Copying LMS groups to internal ones
The problem I'm trying to solve is deleting courses from our LMS but maintaining the permissions on the course folder. Once a course is deleted, its permissions groups lose all their users, so I'd like to copy those users to an internal group with the same access rights.
First of all, is this not possible with the REST API? I do not see a way to get group membership. I can use /api/v1/folders/{id}/permissions to find the groups on a course folder but the Group API only contains a search endpoint which also does not show group membership. So even if I was able to find who was in a group, I could not create one.
Is copying a group possible with the SOAP API? Support pointed me to the Group type, but from its properties, I still do not see a way to access its membership. What SOAP classes would I need? Folder::GetAccessibleChildFolders, FolderAccessDetails, Group, GroupAccessDetails?
Lastly, I'm more familiar with REST APIs, and haven't worked with SOAP in a long time. If there are general pointers for how to use the Panopto SOAP APIs, I would appreciate them. I know there is a sample repo but it is smaller and less well-documented than the REST API examples. I prefer to work in Python but other languages are ok, too.
Best Answer
-
Kevin Baum Panopto Employee
Hi Eric,
You are correct that Panopto's REST API does not currently have an endpoint to get a list of users in a particular group. You can use our SOAP API to get group members and create a new group with those members.
To get a list of members in a group, you can call the IUserManagement.GetUsersInGroup endpoint. Once you have the list of members, you can use the IUserManagement.CreateInternalGroup endpoint to create a new group, and add the users you previously retrieved using the IUserManagement.AddMembersToInternalGroup endpoint.
Once all of the members have been added, you can call the IAccessManagement.GrantGroupAccessToFolder endpoint to allow the new group viewer or creator access to the folder.
We do have another SOAP sample using Python on our public GitHub page that includes a wrapper for Panopto's SOAP API. Please look at the python-soap project to see if that can help you get started.
I hope that this helps. Please let me know if you have any other questions.
Thanks,
Kevin
1
Answers
Well I see that IUserManagement has a method GetUsersInGroup and IAccessManagement seems to be the way to give a user access to a folder or add them to a group. So with those interfaces, what I want to do should be possible with the SOAP API.
@Kevin Baum After some initial attempts, I cannot seem to authenticate with the SOAP API. We do not use Panopto internal accounts but unified Moodle/SSO accounts. A comment in the Python SOAP example says "password of admin user on Panopto server. Only required if external provider does not have a bounce page." Our SSO has a bounce page, so a password should not be necessary. See below; the SOAP client is working because the unauthenticated call works but the auth does not. I've tried:
I also tried against our staging server which does allow password authentication but that still did not work. In an example like the below but using Panopto internal accounts, it's unclear to me what the application key would be, because the panoptointernal IDP does not have one, it lists a provider ID which I tried but that did not work. I would really like a concrete example of SOAP authentication that works in python 3, considers provider name, etc. because something seems to be left out.
========
import hashlib
from pysimplesoap.client import SoapClient
def generateauthcode(userkey, servername, sharedSecret):
payload = userkey + "@" + servername
signedPayload = payload + "|" + sharedSecret
m = hashlib.sha1()
m.update(signedPayload.encode("utf-8"))
authcode = m.hexdigest().upper()
return authcode
userkey = "ephetteplace"
providername = "sso.cca.edu"
applicationkey = "SECRET"
servername = "ccarts.hosted.panopto.com"
auth_client = SoapClient(
wsdl="https://" + servername + "/Panopto/PublicAPI/4.2/Auth.svc?wsdl"
)
print("Server version:", auth_client.GetServerVersion()) # works
user_client = SoapClient(
wsdl="https://" + servername + "/Panopto/PublicAPI/4.6/UserManagement.svc?wsdl"
)
authcode = generateauthcode(f"{providername}\\{userkey}", servername, applicationkey)
AuthenticationInfo = {"AuthCode": authcode, "UserKey": userkey}
# does not work, "Unable to authenticate the user."
print("get user", user_client.GetUserByKey(auth=AuthenticationInfo, userKey=userkey))
Hi Eric,
I will need some additional information on the user and ID Provider you are using in order to continue to look into this for you. Would you please open a ticket with Panopto Support, so that we can get some additional information?
Please let me know if you have any questions.
Thanks,
Kevin