From 4603ebaad5ab751ae0ff26f0fc8eede1dd081802 Mon Sep 17 00:00:00 2001
From: Aidin Niavarani <aidin@wynnset.com>
Date: Wed, 13 Dec 2017 16:38:02 -0800
Subject: [PATCH] Allow admins to view and delete LTI users and third party
 users associated with each user

- Change 'Courses' link on Manage Users screen for each user to Courses & Accounts, linking to new page
- Change User Courses page to User Courses & Accounts page
- Add two sections to list user's LTI and their third party account links to the User Courses & Accounts page
- Add uuid to the lti_user and third_party_user tables
- Add functionality to delete third party users and unlink lti users
- Add relevant backend and frontend acceptance tests
- Remove Manage LTI Links button from course page
- Change X icon on Manage LTI Links page (Unlink context) to trash icon for consistency
---
 compair/api/__init__.py                       |   9 +-
 compair/api/dataformat/__init__.py            |  17 ++
 compair/api/users.py                          | 115 +++++++++-
 compair/models/lti_models/lti_user.py         |  13 ++
 compair/models/third_party_user.py            |  12 +-
 compair/static/compair-config.js              |  30 ++-
 compair/static/less/compair.less              |   4 +-
 compair/static/less/lti_manage.less           |   4 +-
 .../{user_courses.less => user_manage.less}   |   6 +-
 .../course/course-assignments-partial.html    |   7 -
 .../lti-contexts-list-partial.html            |   2 +-
 .../modules/route/route-provider_spec.js      |  20 +-
 .../modules/user/user-list-partial.html       |   2 +-
 ...-partial.html => user-manage-partial.html} |  86 ++++++-
 compair/static/modules/user/user-module.js    |  62 +++++-
 .../test/factories/http_backend_mocks.js      |  95 ++++++++
 .../static/test/factories/lti_user_factory.js |  23 ++
 .../factories/third_party_user_factory.js     |  24 ++
 .../test/features/step_definitions/common.js  |   2 +-
 .../step_definitions/view_user_courses.js     |  71 ------
 .../step_definitions/view_user_manage.js      | 135 +++++++++++
 .../features/step_definitions/view_users.js   |  11 +-
 .../test/features/view_user_courses.feature   |  49 ----
 .../test/features/view_user_manage.feature    |  89 ++++++++
 .../test/fixtures/admin/default_fixture.js    |  52 ++++-
 .../static/test/page_objects/user_courses.js  |   7 -
 .../static/test/page_objects/user_manage.js   |   7 +
 compair/tests/api/test_users.py               | 209 +++++++++++++++++-
 28 files changed, 989 insertions(+), 174 deletions(-)
 rename compair/static/less/{user_courses.less => user_manage.less} (58%)
 rename compair/static/modules/user/{user-course-partial.html => user-manage-partial.html} (62%)
 create mode 100644 compair/static/test/factories/lti_user_factory.js
 create mode 100644 compair/static/test/factories/third_party_user_factory.js
 delete mode 100644 compair/static/test/features/step_definitions/view_user_courses.js
 create mode 100644 compair/static/test/features/step_definitions/view_user_manage.js
 delete mode 100644 compair/static/test/features/view_user_courses.feature
 create mode 100644 compair/static/test/features/view_user_manage.feature
 delete mode 100644 compair/static/test/page_objects/user_courses.js
 create mode 100644 compair/static/test/page_objects/user_manage.js

diff --git a/compair/api/__init__.py b/compair/api/__init__.py
index 28d79ee41..4e807d84f 100644
--- a/compair/api/__init__.py
+++ b/compair/api/__init__.py
@@ -236,7 +236,9 @@ def register_demo_api_blueprints(app):
 def log_events(log):
     # user events
     from .users import on_user_modified, on_user_get, on_user_list_get, on_user_create, on_user_course_get, \
-        on_user_password_update, on_user_edit_button_get, on_teaching_course_get, on_user_notifications_update
+        on_user_password_update, on_user_edit_button_get, on_teaching_course_get, on_user_notifications_update, \
+        on_user_course_status_get, on_user_lti_users_get, on_user_lti_user_unlink, on_user_third_party_users_get, \
+        on_user_third_party_user_delete
     on_user_modified.connect(log)
     on_user_get.connect(log)
     on_user_list_get.connect(log)
@@ -246,6 +248,11 @@ def log_events(log):
     on_user_edit_button_get.connect(log)
     on_user_notifications_update.connect(log)
     on_user_password_update.connect(log)
+    on_user_course_status_get.connect(log)
+    on_user_lti_users_get.connect(log)
+    on_user_lti_user_unlink.connect(log)
+    on_user_third_party_users_get.connect(log)
+    on_user_third_party_user_delete.connect(log)
 
     # course events
     from .course import on_course_modified, on_course_get, on_course_list_get, on_course_create, \
diff --git a/compair/api/dataformat/__init__.py b/compair/api/dataformat/__init__.py
index ca3eb8d67..53e0e8339 100644
--- a/compair/api/dataformat/__init__.py
+++ b/compair/api/dataformat/__init__.py
@@ -81,6 +81,23 @@ def get_users_in_course(restrict_user=True):
 
     return users
 
+def get_lti_user():
+    return {
+        'id': fields.String(attribute="uuid"),
+        'lti_consumer_id': fields.String(attribute="lti_consumer_uuid"),
+        'lti_user_id': fields.String(attribute="user_id"),
+        'compair_user_id': fields.String(attribute="compair_user_uuid"),
+        'oauth_consumer_key': fields.String,
+        'lis_person_name_full': fields.String
+    }
+
+def get_third_party_user():
+    return {
+        'id': fields.String(attribute="uuid"),
+        'third_party_type': UnwrapEnum(attribute="third_party_type"),
+        'unique_identifier': fields.String(attribute="unique_identifier"),
+        'compair_user_id': fields.String(attribute="compair_user_uuid")
+    }
 
 def get_course():
     return {
diff --git a/compair/api/users.py b/compair/api/users.py
index 1989029d4..a1c1503e3 100644
--- a/compair/api/users.py
+++ b/compair/api/users.py
@@ -11,8 +11,8 @@
 from compair.authorization import is_user_access_restricted, require, allow
 from compair.core import db, event, abort
 from .util import new_restful_api, get_model_changes, pagination_parser
-from compair.models import User, SystemRole, Course, UserCourse, CourseRole, \
-    Assignment, LTIUser, LTIUserResourceLink, LTIContext, ThirdPartyUser, ThirdPartyType, \
+from compair.models import User, SystemRole, Course, UserCourse, CourseRole, Assignment, \
+    LTIConsumer, LTIUser, LTIUserResourceLink, LTIContext, ThirdPartyUser, ThirdPartyType, \
     Answer, Comparison, AnswerComment, AnswerCommentType, EmailNotificationMethod
 from compair.api.login import authenticate
 from distutils.util import strtobool
@@ -90,6 +90,10 @@ def string_to_bool(value):
 on_user_edit_button_get = event.signal('USER_EDIT_BUTTON_GET')
 on_user_notifications_update = event.signal('USER_NOTIFICATIONS_UPDATE')
 on_user_password_update = event.signal('USER_PASSWORD_UPDATE')
+on_user_lti_users_get = event.signal('USER_LTI_USERS_GET')
+on_user_lti_user_unlink = event.signal('USER_LTI_USER_UNLINK')
+on_user_third_party_users_get = event.signal('USER_THIRD_PARTY_USERS_GET')
+on_user_third_party_user_delete = event.signal('USER_THIRD_PARTY_USER_DELETE')
 
 def check_valid_system_role(system_role):
     system_roles = [
@@ -597,6 +601,109 @@ def get(self):
 
         return {"statuses": statuses}
 
+# /id/lti/users
+class UserLTIListAPI(Resource):
+    @login_required
+    def get(self, user_uuid):
+
+        user = User.get_by_uuid_or_404(user_uuid)
+
+        require(MANAGE, User,
+            title="User's LTI Account Links Unavailable",
+            message="Sorry, your system role does not allow you to view LTI account links for this user.")
+
+        lti_users = user.lti_user_links \
+                        .order_by(
+                            LTIUser.lti_consumer_id,
+                            LTIUser.user_id
+                            ) \
+                        .all()
+
+        on_user_lti_users_get.send(
+            self,
+            event_name=on_user_lti_users_get.name,
+            user=current_user,
+            data={'user_id': user.id})
+
+        return {"objects": marshal(lti_users, dataformat.get_lti_user())}
+
+# /id/lti/users/uuid
+class UserLTIAPI(Resource):
+    @login_required
+    def delete(self, user_uuid, lti_user_uuid):
+        """
+        unlink lti user from compair user
+        """
+
+        user = User.get_by_uuid_or_404(user_uuid)
+        lti_user = LTIUser.get_by_uuid_or_404(lti_user_uuid)
+
+        require(MANAGE, User,
+            title="User's LTI Account Links Unavailable",
+            message="Sorry, your system role does not allow you to remove LTI account links for this user.")
+
+        lti_user.compair_user_id = None
+        db.session.commit()
+
+        on_user_lti_user_unlink.send(
+            self,
+            event_name=on_user_lti_user_unlink.name,
+            user=current_user,
+            data={'user_id': user.id, 'lti_user_id': lti_user.id})
+
+        return { 'success': True }
+
+# /id/third_party/users
+class UserThirdPartyUserListAPI(Resource):
+    @login_required
+    def get(self, user_uuid):
+
+        user = User.get_by_uuid_or_404(user_uuid)
+
+        require(MANAGE, User,
+            title="User's Third Party Logins Unavailable",
+            message="Sorry, your system role does not allow you to view third party logins for this user.")
+
+        third_party_users = ThirdPartyUser.query \
+                                .filter(ThirdPartyUser.user_id == user.id) \
+                                .order_by(
+                                    ThirdPartyUser.third_party_type,
+                                    ThirdPartyUser.unique_identifier
+                                    ) \
+                                .all()
+
+        on_user_third_party_users_get.send(
+            self,
+            event_name=on_user_third_party_users_get.name,
+            user=current_user,
+            data={'user_id': user.id})
+
+        return {"objects": marshal(third_party_users, dataformat.get_third_party_user())}
+
+#/id/third_party/users/uuid
+class UserThirdPartyUserAPI(Resource):
+    @login_required
+    def delete(self, user_uuid, third_party_user_uuid):
+
+        user = User.get_by_uuid_or_404(user_uuid)
+        third_party_user = ThirdPartyUser.get_by_uuid_or_404(third_party_user_uuid)
+
+        require(MANAGE, User,
+            title="User's Third Party Logins Unavailable",
+            message="Sorry, your system role does not allow you to delete third party connections for this user.")
+
+        on_user_third_party_user_delete.send(
+            self,
+            event_name=on_user_third_party_user_delete.name,
+            user=current_user,
+            data={'user_id': user.id, 'third_party_type': third_party_user.third_party_type, 'unique_identifier': third_party_user.unique_identifier})
+
+        # TODO: consider adding soft delete to thrid_party_user in the future
+        ThirdPartyUser.query.filter(ThirdPartyUser.uuid == third_party_user_uuid).delete()
+        db.session.commit()
+
+        return { 'success': True }
+
 # courses/teaching
 class TeachingUserCourseListAPI(Resource):
     @login_required
@@ -697,6 +804,10 @@ def post(self, user_uuid):
 api.add_resource(UserAPI, '/<user_uuid>')
 api.add_resource(UserListAPI, '')
 api.add_resource(UserCourseListAPI, '/<user_uuid>/courses')
+api.add_resource(UserThirdPartyUserAPI, '/<user_uuid>/third_party/users/<third_party_user_uuid>')
+api.add_resource(UserThirdPartyUserListAPI, '/<user_uuid>/third_party/users')
+api.add_resource(UserLTIAPI, '/<user_uuid>/lti/users/<lti_user_uuid>')
+api.add_resource(UserLTIListAPI, '/<user_uuid>/lti/users')
 api.add_resource(CurrentUserCourseListAPI, '/courses')
 api.add_resource(UserCourseStatusListAPI, '/courses/status')
 api.add_resource(TeachingUserCourseListAPI, '/courses/teaching')
diff --git a/compair/models/lti_models/lti_user.py b/compair/models/lti_models/lti_user.py
index 9df402a1b..41bcb6883 100644
--- a/compair/models/lti_models/lti_user.py
+++ b/compair/models/lti_models/lti_user.py
@@ -1,6 +1,7 @@
 # sqlalchemy
 from sqlalchemy import func, select, and_, or_
 from sqlalchemy.ext.hybrid import hybrid_property
+from sqlalchemy.ext.associationproxy import association_proxy
 from sqlalchemy_enum34 import EnumType
 
 from . import *
@@ -29,6 +30,10 @@ class LTIUser(DefaultTableMixin, UUIDMixin, WriteTrackingMixin):
     lti_user_resource_links = db.relationship("LTIUserResourceLink", backref="lti_user", lazy="dynamic")
 
     # hyprid and other functions
+    lti_consumer_uuid = association_proxy('lti_consumer', 'uuid')
+    oauth_consumer_key = association_proxy('lti_consumer', 'oauth_consumer_key')
+    compair_user_uuid = association_proxy('compair_user', 'uuid')
+
     def is_linked_to_user(self):
         return self.compair_user_id != None
 
@@ -75,6 +80,14 @@ def get_by_tool_provider(cls, lti_consumer, tool_provider):
 
         return lti_user
 
+    @classmethod
+    def get_by_uuid_or_404(cls, model_uuid, joinedloads=[], title=None, message=None):
+        if not title:
+            title = "LTI User Unavailable"
+        if not message:
+            message = "Sorry, this LTI user was deleted or is no longer accessible."
+        return super(cls, cls).get_by_uuid_or_404(model_uuid, joinedloads, title, message)
+
     def upgrade_system_role(self):
         # upgrade system role is needed
         if self.is_linked_to_user():
diff --git a/compair/models/third_party_user.py b/compair/models/third_party_user.py
index 98abd4f7b..2a0b8b6d3 100644
--- a/compair/models/third_party_user.py
+++ b/compair/models/third_party_user.py
@@ -9,6 +9,7 @@
 from sqlalchemy.orm import synonym
 from sqlalchemy import func, select, and_, or_
 from sqlalchemy.ext.hybrid import hybrid_property
+from sqlalchemy.ext.associationproxy import association_proxy
 from sqlalchemy_enum34 import EnumType
 
 from . import *
@@ -28,6 +29,7 @@ class ThirdPartyUser(DefaultTableMixin, UUIDMixin, WriteTrackingMixin):
 
     # relationships
     # user via User Model
+    compair_user_uuid = association_proxy('user', 'uuid')
 
     # hyprid and other functions
 
@@ -47,4 +49,12 @@ def __declare_last__(cls):
         # prevent duplicate user in course
         db.UniqueConstraint('third_party_type', 'unique_identifier', name='_unique_third_party_type_and_unique_identifier'),
         DefaultTableMixin.default_table_args
-    )
\ No newline at end of file
+    )
+
+    @classmethod
+    def get_by_uuid_or_404(cls, model_uuid, joinedloads=[], title=None, message=None):
+        if not title:
+            title = "Third Party User Unavailable"
+        if not message:
+            message = "Sorry, this third party user was deleted or is no longer accessible."
+        return super(cls, cls).get_by_uuid_or_404(model_uuid, joinedloads, title, message)
\ No newline at end of file
diff --git a/compair/static/compair-config.js b/compair/static/compair-config.js
index a0ebcf866..11b59773d 100644
--- a/compair/static/compair-config.js
+++ b/compair/static/compair-config.js
@@ -135,10 +135,12 @@ myApp.factory('RouteResolves',
      "CourseResource", "AssignmentResource", "ClassListResource", "GroupResource",
      "UserResource", "ComparisonExampleResource", "CriterionResource", "AssignmentCommentResource",
      "AnswerResource", "TimerResource", "GradebookResource", "LTIConsumerResource",
+     "UserLTIUsersResource", "UserThirdPartyUsersResource", "AuthTypesEnabled",
     function($q, $route, Toaster, Authorize, Session, LTI,
              CourseResource, AssignmentResource, ClassListResource, GroupResource,
              UserResource, ComparisonExampleResource, CriterionResource, AssignmentCommentResource,
-             AnswerResource, TimerResource, GradebookResource, LTIConsumerResource)
+             AnswerResource, TimerResource, GradebookResource, LTIConsumerResource,
+             UserLTIUsersResource, UserThirdPartyUsersResource, AuthTypesEnabled)
 {
     return {
 
@@ -245,6 +247,20 @@ myApp.factory('RouteResolves',
             var assignmentId = $route.current.params.assignmentId;
             return AnswerResource.userUnsaved({'courseId': courseId, 'assignmentId': assignmentId}).$promise;
         },
+        userLTIs: function() {
+            if (AuthTypesEnabled.lti) {
+                var userId = $route.current.params.userId;
+                return UserLTIUsersResource.get({'id': userId}).$promise;
+            }
+            return $q.when({'objects':[]});
+        },
+        userThirdPartyUsers: function() {
+            if (AuthTypesEnabled.cas) {
+                var userId = $route.current.params.userId;
+                return UserThirdPartyUsersResource.get({'id': userId}).$promise;
+            }
+            return $q.when({'objects':[]});
+        },
 
         //other
         timer: function() {
@@ -641,17 +657,19 @@ myApp.config(
                     }
                 }
             })
-        .when('/users/:userId/course',
+        .when('/users/:userId/manage',
             {
-                title: "Manage User Courses",
-                templateUrl: 'modules/user/user-course-partial.html',
-                label: "Manage User Courses",
-                controller: 'UserCourseController',
+                title: "User Courses & Accounts",
+                templateUrl: 'modules/user/user-manage-partial.html',
+                label: "User Courses & Accounts",
+                controller: 'UserManageController',
                 resolve: {
                     resolvedData: function() {
                         return ResolveDeferredRouteData({
                             user: RouteResolves.user(),
                             canManageUsers: RouteResolves.canManageUsers(),
+                            userLTIs: RouteResolves.userLTIs(),
+                            userThirdPartyUsers: RouteResolves.userThirdPartyUsers()
                         }, ['user']);
                     }
                 }
diff --git a/compair/static/less/compair.less b/compair/static/less/compair.less
index 6c43f52c3..c304b381d 100644
--- a/compair/static/less/compair.less
+++ b/compair/static/less/compair.less
@@ -18,8 +18,8 @@
 // USERS SCREEN
 @import 'users.less';
 
-// USER COURSES SCREEN
-@import 'user_courses.less';
+// USER MANAGE SCREEN
+@import 'user_manage.less';
 
 // COURSE SCREEN
 @import 'course.less';
diff --git a/compair/static/less/lti_manage.less b/compair/static/less/lti_manage.less
index bcf283bff..5b0b2a48b 100644
--- a/compair/static/less/lti_manage.less
+++ b/compair/static/less/lti_manage.less
@@ -1,9 +1,9 @@
 
-/***** USER COURSES SCREEN *****/
+/***** USER MANAGE SCREEN *****/
 
 .lti-contexts-screen {
 
     .search-contexts {
         margin-top: 1.7em;
     }
-}//closes user-courses-screen
+}//closes user-manage-screen
diff --git a/compair/static/less/user_courses.less b/compair/static/less/user_manage.less
similarity index 58%
rename from compair/static/less/user_courses.less
rename to compair/static/less/user_manage.less
index 80988a5c1..22b2d0231 100644
--- a/compair/static/less/user_courses.less
+++ b/compair/static/less/user_manage.less
@@ -1,7 +1,7 @@
 
-/***** USER COURSES SCREEN *****/
+/***** USER MANAGE SCREEN *****/
 
-.user-courses-screen {
+.user-manage-screen {
 
   .search-courses {
     margin-top: 1.7em;
@@ -12,5 +12,5 @@
     
   }
 
-}//closes user-courses-screen
+}//closes user-manage-screen
 
diff --git a/compair/static/modules/course/course-assignments-partial.html b/compair/static/modules/course/course-assignments-partial.html
index b79c1b503..0e340d577 100644
--- a/compair/static/modules/course/course-assignments-partial.html
+++ b/compair/static/modules/course/course-assignments-partial.html
@@ -24,13 +24,6 @@ <h1><i class="fa fa-book"></i> {{course.name}} ({{course.year}} {{course.term}})
                     Edit Course
                 </a>
             </span>
-            <span ng-if="canManageUsers && course.lti_linked">
-                <a ng-href="#/course/{{course.id}}/lti/context"
-                    class="btn btn-primary" id="add-assignment-btn">
-                    <i class="fa fa-cogs"></i>
-                    Manage LTI Links
-                </a>
-            </span>
         </div>
     </div>
     
diff --git a/compair/static/modules/lti_context/lti-contexts-list-partial.html b/compair/static/modules/lti_context/lti-contexts-list-partial.html
index 795490fc7..55b983410 100644
--- a/compair/static/modules/lti_context/lti-contexts-list-partial.html
+++ b/compair/static/modules/lti_context/lti-contexts-list-partial.html
@@ -32,7 +32,7 @@ <h2 class="col-md-6">LTI links</h2>
                 <tr ng-repeat="context in contexts">
                     <td class="nowrap">
                         <a title="Unlink this context" href="" confirmation-needed="unlinkContext(context)" keyword="LTI link">
-                            <i class="glyphicon glyphicon-remove"></i>
+                            <i class="glyphicon glyphicon-trash"></i>
                         </a>
                     </td>
                     <td>
diff --git a/compair/static/modules/route/route-provider_spec.js b/compair/static/modules/route/route-provider_spec.js
index 1ee462bd5..0fc6c670b 100644
--- a/compair/static/modules/route/route-provider_spec.js
+++ b/compair/static/modules/route/route-provider_spec.js
@@ -887,12 +887,14 @@ describe('user-module', function () {
             });
         });
 
-        describe('"/users/:userId/course"', function() {
-            var path = '/users/'+mockUserId+'/course';
+        describe('"/users/:userId/manage"', function() {
+            var path = '/users/'+mockUserId+'/manage';
 
             it('should handle pre-loading errors', function() {
                 $httpBackend.expectGET('/api/users/'+mockUserId).respond(404, '');
-                $httpBackend.expectGET('modules/user/user-course-partial.html').respond('');
+                $httpBackend.expectGET('/api/users/'+mockUserId+'/lti/users').respond({});
+                $httpBackend.expectGET('/api/users/'+mockUserId+'/third_party/users').respond({});
+                $httpBackend.expectGET('modules/user/user-manage-partial.html').respond('');
 
                 expect($route.current).toBeUndefined();
                 $location.path(path);
@@ -905,13 +907,15 @@ describe('user-module', function () {
 
                 expect(toaster.error).toHaveBeenCalled();
                 expect($rootScope.routeResolveLoadError).not.toBeUndefined();
-                expect($route.current.templateUrl).toBe('modules/user/user-course-partial.html');
-                expect($route.current.controller).toBe('UserCourseController');
+                expect($route.current.templateUrl).toBe('modules/user/user-manage-partial.html');
+                expect($route.current.controller).toBe('UserManageController');
             });
 
             it('should load correctly', function() {
                 $httpBackend.expectGET('/api/users/'+mockUserId).respond({});
-                $httpBackend.expectGET('modules/user/user-course-partial.html').respond('');
+                $httpBackend.expectGET('/api/users/'+mockUserId+'/lti/users').respond({});
+                $httpBackend.expectGET('/api/users/'+mockUserId+'/third_party/users').respond({});
+                $httpBackend.expectGET('modules/user/user-manage-partial.html').respond('');
 
                 expect($route.current).toBeUndefined();
                 $location.path(path);
@@ -923,8 +927,8 @@ describe('user-module', function () {
 
                 expect(toaster.error).not.toHaveBeenCalled();
                 expect($rootScope.routeResolveLoadError).toBeUndefined();
-                expect($route.current.templateUrl).toBe('modules/user/user-course-partial.html');
-                expect($route.current.controller).toBe('UserCourseController');
+                expect($route.current.templateUrl).toBe('modules/user/user-manage-partial.html');
+                expect($route.current.controller).toBe('UserManageController');
             });
         });
 
diff --git a/compair/static/modules/user/user-list-partial.html b/compair/static/modules/user/user-list-partial.html
index 87e6b843e..6f543126e 100644
--- a/compair/static/modules/user/user-list-partial.html
+++ b/compair/static/modules/user/user-list-partial.html
@@ -40,7 +40,7 @@ <h1 class="col-sm-8">Manage Users</h1>
                     <td class="nowrap">
                         <a href="#/user/{{user.id}}/edit" target="_blank">Edit</a>
                         <span>&nbsp;|&nbsp;</span>
-                        <a href="#/users/{{user.id}}/course">Manage Courses</a>
+                        <a href="#/users/{{user.id}}/manage">Courses & Accounts</a>
                     </td>
                     <td><i class="fa fa-user"></i> {{user.displayname}}</td>
                     <td>{{user.firstname}}</td>
diff --git a/compair/static/modules/user/user-course-partial.html b/compair/static/modules/user/user-manage-partial.html
similarity index 62%
rename from compair/static/modules/user/user-course-partial.html
rename to compair/static/modules/user/user-manage-partial.html
index c5b42aeb1..4a82cebd1 100644
--- a/compair/static/modules/user/user-course-partial.html
+++ b/compair/static/modules/user/user-manage-partial.html
@@ -1,8 +1,12 @@
-<div class="user-courses-screen">
+<div class="user-manage-screen">
+
+    <h1>{{ user.displayname }}'s Courses & Accounts</h1>
+
+    <br><br>
 
     <div class="row">
-        <h1 class="col-sm-6">Manage {{ user.displayname }}'s Courses</h1>
 
+        <h2 class="col-sm-6">Courses</h2>
         <form class="col-sm-6 search-courses text-right" role="search" ng-if="courses.length || courseFilters.search || courseFilters.includeSandbox!==null">
             <div class="input-group">
                 <div class="input-group-btn" uib-dropdown>
@@ -92,4 +96,82 @@ <h1 class="col-sm-6">Manage {{ user.displayname }}'s Courses</h1>
         <p ng-if="courseFilters.search">No courses found for this search. Please try another search term above.</p>
     </div>
 
+    <br>
+
+    <div ng-if="AuthTypesEnabled.lti">
+
+        <div class="row">
+            <h2 class="col-sm-12">LTI account links</h2>
+        </div>
+
+        <div class="table-responsive" ng-if="lti_users.length">
+            <table class="table table-striped">
+                <thead>
+                    <tr>
+                        <th>Actions</th>
+                        <th>Consumer Key</th>
+                        <th>ID</th>
+                        <th>Full Name</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <tr ng-repeat="lti_user in lti_users">
+                        <td class="nowrap">
+                            <a title="Unlink this LTI account" href="" confirmation-needed="unlinkLTI(lti_user)" keyword="LTI account link" class="delete-lti-user" ng-if="canManageUsers">
+                                <i class="glyphicon glyphicon-trash"></i>
+                            </a>
+                        </td>
+                        <td>{{lti_user.oauth_consumer_key}}</td>
+                        <td>{{lti_user.lti_user_id}}</td>
+                        <td>{{lti_user.lis_person_name_full}}</td>
+                    </tr>
+                </tbody>
+            </table>
+        </div>
+
+        <div ng-if="!lti_users.length">
+            <p><br>This user does not have any LTI account links</p>
+        </div>
+
+        <br><br>
+
+    </div>
+
+    <div ng-if="AuthTypesEnabled.cas">
+
+        <div class="row">
+            <h2 class="col-sm-12">CWL account links</h2>
+        </div>
+
+        <div class="table-responsive" ng-if="third_party_users.length">
+            <table class="table table-striped">
+                <thead>
+                    <tr>
+                        <th>Actions</th>
+                        <th>Type</th>
+                        <th>ID</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    <tr ng-repeat="third_party_user in third_party_users">
+                        <td class="nowrap">
+                            <a title="unlink this CWL account" href="" confirmation-needed="deleteThirdPartyUser(third_party_user)" keyword="CWL account link" class="delete-third-party-user" ng-if="canManageUsers">
+                                <i class="glyphicon glyphicon-trash"></i>
+                            </a>
+                        </td>
+                        <td>{{third_party_user.third_party_type}}</a></td>
+                        <td>{{third_party_user.unique_identifier}}</td>
+                    </tr>
+                </tbody>
+            </table>
+        </div>
+
+        <div ng-if="!third_party_users.length">
+            <p><br>This user does not have any CWL account links</p>
+        </div>
+
+        <br><br>
+
+    </div>
+
 </div>
diff --git a/compair/static/modules/user/user-module.js b/compair/static/modules/user/user-module.js
index 95f0a7fdb..d20f2c4fc 100644
--- a/compair/static/modules/user/user-module.js
+++ b/compair/static/modules/user/user-module.js
@@ -36,6 +36,24 @@ module.factory('UserResource', ['$resource', function($resource) {
     return User;
 }]);
 
+module.factory('UserLTIUsersResource', ['$resource', function($resource) {
+    var UserLTIUsers = $resource('/api/users/:id/lti/users', {id: '@id'}, {
+        deleteById: { method: 'DELETE',  url: '/api/users/:id/lti/users/:ltiUserId'},
+    });
+    UserLTIUsers.MODEL = "User";
+
+    return UserLTIUsers;
+}]);
+
+module.factory('UserThirdPartyUsersResource', ['$resource', function($resource) {
+    var UserThirdPartyUsers = $resource('/api/users/:id/third_party/users', {id: '@id'}, {
+        deleteById: { method: 'DELETE',  url: '/api/users/:id/third_party/users/:thirdPartyUserId'},
+    });
+    UserThirdPartyUsers.MODEL = "User";
+
+    return UserThirdPartyUsers;
+}]);
+
 module.constant('UserSettings', {
     notifications: false,
     expose_email_to_instructor: false
@@ -256,11 +274,13 @@ module.controller("UserListController",
     }]
 );
 
-module.controller("UserCourseController",
-    ['$scope', '$location', '$route', '$routeParams', 'UserResource', 'CourseResource', 'GroupResource', 'ClassListResource',
-     'Toaster', 'breadcrumbs', 'CourseRole', 'xAPIStatementHelper', "moment", "resolvedData",
-    function($scope, $location, $route, $routeParams, UserResource, CourseResource, GroupResource, ClassListResource,
-             Toaster, breadcrumbs, CourseRole, xAPIStatementHelper, moment, resolvedData)
+module.controller("UserManageController",
+    ['$scope', '$location', '$route', '$routeParams', 'UserResource', 'CourseResource', 'GroupResource',
+     'UserLTIUsersResource', 'UserThirdPartyUsersResource', 'ClassListResource', 'Toaster', 'breadcrumbs',
+     'CourseRole', 'AuthTypesEnabled', 'xAPIStatementHelper', "moment", "resolvedData",
+    function($scope, $location, $route, $routeParams, UserResource, CourseResource, GroupResource,
+             UserLTIUsersResource, UserThirdPartyUsersResource, ClassListResource, Toaster, breadcrumbs,
+             CourseRole, AuthTypesEnabled, xAPIStatementHelper, moment, resolvedData)
     {
         $scope.userId = $routeParams.userId;
 
@@ -277,7 +297,11 @@ module.controller("UserCourseController",
             includeSandbox: null
         };
 
-        breadcrumbs.options = {'Manage User Courses': "Manage {0}'s Courses".format($scope.user.displayname)};
+        $scope.third_party_users = resolvedData.userThirdPartyUsers.objects;
+        $scope.lti_users = resolvedData.userLTIs.objects;
+        $scope.AuthTypesEnabled = AuthTypesEnabled;
+
+        breadcrumbs.options = {'User Courses & Accounts': "{0}'s Courses & Accounts".format($scope.user.displayname)};
         $scope.course_roles = [CourseRole.student, CourseRole.teaching_assistant, CourseRole.instructor];
 
         if (!$scope.canManageUsers) {
@@ -347,6 +371,32 @@ module.controller("UserCourseController",
             }
         };
 
+        $scope.unlinkLTI = function(lti_user) {
+            var params = {
+                id: $scope.userId,
+                ltiUserId: lti_user.id,
+            }
+            UserLTIUsersResource.deleteById(params).$promise.then(
+                function (ret) {
+                    Toaster.success("LTI Unlink", "Successfully unlinked the LTI user as requested.");
+                    $route.reload();
+                }
+            );
+        }
+
+        $scope.deleteThirdPartyUser = function(third_party_user) {
+            var params = {
+                id: $scope.userId,
+                thirdPartyUserId: third_party_user.id,
+            }
+            UserThirdPartyUsersResource.deleteById(params).$promise.then(
+                function (ret) {
+                    Toaster.success("Third Party User Delete", "Successfully deleted the third party user as requested.");
+                    $route.reload();
+                }
+            );
+        }
+
         var filterWatcher = function(newValue, oldValue) {
             if (angular.equals(newValue, oldValue)) return;
             if (oldValue.search != newValue.search) {
diff --git a/compair/static/test/factories/http_backend_mocks.js b/compair/static/test/factories/http_backend_mocks.js
index b9bc45321..f76f34747 100644
--- a/compair/static/test/factories/http_backend_mocks.js
+++ b/compair/static/test/factories/http_backend_mocks.js
@@ -375,6 +375,101 @@ module.exports.httpbackendMock = function(storageFixtures) {
             }, {}]
         });
 
+        // get user lti users
+        $httpBackend.whenGET(/\/api\/users\/[A-Za-z0-9_-]{22}\/lti\/users$/).respond(function(method, url, data, headers) {
+            var userId = url.split('/')[3];
+            var lti_users = [];
+
+            if (storageFixture.storage().user_lti_users[userId]) {
+
+                lti_users = angular.copy(storageFixture.storage().user_lti_users[userId]);
+            }
+
+            lti_users = _.sortBy(lti_users, ['lti_consumer_id', 'lti_user_id']);
+
+            return [200, {
+                "objects": lti_users
+            }, {}]
+        });
+
+        // unlink lti user
+        $httpBackend.whenDELETE(/\/api\/users\/[A-Za-z0-9_-]{22}\/lti\/users\/[A-Za-z0-9_-]{22}$/).respond(function(method, url, data, headers) {
+            var userId = url.split('/')[3];
+            var ltiUserId = url.split('/').pop();
+
+            if (storageFixture.storage().user_lti_users[userId]) {
+                angular.forEach(storageFixture.storage().user_lti_users[userId], function(ltiUser, index) {
+                    if (ltiUser.id == ltiUserId) {
+                        storageFixture.storage().user_lti_users[userId].splice(index, 1);
+                    }
+                });
+            };
+
+            return [200, {
+                "success": true
+            }, {}]
+        });
+
+        // get user third party users
+        $httpBackend.whenGET(/\/api\/users\/[A-Za-z0-9_-]{22}\/third_party\/users$/).respond(function(method, url, data, headers) {
+            var userId = url.split('/')[3];
+            var third_party_users = [];
+
+            if (storageFixture.storage().user_third_party_users[userId]) {
+
+                third_party_users = angular.copy(storageFixture.storage().user_third_party_users[userId]);
+            }
+
+            third_party_users = _.sortBy(third_party_users, ['third_party_type', 'unique_identifier']);
+
+            return [200, {
+                "objects": third_party_users
+            }, {}]
+        });
+
+        // delete third party user
+        $httpBackend.whenDELETE(/\/api\/users\/[A-Za-z0-9_-]{22}\/third_party\/users\/[A-Za-z0-9_-]{22}$/).respond(function(method, url, data, headers) {
+            var userId = url.split('/')[3];
+            var thirdPartyUserId = url.split('/').pop();
+
+            if (storageFixture.storage().user_third_party_users[userId]) {
+                angular.forEach(storageFixture.storage().user_third_party_users[userId], function(thirdPartyUser, index) {
+                    if (thirdPartyUser.id == thirdPartyUserId) {
+                        storageFixture.storage().user_third_party_users[userId].splice(index, 1);
+                    }
+                });
+            };
+
+            return [200, {
+                "success": true
+            }, {}]
+        });
+
+        // get user third party users
+        $httpBackend.whenGET(/\/api\/users\/[A-Za-z0-9_-]{22}\/third_party\/users$/).respond(function(method, url, data, headers) {
+            var userId = url.split('/')[3];
+            var third_party_users = [];
+
+            if (storageFixture.storage().third_party_users[userId]) {
+                angular.forEach(storageFixture.storage().user_third_party_users[userId], function(userThirdPartyUser) {
+
+                    var third_party_user_copy = angular.copy(userThirdPartyUser);
+                    third_party_users.push(third_party_user_copy)
+                });
+            }
+
+            third_party_users = _.sortBy(third_party_users, function(third_party_user) {
+                return third_party_user.third_party_type;
+            });
+            third_party_users = _.sortBy(third_party_users, function(third_party_user) {
+                return third_party_user.unique_identifier;
+            });
+
+            return [200, {
+                "objects": third_party_users
+            }, {}]
+        });
+
         // get current user courses status
         $httpBackend.whenGET(/\/api\/users\/courses\/status\?.*$/).respond(function(method, url, data, headers) {
             var courses = _.values(storageFixture.storage().courses);
diff --git a/compair/static/test/factories/lti_user_factory.js b/compair/static/test/factories/lti_user_factory.js
new file mode 100644
index 000000000..d65777096
--- /dev/null
+++ b/compair/static/test/factories/lti_user_factory.js
@@ -0,0 +1,23 @@
+var objectAssign = require('object-assign');
+
+var ltiUserTemplate = {
+    "id": null,
+    "lti_consumer_id": null,
+    "compair_user_id": null,
+    "lti_user_id": null,
+    "lis_person_name_full": null,
+    "oauth_consumer_key": null
+}
+
+function LTIUserFactory() {};
+
+LTIUserFactory.prototype.generateLTIUser = function (id, lti_consumer_id, compair_user_id, parameters) {
+    var newLTIUser = objectAssign({}, ltiUserTemplate, parameters);
+    newLTIUser.id = id;
+    newLTIUser.lti_consumer_id = lti_consumer_id;
+    newLTIUser.compair_user_id = compair_user_id;
+
+    return newLTIUser;
+};
+
+module.exports = LTIUserFactory;
diff --git a/compair/static/test/factories/third_party_user_factory.js b/compair/static/test/factories/third_party_user_factory.js
new file mode 100644
index 000000000..ac7b18928
--- /dev/null
+++ b/compair/static/test/factories/third_party_user_factory.js
@@ -0,0 +1,24 @@
+var objectAssign = require('object-assign');
+
+var thirdPartyUserTemplate = {
+    "id": null,
+    "user_id": null,
+    "third_party_type": null,
+    "unique_identifier": null,
+    "_params": null,
+    "system_role": null,
+    "created": "Mon, 18 Apr 2016 17:38:23 -0000",
+    "modified": "Mon, 18 Apr 2016 17:38:23 -0000"
+}
+
+function thirdPartyUserFactory() {};
+
+thirdPartyUserFactory.prototype.generatethirdPartyUser = function (id, user_id, parameters) {
+    var newThirdPartyUser = objectAssign({}, thirdPartyUserTemplate, parameters);
+    newThirdPartyUser.id = id;
+    newThirdPartyUser.user_id = user_id;
+
+    return newThirdPartyUser;
+};
+
+module.exports = thirdPartyUserFactory;
diff --git a/compair/static/test/features/step_definitions/common.js b/compair/static/test/features/step_definitions/common.js
index c2b5794ad..a52470969 100644
--- a/compair/static/test/features/step_definitions/common.js
+++ b/compair/static/test/features/step_definitions/common.js
@@ -116,7 +116,7 @@ var commonStepDefinitionsWrapper = function() {
             'create user': /.*\/user\/create$/,
             'edit profile': /.*\/user\/[A-Za-z0-9_-]{22}\/edit$/,
             'users': /.*\/users(\?.+)?$/,
-            'user courses': /.*\/users\/[A-Za-z0-9_-]{22}\/course(\?.+)?$/,
+            'user manage': /.*\/users\/[A-Za-z0-9_-]{22}\/manage(\?.+)?$/,
             'manage lti': /.*\/lti\/consumer(\?.+)?$/,
             'create lti consumer': /.*\/lti\/consumer\/create$/,
             'edit lti consumer': /.*\/lti\/consumer\/[A-Za-z0-9_-]{22}\/edit$/,
diff --git a/compair/static/test/features/step_definitions/view_user_courses.js b/compair/static/test/features/step_definitions/view_user_courses.js
deleted file mode 100644
index d713ee90a..000000000
--- a/compair/static/test/features/step_definitions/view_user_courses.js
+++ /dev/null
@@ -1,71 +0,0 @@
-// Use the external Chai As Promised to deal with resolving promises in
-// expectations
-var chai = require('chai');
-var chaiAsPromised = require('chai-as-promised');
-chai.use(chaiAsPromised);
-
-var expect = chai.expect;
-
-var viewUserCoursesStepDefinitionsWrapper = function () {
-
-    this.Then("I should see '$count' courses listed", function (count) {
-        browser.waitForAngular();
-        return expect(element.all(by.exactRepeater("course in courses"))
-            .count()).to.eventually.eql(parseInt(count));
-    });
-
-    this.Then("I should see courses with names:", function (data) {
-        browser.waitForAngular();
-        var list = data.hashes().map(function(item) {
-            return item.name;
-        });
-
-        return expect(element.all(by.exactRepeater("course in courses")
-            .column('course.name')).getText()).to.eventually.eql(list);
-    });
-
-    this.When("I filter user courses page by '$filter'", function (filter) {
-        element(by.css("form.search-courses input")).sendKeys(filter);
-        // force blur
-        return element(by.css("body")).click();
-    });
-
-    this.When("I select drop for the first course listed", function () {
-        element.all(by.exactRepeater("course in courses")).get(0)
-            .element(by.cssContainingText('a', 'Drop')).click();
-
-        browser.wait(protractor.ExpectedConditions.alertIsPresent(), 1000);
-
-        browser.driver.switchTo().alert().accept();
-        browser.driver.switchTo().defaultContent();
-        return element(by.css("body")).click();
-    });
-
-    this.When("I select the Student role for the first course", function () {
-        var roleSelect = element.all(by.exactRepeater("course in courses"))
-            .get(0)
-            .element(by.model('course.course_role'));
-        if (browser.browserName == "firefox") {
-            roleSelect.click();
-        }
-
-        roleSelect.sendKeys('Student');
-        // force blur
-        return element(by.css("body")).click();
-    });
-
-    this.When("I set the first course's group to '$groupname'", function (groupname) {
-        var groupSelect = element.all(by.exactRepeater("course in courses"))
-            .get(0)
-            .element(by.model('course.group_name'));
-        if (browser.browserName == "firefox") {
-            groupSelect.click();
-        }
-
-        groupSelect.sendKeys(groupname);
-        // force blur
-        return element(by.css("body")).click();
-    });
-};
-
-module.exports = viewUserCoursesStepDefinitionsWrapper;
\ No newline at end of file
diff --git a/compair/static/test/features/step_definitions/view_user_manage.js b/compair/static/test/features/step_definitions/view_user_manage.js
new file mode 100644
index 000000000..d0565aecb
--- /dev/null
+++ b/compair/static/test/features/step_definitions/view_user_manage.js
@@ -0,0 +1,135 @@
+// Use the external Chai As Promised to deal with resolving promises in
+// expectations
+var chai = require('chai');
+var chaiAsPromised = require('chai-as-promised');
+chai.use(chaiAsPromised);
+
+var expect = chai.expect;
+
+var viewUserManageStepDefinitionsWrapper = function () {
+
+    this.Then("I should see '$count' courses listed", function (count) {
+        browser.waitForAngular();
+        return expect(element.all(by.exactRepeater("course in courses"))
+            .count()).to.eventually.eql(parseInt(count));
+    });
+
+    this.Then("I should see courses with names:", function (data) {
+        browser.waitForAngular();
+        var list = data.hashes().map(function(item) {
+            return item.name;
+        });
+
+        return expect(element.all(by.exactRepeater("course in courses")
+            .column('course.name')).getText()).to.eventually.eql(list);
+    });
+
+    this.When("I filter user courses & accounts page courses by '$filter'", function (filter) {
+        element(by.css("form.search-courses input")).sendKeys(filter);
+        // force blur
+        return element(by.css("body")).click();
+    });
+
+    this.When("I select drop for the first course listed", function () {
+        element.all(by.exactRepeater("course in courses")).get(0)
+            .element(by.cssContainingText('a', 'Drop')).click();
+
+        browser.wait(protractor.ExpectedConditions.alertIsPresent(), 1000);
+
+        browser.driver.switchTo().alert().accept();
+        browser.driver.switchTo().defaultContent();
+        return element(by.css("body")).click();
+    });
+
+    this.When("I select the Student role for the first course", function () {
+        var roleSelect = element.all(by.exactRepeater("course in courses"))
+            .get(0)
+            .element(by.model('course.course_role'));
+        if (browser.browserName == "firefox") {
+            roleSelect.click();
+        }
+
+        roleSelect.sendKeys('Student');
+        // force blur
+        return element(by.css("body")).click();
+    });
+
+    this.When("I set the first course's group to '$groupname'", function (groupname) {
+        var groupSelect = element.all(by.exactRepeater("course in courses"))
+            .get(0)
+            .element(by.model('course.group_name'));
+        if (browser.browserName == "firefox") {
+            groupSelect.click();
+        }
+
+        groupSelect.sendKeys(groupname);
+        // force blur
+        return element(by.css("body")).click();
+    });
+
+    this.Then("I should see '$count' LTI connections listed", function (count) {
+        browser.waitForAngular();
+        return expect(element.all(by.exactRepeater("lti_user in lti_users"))
+            .count()).to.eventually.eql(parseInt(count));
+    });
+
+    this.Then("I should see LTI connections with entries:", function (data) {
+        browser.waitForAngular();
+        var consumer_keys = data.hashes().map(function(item) {
+            return item.consumer_key;
+        });
+        var user_ids = data.hashes().map(function(item) {
+            return item.lti_user_id;
+        });
+
+        return expect(element.all(by.exactRepeater("lti_user in lti_users")
+            .column('lti_user.oauth_consumer_key')).getText()).to.eventually.eql(consumer_keys) &&
+                expect(element.all(by.exactRepeater("lti_user in lti_users")
+            .column('lti_user.lti_user_id')).getText()).to.eventually.eql(user_ids);
+    });
+
+    this.When("I select unlink for the first LTI connection listed", function () {
+        element.all(by.exactRepeater("lti_user in lti_users")).get(0)
+            .element(by.css('a.delete-lti-user')).click();
+
+        browser.wait(protractor.ExpectedConditions.alertIsPresent(), 1000);
+
+        browser.driver.switchTo().alert().accept();
+        browser.driver.switchTo().defaultContent();
+        return element(by.css("body")).click();
+    });
+
+    this.Then("I should see '$count' third party connections listed", function (count) {
+        browser.waitForAngular();
+        return expect(element.all(by.exactRepeater("third_party_user in third_party_users"))
+            .count()).to.eventually.eql(parseInt(count));
+    });
+
+    this.Then("I should see third party connections with entries:", function (data) {
+        browser.waitForAngular();
+        var types = data.hashes().map(function(item) {
+            return item.type;
+        });
+        var ids = data.hashes().map(function(item) {
+            return item.id;
+        });
+
+        return expect(element.all(by.exactRepeater("third_party_user in third_party_users")
+            .column('third_party_user.third_party_type')).getText()).to.eventually.eql(types) &&
+                expect(element.all(by.exactRepeater("third_party_user in third_party_users")
+            .column('third_party_user.unique_identifier')).getText()).to.eventually.eql(ids);
+    });
+
+    this.When("I select delete for the first third party connection listed", function () {
+        element.all(by.exactRepeater("third_party_user in third_party_users")).get(0)
+            .element(by.css('a.delete-third-party-user')).click();
+
+        browser.wait(protractor.ExpectedConditions.alertIsPresent(), 1000);
+
+        browser.driver.switchTo().alert().accept();
+        browser.driver.switchTo().defaultContent();
+        return element(by.css("body")).click();
+    });
+};
+
+module.exports = viewUserManageStepDefinitionsWrapper;
\ No newline at end of file
diff --git a/compair/static/test/features/step_definitions/view_users.js b/compair/static/test/features/step_definitions/view_users.js
index 9249c0b3f..249b4b5ec 100644
--- a/compair/static/test/features/step_definitions/view_users.js
+++ b/compair/static/test/features/step_definitions/view_users.js
@@ -24,11 +24,18 @@ var viewUsersStepDefinitionsWrapper = function () {
             .column('user.displayname')).getText()).to.eventually.eql(list);
     });
 
-    this.When("I select the root's Manage Courses link", function () {
+    this.When("I select the root's Courses & Accounts link", function () {
         // ignore target="_blank" for link (slows down tests to much)
         browser.executeScript("$('a').attr('target','_self');");
         return element.all(by.exactRepeater("user in users")).get(2)
-            .element(by.cssContainingText('a', 'Manage Courses')).click();
+            .element(by.cssContainingText('a', 'Courses & Accounts')).click();
+    });
+
+    this.When("I select student1's Courses & Accounts link", function () {
+        // ignore target="_blank" for link (slows down tests to much)
+        browser.executeScript("$('a').attr('target','_self');");
+        return element.all(by.exactRepeater("user in users")).get(1)
+            .element(by.cssContainingText('a', 'Courses & Accounts')).click();
     });
 
     this.When("I filter users page by '$filter'", function (filter) {
diff --git a/compair/static/test/features/view_user_courses.feature b/compair/static/test/features/view_user_courses.feature
deleted file mode 100644
index 8690428c8..000000000
--- a/compair/static/test/features/view_user_courses.feature
+++ /dev/null
@@ -1,49 +0,0 @@
-Feature: Manage User Courses
-  As user, I want to manage user courses
-
-  Scenario: Loading view user courses page by Manage Courses link as admin
-    Given I'm a System Administrator
-    And I'm on 'users' page
-    When I select the root's Manage Courses link
-    Then I should be on the 'user courses' page
-    And I should see '2' courses listed
-    And I should see courses with names:
-      | name     |
-      | CHEM 111 |
-      | PHYS 101 |
-
-  Scenario: Filter user courses page as admin
-    Given I'm a System Administrator
-    And I'm on 'user courses' page for user with id '1abcABC123-abcABC123_Z'
-    When I filter user courses page by 'CHEM'
-    Then I should see '1' courses listed
-    And I should see courses with names:
-      | name     |
-      | CHEM 111 |
-
-  Scenario: Drop user from course as admin
-    Given I'm a System Administrator
-    And I'm on 'user courses' page for user with id '1abcABC123-abcABC123_Z'
-    When I select drop for the first course listed
-    Then I should see '1' courses listed
-    And I should see courses with names:
-      | name     |
-      | PHYS 101 |
-
-  Scenario: Change user's course role as admin
-    Given I'm a System Administrator
-    And I'm on 'user courses' page for user with id '1abcABC123-abcABC123_Z'
-    When I select the Student role for the first course
-    Then I should see a success message
-
-  Scenario: Changing user's group in course as instructor
-    Given I'm a System Administrator
-    And I'm on 'user courses' page for user with id '1abcABC123-abcABC123_Z'
-    When I set the first course's group to 'Second Group'
-    Then I should see a success message
-
-  Scenario: Removing user from group in course as instructor
-    Given I'm a System Administrator
-    And I'm on 'user courses' page for user with id '1abcABC123-abcABC123_Z'
-    When I set the first course's group to '- None -'
-    Then I should see a success message
\ No newline at end of file
diff --git a/compair/static/test/features/view_user_manage.feature b/compair/static/test/features/view_user_manage.feature
new file mode 100644
index 000000000..d43b8b37e
--- /dev/null
+++ b/compair/static/test/features/view_user_manage.feature
@@ -0,0 +1,89 @@
+Feature: Manage User Courses
+  As user, I want to manage user courses & accounts
+
+  Scenario: Loading root's users & accounts page by Courses & Accounts link as admin
+    Given I'm a System Administrator
+    And I'm on 'users' page
+    When I select the root's Courses & Accounts link
+    Then I should be on the 'user manage' page
+    And I should see '2' courses listed
+    And I should see courses with names:
+      | name     |
+      | CHEM 111 |
+      | PHYS 101 |
+    And I should see '0' LTI connections listed
+    And I should see '0' third party connections listed
+
+  Scenario: Loading student's courses & accounts page by Courses & Accounts link as admin
+    Given I'm a System Administrator
+    And I'm on 'users' page
+    When I select student1's Courses & Accounts link
+    Then I should be on the 'user manage' page
+    And I should see '1' courses listed
+    And I should see courses with names:
+      | name     |
+      | CHEM 111 |
+    And I should see '2' LTI connections listed
+    And I should see LTI connections with entries:
+      | consumer_key    | lti_user_id |
+      | consumer_key_1  | 12345000001 |
+      | consumer_key_1  | 12345000002 |
+    And I should see '2' third party connections listed
+    And I should see third party connections with entries:
+      | type | id      |
+      | CAS  | CAS0001 |
+      | CAS  | CAS0002 |
+
+  Scenario: Filter user courses & accounts page courses as admin
+    Given I'm a System Administrator
+    And I'm on 'user manage' page for user with id '1abcABC123-abcABC123_Z'
+    When I filter user courses & accounts page courses by 'CHEM'
+    Then I should see '1' courses listed
+    And I should see courses with names:
+      | name     |
+      | CHEM 111 |
+
+  Scenario: Drop user from course as admin
+    Given I'm a System Administrator
+    And I'm on 'user manage' page for user with id '1abcABC123-abcABC123_Z'
+    When I select drop for the first course listed
+    Then I should see '1' courses listed
+    And I should see courses with names:
+      | name     |
+      | PHYS 101 |
+
+  Scenario: Change user's course role as admin
+    Given I'm a System Administrator
+    And I'm on 'user manage' page for user with id '1abcABC123-abcABC123_Z'
+    When I select the Student role for the first course
+    Then I should see a success message
+
+  Scenario: Changing user's group in course as instructor
+    Given I'm a System Administrator
+    And I'm on 'user manage' page for user with id '1abcABC123-abcABC123_Z'
+    When I set the first course's group to 'Second Group'
+    Then I should see a success message
+
+  Scenario: Removing user from group in course as instructor
+    Given I'm a System Administrator
+    And I'm on 'user manage' page for user with id '1abcABC123-abcABC123_Z'
+    When I set the first course's group to '- None -'
+    Then I should see a success message
+
+  Scenario: Unlink LTI user as admin
+    Given I'm a System Administrator
+    And I'm on 'user manage' page for user with id '3abcABC123-abcABC123_Z'
+    When I select unlink for the first LTI connection listed
+    Then I should see '1' LTI connections listed
+    And I should see LTI connections with entries:
+      | consumer_key    | lti_user_id |
+      | consumer_key_1  | 12345000002 |
+
+  Scenario: Delete third party user as admin
+    Given I'm a System Administrator
+    And I'm on 'user manage' page for user with id '3abcABC123-abcABC123_Z'
+    When I select delete for the first third party connection listed
+    Then I should see '1' third party connections listed
+    And I should see third party connections with entries:
+      | type | id      |
+      | CAS  | CAS0002 |
\ No newline at end of file
diff --git a/compair/static/test/fixtures/admin/default_fixture.js b/compair/static/test/fixtures/admin/default_fixture.js
index 9b2afa526..5f04d02c3 100644
--- a/compair/static/test/fixtures/admin/default_fixture.js
+++ b/compair/static/test/fixtures/admin/default_fixture.js
@@ -19,6 +19,12 @@ var ltiConsumerFactory = new LTIConsumerFactory();
 var LTIContextFactory = require('../../factories/lti_context_factory.js');
 var ltiContextFactory = new LTIContextFactory();
 
+var LTIUserFactory = require('../../factories/lti_user_factory.js');
+var ltiUserFactory = new LTIUserFactory();
+
+var ThirdPartyUserFactory = require('../../factories/third_party_user_factory.js');
+var thirdPartyUserFactory = new ThirdPartyUserFactory();
+
 var storage = {
     session: {},
     users: {},
@@ -30,6 +36,8 @@ var storage = {
     criteria: {},
     lti_consumers: {},
     lti_contexts: {},
+    user_lti_users: {},
+    user_third_party_users: {},
     user_search_results: {}
 }
 
@@ -117,7 +125,6 @@ var criterion3 = criterionFactory.generateCriterion("3abcABC123-abcABC123_Z",  a
 });
 storage.criteria[criterion3.id] = criterion3;
 
-
 // user_courses
 storage.user_courses[admin.id] = [
     { courseId: course.id, courseRole: "Instructor", groupName: group1 },
@@ -213,6 +220,49 @@ storage.lti_contexts[context1.id] = context1;
 storage.lti_contexts[context2.id] = context2;
 storage.lti_contexts[context3.id] = context3;
 
+// lti_users
+
+var lti_user1 = ltiUserFactory.generateLTIUser("1abcABC123-abcABC123_Z", consumer1, student1, {
+    "lti_user_id": "12345000001",
+    "lis_person_name_full": "Student One",
+    "oauth_consumer_key": 'consumer_key_1',
+});
+
+var lti_user2 = ltiUserFactory.generateLTIUser("2abcABC123-abcABC123_Z", consumer1, student1, {
+    "lti_user_id": "12345000002",
+    "lis_person_name_full": "Student One",
+    "oauth_consumer_key": 'consumer_key_1',
+});
+
+var lti_user3 = ltiUserFactory.generateLTIUser("3abcABC123-abcABC123_Z", consumer1, student2, {
+    "lti_user_id": "12345000003",
+    "lis_person_name_full": "Student Two",
+    "oauth_consumer_key": 'consumer_key_1',
+});
+
+storage.user_lti_users[student1.id] = [lti_user2, lti_user1];
+storage.user_lti_users[student2.id] = [lti_user3];
+
+// third_party_users
+
+var third_party_user1 = thirdPartyUserFactory.generatethirdPartyUser("1abcABC123-abcABC123_Z", student1, {
+    "third_party_type": "CAS",
+    "unique_identifier": "CAS0001",
+});
+
+var third_party_user2 = thirdPartyUserFactory.generatethirdPartyUser("2abcABC123-abcABC123_Z", student1, {
+    "third_party_type": "CAS",
+    "unique_identifier": "CAS0002",
+});
+
+var third_party_user3 = thirdPartyUserFactory.generatethirdPartyUser("3abcABC123-abcABC123_Z", student2, {
+    "third_party_type": "CAS",
+    "unique_identifier": "CAS0003",
+});
+
+storage.user_third_party_users[student1.id] = [third_party_user2, third_party_user1];
+storage.user_third_party_users[student2.id] = [third_party_user3];
+
 // user_search_results
 storage.user_search_results.objects = [student2];
 storage.user_search_results.total = 1;
diff --git a/compair/static/test/page_objects/user_courses.js b/compair/static/test/page_objects/user_courses.js
deleted file mode 100644
index 67d41e3cb..000000000
--- a/compair/static/test/page_objects/user_courses.js
+++ /dev/null
@@ -1,7 +0,0 @@
-var UserCoursesPage = function() {
-    this.getLocation = function(userId) {
-        return 'users/' + userId + '/course';
-    };
-};
-
-module.exports = UserCoursesPage;
diff --git a/compair/static/test/page_objects/user_manage.js b/compair/static/test/page_objects/user_manage.js
new file mode 100644
index 000000000..06f812c2c
--- /dev/null
+++ b/compair/static/test/page_objects/user_manage.js
@@ -0,0 +1,7 @@
+var UserManagePage = function() {
+    this.getLocation = function(userId) {
+        return 'users/' + userId + '/manage';
+    };
+};
+
+module.exports = UserManagePage;
diff --git a/compair/tests/api/test_users.py b/compair/tests/api/test_users.py
index 4f8535ed7..471fa7d5a 100644
--- a/compair/tests/api/test_users.py
+++ b/compair/tests/api/test_users.py
@@ -10,7 +10,7 @@
 from data.fixtures.test_data import BasicTestData, LTITestData, ThirdPartyAuthTestData, ComparisonTestData
 from compair.tests.test_compair import ComPAIRAPITestCase
 from compair.models import User, SystemRole, CourseRole, AnswerComment, AnswerCommentType, Comparison, \
-    LTIContext, ThirdPartyUser, ThirdPartyType, WinningAnswer, EmailNotificationMethod
+    LTIContext, LTIUser, ThirdPartyUser, ThirdPartyType, WinningAnswer, EmailNotificationMethod
 from compair.core import db
 
 
@@ -759,6 +759,213 @@ def test_get_current_user_course_list(self):
             self.assert200(rv)
             self.assertEqual(0, len(rv.json['objects']))
 
+    def test_get_user_lti_users_list(self):
+
+        # setup
+        lti_data = LTITestData()
+        lti_consumer = lti_data.create_consumer()
+
+        student1 = self.data.get_authorized_student()
+        lti_user1 = lti_data.create_user(lti_consumer, SystemRole.student, student1)
+        lti_user2 = lti_data.create_user(lti_consumer, SystemRole.student, student1)
+
+        lti_users = [lti_user1, lti_user2]
+
+        # sort by user_id (asc)
+        lti_users.sort(key=lambda u: u.user_id)
+
+        # test login required
+        url = '/api/users/'+ student1.uuid +'/lti/users'
+        rv = self.client.get(url)
+        self.assert401(rv)
+
+        # test non-admin
+        with self.login(self.data.get_authorized_instructor().username):
+            url = '/api/users/'+ student1.uuid +'/lti/users'
+            rv = self.client.get(url)
+            self.assert403(rv)
+
+        with self.login(self.data.get_authorized_ta().username):
+            url = '/api/users/'+ student1.uuid +'/lti/users'
+            rv = self.client.get(url)
+            self.assert403(rv)
+
+        with self.login(self.data.get_authorized_student().username):
+            url = '/api/users/'+ student1.uuid +'/lti/users'
+            rv = self.client.get(url)
+            self.assert403(rv)
+
+        # test admin
+        with self.login('root'):
+            # test invalid data
+            url = '/api/users/999/lti/users'
+            rv = self.client.get(url)
+            self.assert404(rv)
+
+            # test list content and sort order: by user_id (asc)
+            url = '/api/users/'+ student1.uuid +'/lti/users'
+            rv = self.client.get(url)
+            self.assert200(rv)
+            self.assertEqual(2, len(rv.json['objects']))
+            for index, result in enumerate(rv.json['objects']):
+                self.assertEqual(student1.uuid, rv.json['objects'][index]['compair_user_id'])
+                self.assertEqual(lti_consumer.uuid, rv.json['objects'][index]['lti_consumer_id'])
+                self.assertEqual(lti_users[index].user_id, rv.json['objects'][index]['lti_user_id'])
+
+    def test_delete_user_lti_user(self):
+
+        # setup
+        lti_data = LTITestData()
+        lti_consumer = lti_data.create_consumer()
+
+        student1 = self.data.get_authorized_student()
+        lti_user1 = lti_data.create_user(lti_consumer, SystemRole.student, student1)
+        lti_user2 = lti_data.create_user(lti_consumer, SystemRole.student, student1)
+
+        student2 = self.data.create_normal_user()
+        lti_user1_2 = lti_data.create_user(lti_consumer, SystemRole.student, student2)
+
+        # test login required
+        url = '/api/users/'+ student1.uuid +'/lti/users/'+ lti_user2.uuid
+        rv = self.client.delete(url)
+        self.assert401(rv)
+
+        # test non-admin
+        with self.login(self.data.get_authorized_instructor().username):
+            url = '/api/users/'+ student1.uuid +'/lti/users/'+ lti_user2.uuid
+            rv = self.client.delete(url)
+            self.assert403(rv)
+
+        with self.login(self.data.get_authorized_ta().username):
+            url = '/api/users/'+ student1.uuid +'/lti/users/'+ lti_user2.uuid
+            rv = self.client.delete(url)
+            self.assert403(rv)
+
+        with self.login(self.data.get_authorized_student().username):
+            url = '/api/users/'+ student1.uuid +'/lti/users/'+ lti_user2.uuid
+            rv = self.client.delete(url)
+            self.assert403(rv)
+
+        # test admin
+        with self.login('root'):
+            # test invalid user
+            url = '/api/users/999/lti/users/'+ lti_user1.uuid
+            rv = self.client.delete(url)
+            self.assert404(rv)
+
+            # test valid
+            url = '/api/users/'+ student1.uuid +'/lti/users/'+ lti_user1.uuid
+            rv = self.client.delete(url)
+            self.assert200(rv)
+            self.assertEqual(rv.json['success'], True)
+
+            lti_users = LTIUser.query \
+                .filter_by(compair_user_id=student1.id) \
+                .all()
+            self.assertEqual(len(lti_users), 1)
+
+    def test_get_user_third_party_users_list(self):
+
+        # setup
+        auth_data = ThirdPartyAuthTestData()
+
+        student1 = self.data.get_authorized_student()
+        third_party_user1 = auth_data.create_third_party_user(user=student1)
+        third_party_user2 = auth_data.create_third_party_user(user=student1)
+
+        third_party_users = [third_party_user1, third_party_user2]
+
+        # sort by unique_identifier (asc)
+        third_party_users.sort(key=lambda u: u.unique_identifier)
+
+        # test login required
+        url = '/api/users/'+ student1.uuid +'/third_party/users'
+        rv = self.client.get(url)
+        self.assert401(rv)
+
+        # test non-admin
+        with self.login(self.data.get_authorized_instructor().username):
+            url = '/api/users/'+ student1.uuid +'/third_party/users'
+            rv = self.client.get(url)
+            self.assert403(rv)
+
+        with self.login(self.data.get_authorized_ta().username):
+            url = '/api/users/'+ student1.uuid +'/third_party/users'
+            rv = self.client.get(url)
+            self.assert403(rv)
+
+        with self.login(self.data.get_authorized_student().username):
+            url = '/api/users/'+ student1.uuid +'/third_party/users'
+            rv = self.client.get(url)
+            self.assert403(rv)
+
+        # test admin
+        with self.login('root'):
+            # test invalid data
+            url = '/api/users/999/third_party/users'
+            rv = self.client.get(url)
+            self.assert404(rv)
+
+            # test list length and sort order: by unique_identifier (asc)
+            url = '/api/users/'+ student1.uuid +'/third_party/users'
+            rv = self.client.get(url)
+            self.assert200(rv)
+            self.assertEqual(2, len(rv.json['objects']))
+            for index, result in enumerate(rv.json['objects']):
+                self.assertEqual(student1.uuid, rv.json['objects'][index]['compair_user_id'])
+                self.assertEqual(third_party_users[index].unique_identifier, rv.json['objects'][index]['unique_identifier'])
+
+    def test_delete_user_third_party_user(self):
+
+        # setup
+        auth_data = ThirdPartyAuthTestData()
+
+        student1 = self.data.get_authorized_student()
+        third_party_user1 = auth_data.create_third_party_user(user=student1)
+        third_party_user2 = auth_data.create_third_party_user(user=student1)
+
+        student2 = self.data.create_normal_user()
+        third_party_user1_2 = auth_data.create_third_party_user(user=student2)
+
+        # test login required
+        url = '/api/users/'+ student1.uuid +'/third_party/users/'+ third_party_user2.uuid
+        rv = self.client.delete(url)
+        self.assert401(rv)
+
+        # test non-admin
+        with self.login(self.data.get_authorized_instructor().username):
+            url = '/api/users/'+ student1.uuid +'/third_party/users/'+ third_party_user2.uuid
+            rv = self.client.delete(url)
+            self.assert403(rv)
+
+        with self.login(self.data.get_authorized_ta().username):
+            url = '/api/users/'+ student1.uuid +'/third_party/users/'+ third_party_user2.uuid
+            rv = self.client.delete(url)
+            self.assert403(rv)
+
+        with self.login(self.data.get_authorized_student().username):
+            url = '/api/users/'+ student1.uuid +'/third_party/users/'+ third_party_user2.uuid
+            rv = self.client.delete(url)
+            self.assert403(rv)
+
+        # test admin
+        with self.login('root'):
+            # test invalid user
+            url = '/api/users/999/third_party/users/'+ third_party_user1.uuid
+            rv = self.client.delete(url)
+            self.assert404(rv)
+
+            # test valid
+            url = '/api/users/'+ student1.uuid +'/third_party/users/'+ third_party_user1.uuid
+            rv = self.client.delete(url)
+            self.assert200(rv)
+            self.assertEqual(rv.json['success'], True)
+
+            third_party_users = ThirdPartyUser.query \
+                .filter_by(user_id=student1.id) \
+                .all()
+            self.assertEqual(len(third_party_users), 1)
+
     def test_get_user_course_list(self):
         # test login required
         url = '/api/users/'+ self.data.get_authorized_instructor().uuid +'/courses'