Merge pull request #2844 from somiaj/permission-render-source

Add permissions to render problems with WebworkWebservice.

Author: Alex-Jordan

conf/defaults.config

@@ -780,6 +780,13 @@ $authen{admin_module} = ['WeBWorK::Authen::Basic_TheLastOption'];
 	modify_tags                    => "admin",
 	edit_restricted_files          => "admin",
 
+	# Permission to render problems using the WebworkWebservice.
+	# Users with only webservice_render_problem can render problems with a provided filename.
+	# Users with both permissions can also render problems with providing the problem source.
+	# Note the Problem Editor requires having both permissions.
+	webservice_render_problem      => "login_proctor",
+	webservice_render_source       => "login_proctor",
+
 	##### Behavior of the interactive problem processor #####
 	show_correct_answers_before_answer_date         => "ta",
 	show_solutions_before_answer_date               => "ta",

lib/WebworkWebservice.pm

@@ -257,7 +257,7 @@ sub command_permission {
 		convertCodeToPGML => 'access_instructor_tools',
 
 		# WebworkWebservice::RenderProblem
-		renderProblem => 'proctor_quiz_login',
+		renderProblem => 'webservice_render_problem',
 
 		# WebworkWebservice::SetActions
 		listGlobalSets        => 'access_instructor_tools',

lib/WebworkWebservice/RenderProblem.pm

@@ -26,6 +26,14 @@ async sub renderProblem {
 	# is enabled.  That is an expensive method to always call here.
 	debug(pretty_print_rh($rh)) if $WeBWorK::Debug::Enabled;
 
+	# If the problem source is provided, check user is allow to render problem source.
+	if (!$ws->authz->hasPermissions($rh->{user}, 'webservice_render_source')
+		&& ($rh->{problemSource} || $rh->{rawProblemSource} || $rh->{uriEncodedProblemSource}))
+	{
+		$ws->error_string(__PACKAGE__ . ": User $rh->{user} does not have permission to render problem source.");
+		return {};
+	}
+
 	my $problemSeed = $rh->{problemSeed} // '1234';
 
 	my $beginTime = Benchmark->new;