Add permissions to render problems with WebworkWebservice.

First, this adds the permission `webservice_render_problem`
used to determine if a user can render a problem with the
WebworkWebservice, instead of using the `proctor_quiz_login`
permission for this.

Second, this adds an additional permission `webservice_render_source`
used to determine if a user can render problems using the
problem provided with the request. The use case for this is to
allow users which can render problems only using a problem
filename, but not by providing the problem's source.

These permissions are both set to `login_proctor` to match
current behavior and are provided to allow server admins to
change which users can render problems. These permissions are
not added to the course configuration page as they are permissions
that should not be modified by most users, only server admins
via `localOverrides.conf` or `course.conf`.

Author: somiaj

conf/defaults.config

@@ -780,6 +780,13 @@ $authen{admin_module} = ['WeBWorK::Authen::Basic_TheLastOption'];
 	modify_tags                    => "admin",
 	edit_restricted_files          => "admin",
 
+	# Permission to render problems using the WebworkWebservice.
+	# Users with only webservice_render_problem can render problems with a provided filename.
+	# Users with both permissions can also render problems with providing the problem source.
+	# Note the Problem Editor requires having both permissions.
+	webservice_render_problem      => "login_proctor",
+	webservice_render_source       => "login_proctor",
+
 	##### Behavior of the interactive problem processor #####
 	show_correct_answers_before_answer_date         => "ta",
 	show_solutions_before_answer_date               => "ta",

lib/WebworkWebservice.pm

@@ -95,8 +95,9 @@ the result_object of the instance.  An error_string will be set on failure.
 
 async sub rpc_execute {
 	my ($self, $command) = @_;
-	my $c       = $self->c;
-	my $user_id = $c->param('user');
+	my $c          = $self->c;
+	my $user_id    = $c->param('user');
+	my $inputs_ref = $self->{inputs_ref};
 
 	$command //= 'renderProblem';
 
@@ -108,6 +109,12 @@ async sub rpc_execute {
 	return $self->error_string(__PACKAGE__ . ": User $user_id does not have permission for the command $command")
 		unless $c->authz->hasPermissions($user_id, $permission);
 
+	# If rendering a problem and problem source is provided, check user is allow to render the provided source.
+	return $self->error_string(__PACKAGE__ . ": User $user_id does not have permission to render problem source.")
+		unless $command ne 'renderProblem'
+		|| $c->authz->hasPermissions($user_id, 'webservice_render_source')
+		|| !($inputs_ref->{problemSource} || $inputs_ref->{rawProblemSource} || $inputs_ref->{uriEncodedProblemSource});
+
 	# Determine the package that contains the method for this command.
 	my $command_package = '';
 	for my $package (
@@ -127,7 +134,7 @@ async sub rpc_execute {
 		unless $command_package;
 
 	my $result = eval {
-		my $out = $command_package->$command($self, $self->{inputs_ref});
+		my $out = $command_package->$command($self, $inputs_ref);
 		return await $out if ref $out eq 'Future' || ref $out eq 'Mojo::Promise';
 		return $out;
 	};
@@ -257,7 +264,7 @@ sub command_permission {
 		convertCodeToPGML => 'access_instructor_tools',
 
 		# WebworkWebservice::RenderProblem
-		renderProblem => 'proctor_quiz_login',
+		renderProblem => 'webservice_render_problem',
 
 		# WebworkWebservice::SetActions
 		listGlobalSets        => 'access_instructor_tools',