI placements to get Canvas to perform a permission check before launching the tool. This property (required_permissions) means that a LTI tool can be hidden from users without a specific permission. This is really useful when a LTI tool has deep integration with Canvas and as well as using LTI uses the Canvas API through OAuth2. If the tool for example uses the calendar API to insert events, there's no point in showing it to people who don't have permission to insert calendar events in the current course. The visibility property isn't sufficient in this case because some people who are considered admins don't actually have the permissions perform the operations the tool uses. Although when the tool is actually clicked on Canvas performs the permission check, showing the tool to a user who can't in the end use it doesn't provide a good user experience. Currently the required_permissions attribute is checked in some placements (course_navigation) but isn't checked in others (course_home_sub_navigation).
Support required_permissions across all placements and only show the tool to users who have this permission on all placements.
admin