feat: Report email with LIT authorization path (#3011)

arkirchner · web-flow · commit 111d5bb28776 · 2025-07-11T15:10:38.000Z
To act on spam reports, the teacher needs to sign in through the course to authenticate in the study group. The LTI return URL is used to link back to the course. Co-authored-by: Sebastian Serth <MrSerth@users.noreply.github.com Relates to #2715
diff --git a/app/mailers/report_mailer.rb b/app/mailers/report_mailer.rb
@@ -5,6 +5,13 @@ class ReportMailer < ApplicationMailer
 
   def report_content
     @reported_content = params.fetch(:reported_content)
+    study_group = @reported_content.submission.study_group
+    exercise = @reported_content.exercise
+
+    # NOTE: This implementation assumes the course URL is static and does not vary per user.
+    # This is currently valid for a majority of use cases. However, in dynamic scenarios (such as
+    # content trees in openHPI used in conjunction with A/B/n testing) this assumption may no longer hold true.
+    @course_url = LtiParameter.find_by(study_group:, exercise:)&.lti_parameters&.[]('launch_presentation_return_url')
 
     mail(subject: I18n.t('report_mailer.report_content.subject', content_name: @reported_content.model_name.human))
   end
diff --git a/app/views/report_mailer/report_content.html.slim b/app/views/report_mailer/report_content.html.slim
@@ -2,3 +2,5 @@ h3 = t('.prolog')
 blockquote style="white-space: pre-wrap;" = @reported_content.question
 p = t('.take_action')
 p = link_to(request_for_comment_url(@reported_content), request_for_comment_url(@reported_content))
+- if @course_url.present?
+  p = link_to(t('.authentication'), @course_url)
diff --git a/app/views/report_mailer/report_content.text.slim b/app/views/report_mailer/report_content.text.slim
@@ -5,3 +5,8 @@
 == t('.take_action')
 == "\n\n"
 == request_for_comment_url(@reported_content)
+== "\n\n"
+- if @course_url.present?
+  == t('.authentication')
+  == "\n\n"
+  == @course_url
diff --git a/config/locales/de/report.yml b/config/locales/de/report.yml
@@ -2,6 +2,7 @@
 de:
   report_mailer:
     report_content:
+      authentication: Kurs-URL für die LTI-Authentifizierung.
       prolog: 'Die folgenden Inhalte wurden als unangemessen gemeldet:'
       subject: 'Spam Report: Ein %{content_name} in CodeOcean wurde als unangemessen markiert.'
       take_action: Bitte ergreifen Sie gegebenenfalls Maßnahmen.
diff --git a/config/locales/en/report.yml b/config/locales/en/report.yml
@@ -2,6 +2,7 @@
 en:
   report_mailer:
     report_content:
+      authentication: Course URL for LTI authentication.
       prolog: 'The following content has been reported as inappropriate:'
       subject: 'Spam Report: A %{content_name} on CodeOcean has been marked as inappropriate.'
       take_action: Please take action if required.
diff --git a/spec/mailers/report_mailer_spec.rb b/spec/mailers/report_mailer_spec.rb
@@ -22,6 +22,15 @@
         expect(mail.text_part.body).to include(question)
         expect(mail.html_part.body).to include(question)
       end
+
+      it 'includes the LTI retrun URL for course authentication' do
+        create(:lti_parameter,
+          exercise: reported_content.exercise,
+          study_group: reported_content.submission.study_group)
+
+        expect(mail.text_part.body).to match(%r{https.+/courses/})
+        expect(mail.html_part.body).to match(%r{https.+/courses/})
+      end
     end
   end
 end
