How to get current user's email, roles, school id and grade?

[alle...@myblueprint.ca]

Hi All,

First of all, thanks for your time to help looking into the problems we're having. We are using Valence C# sdk to realize SSO with D2L and are having some issue with respect to the needed data, its validity and where we can obtain them

1. User email, can we assume that the data obtained from D2L is always validated email address? It doesn't seem that it is even a required field in the User Profile

2. User Role, I can't find an API to obtain the current user's roles. The closest I can find is listing of all roles. We need this to differentiate different type of user when creating the accounts in our system.

(there's method in the d2lws but not in valence?)

3. School Id, we need to extract the school Id associate with the student/teacher/account. So far it seems like we need to extract this information from the orgunit enrolment, however the only available method I can see is 

http://docs.valence.desire2learn.com/res/enroll.html#get--d2l-api-lp-%28version%29-enrollments-myenrollments-

Which doesn't provide ability to filter the enrolments to only return the course offering enrolment (which I'm told will contain the school Id that I can extract from the course Id)

4. I'm told that d2l doesn't store student grade information, is this true?

[Sean M]

Can't help with the first three at the moment (only just getting into actual development with Valence myself). But #4 is easy. D2L does store grade info:

http://docs.valence.desire2learn.com/res/grade.html

[alle...@myblueprint.ca]

Hi Sean,

Thanks for replying, but when I meant grade, I don't meant the grade students get from the courses. Rather, I'm looking for info such as Student is in Grade 10 high school.

[Sean M]

Ah, sorry, terminology. I have not seen anything on student year (grade) in D2L, and it is not listed in the fields included in student profile information.

[Desire2Learn Staff: Viktor]

On Thursday, 1 May 2014 12:32:46 UTC-4, alle...@myblueprint.ca wrote:

Hi All,

First of all, thanks for your time to help looking into the problems we're having. We are using Valence C# sdk to realize SSO with D2L and are having some issue with respect to the needed data, its validity and where we can obtain them

1. User email, can we assume that the data obtained from D2L is always validated email address? It doesn't seem that it is even a required field in the User Profile

User email address are often a tricky issue.

The user email address that's optionally part of the user record (i.e. the one that's in the `ExternalEmail` property in the User.UserData structure) gets used as the email address to which password reset notification gets sent. That is, it's the user's "official out-of-LMS email address of record". This property is subject to privacy controls, and is optional; calling clients cannot depend on it being there, and whether the client can see the property (if there) depends on the LMS admin's decisions about User Information Privacy.

The user email address in the user profile is an optional value provided by a user themselves in preparing their own profile. This could be the same as the External Email address in the user record, but that's likely entirely up to the individual user. There may be, for example, many users who have an official "on campus email" that they don't want in their profile, and in their profile, they provide a throwaway mail service password like a Hotmail, Yahoo, GMail address, etc.

You can't assume that a value in User Profile is validated at all. You can likely depend on the address in the UserData record being validated, but that's not formally validated by requirement, only by business convention -- that is, there's no process in the LMS itself that requires validation, or signals validation, of the UserData.ExternalEmail property that I know of.

  

2. User Role, I can't find an API to obtain the current user's roles. The closest I can find is listing of all roles. We need this to differentiate different type of user when creating the accounts in our system.

(there's method in the d2lws but not in valence?)

Assign user role is considered privileged information; many of D2L's clients explicitly do not want a user's precise role in an org unit clearly visible to the user themselves. The "role" that's part of the User.CreateUserData is actually _not_ part of the user record -- it's functionally the role assigned to the user in their enrollment in the org: that is, a user role binds a user to an enrollment, but is not a property of the user record _itself_.

So, to get the "role" for the user in the organization, you can use one of the enrollment calls providing the root org unit's ID as the orgunit to inspect, and the user ID of the user in question. Note that the enrollment calls are considered "administrative" type functionality, so many end users (student users, for example) won't have access to this information: specifically the "myenrollment" calls don't send back role information.

 

3. School Id, we need to extract the school Id associate with the student/teacher/account. So far it seems like we need to extract this information from the orgunit enrolment, however the only available method I can see is 

http://docs.valence.desire2learn.com/res/enroll.html#get--d2l-api-lp-%28version%29-enrollments-myenrollments-

Which doesn't provide ability to filter the enrolments to only return the course offering enrolment (which I'm told will contain the school Id that I can extract from the course Id)

I'm not sure what you're needing here. What is a 'School' in your structure: is each School a root org? Or is a school a descendant structural unit from the root org? (That is, do you have a bunch of schools all supported by your LMS? Is a 'school' like a faculty or something?)

 

4. I'm told that d2l doesn't store student grade information, is this true?

We store student grade values, but if you mean "what grade is this student in", then this information is not a part of a user's record, but is an emergent property of their enrollments.

 

[alle...@myblueprint.ca]

Thanks for your response.

Basically this confirms our understanding that we can only use D2L as SSO provider but not an consistent student/teacher data provider.

[Desire2Learn Staff: Viktor]

The model for the D2L platform regulates access to functionality by having API client systems act on behalf of a known, authenticated user that has a controlled set of permissions within the back end system (the LMS). Cient systems can operate within this framework in several ways:

- Operate within the functional constraints that the end user is afforded by the LMS. This generally requires a user interaction pattern that is exploratory and gracefully tolerant of constraint discovery. A client app can operate within the discoverable boundary of what an end user is allowed to do bands prevented from doing and gracefully degrade or enhance functionality accordingly. For certain types of client apps, this is perfectly sufficient.

- Operate on some level as a service to service integration where the client app has an "identity" as a special service user account; this requires the back end system to provision a special user account that exists to provide an operational context for the client app's functionality, and then the sharing of the required authentication tokens to the client app for caching and use going forward. In these cases, the API client app can make expanded use of the back end service's functionality, but then must take special care not to let the results of that activity bleed over into the abilities conveyed to the client app's end user, for security and privacy reasons.

In general if your client system needs more access to data typically afforded only to administrative users, the second of these approaches could be possible.