From d97703969984445b8c9b94aed2e68b1a82241f75 Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@hpi.de>
Date: Sun, 2 Feb 2020 12:35:24 +0100
Subject: [PATCH] Prevent updating the user role for LTI launches

---
 app/controllers/concerns/lti.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/concerns/lti.rb b/app/controllers/concerns/lti.rb
index f7bc62ac..a2fedcd5 100644
--- a/app/controllers/concerns/lti.rb
+++ b/app/controllers/concerns/lti.rb
@@ -155,7 +155,7 @@ module Lti
     internal_role = @current_user.role
     internal_role != 'admin' ? desired_role = external_role : desired_role = internal_role
     # Update user with new information but change the role only if he is no admin user
-    @current_user.update(email: external_user_email(@provider), name: external_user_name(@provider), role: desired_role)
+    @current_user.update(email: external_user_email(@provider), name: external_user_name(@provider))# TODO , role: desired_role)
   end
   private :set_current_user