New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SPIKE: using Google file picker with institution-only PDFs and Team Drive #632
Comments
@klemay Can we have a screenshot of what happens If a PDF does have Downloading, printing, and copying enabled, but it is set to anyone at Example University can view? |
Ok, this might be helpful so documenting here. I created an assignment using the Google Picker for a PDF in my drive that was not shared with anyone. After the assignment was created, that PDF's settings were changed to "Anyone with the link can view." I went back and manually set the PDF to "anyone at Hypothesis who has the link can view." When I went to re-launch the assignment, this is what I ran into: |
Another potential complication - the partner institution is using a Shared drive for these files, which would require changes to our picker, it looks like: https://developers.google.com/drive/api/v3/enable-shareddrives |
The solution I had in mind here is to make Google Drive files work similar to Canvas files, with the difference that I don't think we are able to serve the PDF download URL through Via but will instead need to load the content into PDF.js another way. A sketch of the changes this would involve:
What this will allow is for any file that is shared with the student's Google account, eg. by being shared with "anyone at " to be used as an assignment without needing public sharing. A completely different approach would be to fetch the file content at the time the teacher chooses the assignment, store it somewhere on our backend, and serve it when the student creates the assignment. This approach obviously comes with copyright complications since the content would end up, at least for a period of time, on our servers. For that reason I'm inclined to go with the first option outlined above. |
@robertknight thanks for this - the implementation you've outlined makes sense. I'm going to close this spike and open an issue based on your comment so it can be prioritized among our other work. |
Hi @klemay - I still think it would be worth doing a spike based upon my suggestion above to check that it does actually work and that there aren't any major issues I've failed to consider. |
FYI, I think we are going to need a standalone CORS proxy server for PDFs. Currently this is Via:
|
I've just checked and this is not a problem for Google Drive. See Slack discussion. The Google API JS client is able to fetch file content from Google Drive files. It does so in an elaborate way that doesn't involve making a CORS request, but the end result is that the frontend app can fetch data from Google Drive without needing any server-side help from a proxy. We will however still need a proxy for serving PDFs from arbitrary URLs entered in the "Enter URL" dialog in the file picker. |
@robertknight sorry for getting a little over-eager with closing this issue. I've converted the new issue to a spike: #928 |
Note: this is being re-added to the "To Review" column on the Product backlog board because it was added to a sprint and then removed - we need to re-prioritize it among our other work.
User story:
As a teacher at Example University, I want to use the Hypothesis LMS app in Sakai to assign readings to my students. The PDFs for these readings reside in a Team Drive, and the university library mandates that these PDFs are set so that "anyone at Example University with the link can view," rather than "anyone with the link can view."
Currently, when a teacher selects a PDF from Google Drive, we set the privacy of that file to "anyone with the link can view." If you go back and manually change the privacy of the file to "anyone at [institution] with the link can view," launching the assignment will take you to a Drive login page.
We need to look into:
The text was updated successfully, but these errors were encountered: