2011-02-01 09:57:29 +08:00
|
|
|
#
|
2012-09-20 12:39:49 +08:00
|
|
|
# Copyright (C) 2011 - 2012 Instructure, Inc.
|
2011-02-01 09:57:29 +08:00
|
|
|
#
|
|
|
|
|
# This file is part of Canvas.
|
|
|
|
|
#
|
|
|
|
|
# Canvas is free software: you can redistribute it and/or modify it under
|
|
|
|
|
# the terms of the GNU Affero General Public License as published by the Free
|
|
|
|
|
# Software Foundation, version 3 of the License.
|
|
|
|
|
#
|
|
|
|
|
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
|
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
|
|
|
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
|
|
|
# details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU Affero General Public License along
|
|
|
|
|
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
class Account < ActiveRecord::Base
|
|
|
|
|
include Context
|
2013-07-03 02:37:29 +08:00
|
|
|
attr_accessible :name, :turnitin_account_id, :turnitin_shared_secret,
|
|
|
|
|
:turnitin_host, :turnitin_comments, :turnitin_pledge,
|
2011-02-01 09:57:29 +08:00
|
|
|
:default_time_zone, :parent_account, :settings, :default_storage_quota,
|
2012-07-03 03:16:08 +08:00
|
|
|
:default_storage_quota_mb, :storage_quota, :ip_filters, :default_locale,
|
2013-06-05 02:50:15 +08:00
|
|
|
:default_user_storage_quota_mb, :default_group_storage_quota_mb
|
2011-02-01 09:57:29 +08:00
|
|
|
|
|
|
|
|
include Workflow
|
|
|
|
|
belongs_to :parent_account, :class_name => 'Account'
|
|
|
|
|
belongs_to :root_account, :class_name => 'Account'
|
|
|
|
|
authenticates_many :pseudonym_sessions
|
|
|
|
|
has_many :courses
|
|
|
|
|
has_many :all_courses, :class_name => 'Course', :foreign_key => 'root_account_id'
|
2011-09-22 04:31:36 +08:00
|
|
|
has_many :group_categories, :as => :context, :conditions => ['deleted_at IS NULL']
|
|
|
|
|
has_many :all_group_categories, :class_name => 'GroupCategory', :as => :context
|
2011-02-01 09:57:29 +08:00
|
|
|
has_many :groups, :as => :context
|
2012-09-20 12:39:49 +08:00
|
|
|
has_many :all_groups, :class_name => 'Group', :foreign_key => 'root_account_id'
|
2011-02-01 09:57:29 +08:00
|
|
|
has_many :enrollment_terms, :foreign_key => 'root_account_id'
|
2012-03-14 04:08:19 +08:00
|
|
|
has_many :enrollments, :foreign_key => 'root_account_id', :conditions => ["enrollments.type != 'StudentViewEnrollment'"]
|
2011-02-01 09:57:29 +08:00
|
|
|
has_many :sub_accounts, :class_name => 'Account', :foreign_key => 'parent_account_id', :conditions => ['workflow_state != ?', 'deleted']
|
2011-08-05 23:38:31 +08:00
|
|
|
has_many :all_accounts, :class_name => 'Account', :foreign_key => 'root_account_id', :order => 'name'
|
2011-02-01 09:57:29 +08:00
|
|
|
has_many :account_users, :dependent => :destroy
|
|
|
|
|
has_many :course_sections, :foreign_key => 'root_account_id'
|
|
|
|
|
has_many :sis_batches
|
2011-06-08 00:31:14 +08:00
|
|
|
has_many :abstract_courses, :class_name => 'AbstractCourse', :foreign_key => 'account_id'
|
|
|
|
|
has_many :root_abstract_courses, :class_name => 'AbstractCourse', :foreign_key => 'root_account_id'
|
2011-02-01 09:57:29 +08:00
|
|
|
has_many :users, :through => :account_users
|
|
|
|
|
has_many :pseudonyms, :include => :user
|
|
|
|
|
has_many :role_overrides, :as => :context
|
|
|
|
|
has_many :course_account_associations
|
|
|
|
|
has_many :child_courses, :through => :course_account_associations, :source => :course, :conditions => ['course_account_associations.depth = 0']
|
|
|
|
|
has_many :attachments, :as => :context, :dependent => :destroy
|
|
|
|
|
has_many :active_assignments, :as => :context, :class_name => 'Assignment', :conditions => ['assignments.workflow_state != ?', 'deleted']
|
|
|
|
|
has_many :folders, :as => :context, :dependent => :destroy, :order => 'folders.name'
|
|
|
|
|
has_many :active_folders, :class_name => 'Folder', :as => :context, :conditions => ['folders.workflow_state != ?', 'deleted'], :order => 'folders.name'
|
2011-03-02 03:17:42 +08:00
|
|
|
has_many :active_folders_with_sub_folders, :class_name => 'Folder', :as => :context, :include => [:active_sub_folders], :conditions => ['folders.workflow_state != ?', 'deleted'], :order => 'folders.name'
|
2011-02-01 09:57:29 +08:00
|
|
|
has_many :active_folders_detailed, :class_name => 'Folder', :as => :context, :include => [:active_sub_folders, :active_file_attachments], :conditions => ['folders.workflow_state != ?', 'deleted'], :order => 'folders.name'
|
2012-09-29 06:02:02 +08:00
|
|
|
has_many :account_authorization_configs, :order => "position"
|
2011-02-01 09:57:29 +08:00
|
|
|
has_many :account_reports
|
2012-12-15 03:49:40 +08:00
|
|
|
has_many :grading_standards, :as => :context, :conditions => ['workflow_state != ?', 'deleted']
|
2011-08-27 08:33:01 +08:00
|
|
|
has_many :assessment_questions, :through => :assessment_question_banks
|
|
|
|
|
has_many :assessment_question_banks, :as => :context, :include => [:assessment_questions, :assessment_question_bank_users]
|
2012-11-21 02:44:14 +08:00
|
|
|
has_many :roles
|
2012-11-28 04:52:33 +08:00
|
|
|
has_many :all_roles, :class_name => 'Role', :foreign_key => 'root_account_id'
|
2013-01-16 07:37:54 +08:00
|
|
|
has_many :progresses, :as => :context
|
2011-08-27 08:33:01 +08:00
|
|
|
def inherited_assessment_question_banks(include_self = false, *additional_contexts)
|
|
|
|
|
sql = []
|
|
|
|
|
conds = []
|
|
|
|
|
contexts = additional_contexts + account_chain
|
|
|
|
|
contexts.delete(self) unless include_self
|
|
|
|
|
contexts.each { |c|
|
|
|
|
|
sql << "context_type = ? AND context_id = ?"
|
|
|
|
|
conds += [c.class.to_s, c.id]
|
|
|
|
|
}
|
|
|
|
|
conds.unshift(sql.join(" OR "))
|
2013-03-19 03:07:47 +08:00
|
|
|
AssessmentQuestionBank.where(conds)
|
2011-08-27 08:33:01 +08:00
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
|
learning outcomes refactor
This list is *NOT* complete, some items may have snuck in that I forgot
to note, and/or some of the noted items may not be completely functional
yet.
Specs need to be written around a lot of this, other specs will no doubt
need to be fixed.
Some things, particularly around LearningOutcomeGroups will need data
migrations that aren't there yet.
* remove LearningOutcome.non_rubric_outcomes? and replace with false
where invoked
* remove LearningOutcome.enabled? and replace with true where invoked
* remove never-taken branches
* remove the shared/aligned_outcomes partial and it's supporting
javascript, since it's now empty
* remove js handler for add_outcome_alignment_link and supporting
method since it only occurred in never-taken branches
* mix LearningOutcomeContext into Course and Account
* replace LearningOutcomeGroup.default_for(context) with
LearningOutcomeContext#root_outcome_group
* rename LearningOutcome#content_tags to LearningOutcome#alignments
* rename LearningOutcomeGroup#content_tags to
LearningOutcomeGroup#child_links, and properly restrict
* remove ContentTag[Alignment]#rubric_association_id, add
ContentTag[Alignment]#has_rubric_association? that looks at the
presence of the content's rubric_association_id
* condition off the assignment having a rubric_association rather than
filtering tags by has_rubric_association (which just looks back at
the assignment). all or none of the assignment's alignments are
forced to have the association (via the assignment). this was true in
practice before, is now codified (and more efficient)
* rename AssessmentQuestionBank#learning_outcome_tags to
AssessmentQuestionBank#learning_outcome_alignments
* rename Assignment#learning_outcome_tags to
Assignment#learning_outcome_alignments
* rename Rubric#learning_outcome_tags to
Rubric#learning_outcome_alignments
* move/rename (Course|Account)#learning_outcome_tags to
LearningOutcomeContext#learning_outcome_links
* move/rename Account#learning_outcomes (corrected) and
Course#learning_outcomes to
LearningOutcomeContext#linked_learning_outcomes
* move/rename Account#created_learning_outcomes and
Course#created_learning_outcomes to
LearningOutcomeContext#created_learning_outcomes
* clarify and correct usage of linked_learning_outcomes vs.
created_learning_outcomes
* move/rename (Account|Account)#learning_outcome_groups to
LearningOutcomeContext#learning_outcome_groups
* remove unused Account#associated_learning_outcomes
* just remove one link to a learning outcome when deleting
* merge Account#has_outcomes?, Course#has_outcomes? and
Course#has_outcomes into LearningOutcomeContext#has_outcomes?, add a
use in Context#active_record_types
* kill LearningOutcomeGroup#root_learning_outcome_group (unused)
* rename LearningOutcomeResult#content_tag to
LearningOutcomeResult#alignment
* kill unused (and broken) OutcomesController#add_outcome_group
* kill unused OutcomesController#update_outcomes_for_asset
* kill unused OutcomesController#outcomes_for_asset
* remove unused (outside specs, correct specs)
AssessmentQuestionBank#outcomes=
* remove unused ContentTag#learning_outcome_content
* replace ContentTag.learning_outcome_tags_for(asset) (only ever called
with asset=an assignment) with call to
Assignment#learning_outcome_alignments
* remove unused ContentTag.not_rubric
* remove (now) unused ContentTag.include_outcome
* remove unused LearningOutcome#learning_outcome_group_associations
* avoid explicit use of ContentTag in outcome-related specs
* replace LearningOutcomeGroup#learning_outcome_tags with
LearningOutcomeGroup#child_outcome_links (and only use for outcome
links; not tags for child groups)
* split ContentTag#create_outcome_result into
Submission#create_outcome_result,
QuizSubmission#create_outcome_result, and
RubricAssessment#create_outcome_result. fix some bugs along the way
* refactor ContentTag.outcome_tags_for_banks and some code from
QuizSubmission#(track_outcomes|update_outcomes_for_assessment_questions)
into QuizSubmission#questions_and_alignments
* refactor RubricAssociation#update_outcome_relations and
Rubric#update_alignments into LearningOutcome.update_alignments
* don't use ContentTag#rubric_association with outcome alignments; use
the tag's content's rubric_association in its place (they should have
been equal anyways)
* refactor LearningOutcome.available_in_context and
@context.root_outcome_group.sorted_all_outcomes (only time
sorted_all_outcomes is used) into
LearningOutcomeContext#available_outcomes and
LearningOutcomeContext#available_outcome
* overhaul LearningOutcomeGroup#sorted_content and rename to
LearningOutcomeGroup#sorted_children. it not returns ContentTags
(outcome links) and LearningOutcomeGroups, vs. LearningOutcomes and
LearningOutcomeGroups; fix usages appropriately
* fix UI for arranging/deleting outcome links and groups within a group
to refer to the outcome link rather than the outcome
Change-Id: I85d99f2634f7206332cb1f5d5ea575b428988d4b
Reviewed-on: https://gerrit.instructure.com/12590
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jacob Fugal <jacob@instructure.com>
2012-07-13 01:16:13 +08:00
|
|
|
include LearningOutcomeContext
|
2013-06-18 05:12:49 +08:00
|
|
|
include RubricContext
|
learning outcomes refactor
This list is *NOT* complete, some items may have snuck in that I forgot
to note, and/or some of the noted items may not be completely functional
yet.
Specs need to be written around a lot of this, other specs will no doubt
need to be fixed.
Some things, particularly around LearningOutcomeGroups will need data
migrations that aren't there yet.
* remove LearningOutcome.non_rubric_outcomes? and replace with false
where invoked
* remove LearningOutcome.enabled? and replace with true where invoked
* remove never-taken branches
* remove the shared/aligned_outcomes partial and it's supporting
javascript, since it's now empty
* remove js handler for add_outcome_alignment_link and supporting
method since it only occurred in never-taken branches
* mix LearningOutcomeContext into Course and Account
* replace LearningOutcomeGroup.default_for(context) with
LearningOutcomeContext#root_outcome_group
* rename LearningOutcome#content_tags to LearningOutcome#alignments
* rename LearningOutcomeGroup#content_tags to
LearningOutcomeGroup#child_links, and properly restrict
* remove ContentTag[Alignment]#rubric_association_id, add
ContentTag[Alignment]#has_rubric_association? that looks at the
presence of the content's rubric_association_id
* condition off the assignment having a rubric_association rather than
filtering tags by has_rubric_association (which just looks back at
the assignment). all or none of the assignment's alignments are
forced to have the association (via the assignment). this was true in
practice before, is now codified (and more efficient)
* rename AssessmentQuestionBank#learning_outcome_tags to
AssessmentQuestionBank#learning_outcome_alignments
* rename Assignment#learning_outcome_tags to
Assignment#learning_outcome_alignments
* rename Rubric#learning_outcome_tags to
Rubric#learning_outcome_alignments
* move/rename (Course|Account)#learning_outcome_tags to
LearningOutcomeContext#learning_outcome_links
* move/rename Account#learning_outcomes (corrected) and
Course#learning_outcomes to
LearningOutcomeContext#linked_learning_outcomes
* move/rename Account#created_learning_outcomes and
Course#created_learning_outcomes to
LearningOutcomeContext#created_learning_outcomes
* clarify and correct usage of linked_learning_outcomes vs.
created_learning_outcomes
* move/rename (Account|Account)#learning_outcome_groups to
LearningOutcomeContext#learning_outcome_groups
* remove unused Account#associated_learning_outcomes
* just remove one link to a learning outcome when deleting
* merge Account#has_outcomes?, Course#has_outcomes? and
Course#has_outcomes into LearningOutcomeContext#has_outcomes?, add a
use in Context#active_record_types
* kill LearningOutcomeGroup#root_learning_outcome_group (unused)
* rename LearningOutcomeResult#content_tag to
LearningOutcomeResult#alignment
* kill unused (and broken) OutcomesController#add_outcome_group
* kill unused OutcomesController#update_outcomes_for_asset
* kill unused OutcomesController#outcomes_for_asset
* remove unused (outside specs, correct specs)
AssessmentQuestionBank#outcomes=
* remove unused ContentTag#learning_outcome_content
* replace ContentTag.learning_outcome_tags_for(asset) (only ever called
with asset=an assignment) with call to
Assignment#learning_outcome_alignments
* remove unused ContentTag.not_rubric
* remove (now) unused ContentTag.include_outcome
* remove unused LearningOutcome#learning_outcome_group_associations
* avoid explicit use of ContentTag in outcome-related specs
* replace LearningOutcomeGroup#learning_outcome_tags with
LearningOutcomeGroup#child_outcome_links (and only use for outcome
links; not tags for child groups)
* split ContentTag#create_outcome_result into
Submission#create_outcome_result,
QuizSubmission#create_outcome_result, and
RubricAssessment#create_outcome_result. fix some bugs along the way
* refactor ContentTag.outcome_tags_for_banks and some code from
QuizSubmission#(track_outcomes|update_outcomes_for_assessment_questions)
into QuizSubmission#questions_and_alignments
* refactor RubricAssociation#update_outcome_relations and
Rubric#update_alignments into LearningOutcome.update_alignments
* don't use ContentTag#rubric_association with outcome alignments; use
the tag's content's rubric_association in its place (they should have
been equal anyways)
* refactor LearningOutcome.available_in_context and
@context.root_outcome_group.sorted_all_outcomes (only time
sorted_all_outcomes is used) into
LearningOutcomeContext#available_outcomes and
LearningOutcomeContext#available_outcome
* overhaul LearningOutcomeGroup#sorted_content and rename to
LearningOutcomeGroup#sorted_children. it not returns ContentTags
(outcome links) and LearningOutcomeGroups, vs. LearningOutcomes and
LearningOutcomeGroups; fix usages appropriately
* fix UI for arranging/deleting outcome links and groups within a group
to refer to the outcome link rather than the outcome
Change-Id: I85d99f2634f7206332cb1f5d5ea575b428988d4b
Reviewed-on: https://gerrit.instructure.com/12590
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jacob Fugal <jacob@instructure.com>
2012-07-13 01:16:13 +08:00
|
|
|
|
2011-03-10 00:11:22 +08:00
|
|
|
has_many :context_external_tools, :as => :context, :dependent => :destroy, :order => 'name'
|
2011-02-01 09:57:29 +08:00
|
|
|
has_many :error_reports
|
2012-02-24 00:13:20 +08:00
|
|
|
has_many :announcements, :class_name => 'AccountNotification'
|
2011-07-26 00:12:55 +08:00
|
|
|
has_many :alerts, :as => :context, :include => :criteria
|
2011-08-30 02:25:20 +08:00
|
|
|
has_many :user_account_associations
|
2012-03-23 04:28:38 +08:00
|
|
|
has_many :report_snapshots
|
2011-02-01 09:57:29 +08:00
|
|
|
|
2011-06-01 04:47:28 +08:00
|
|
|
before_validation :verify_unique_sis_source_id
|
2011-02-01 09:57:29 +08:00
|
|
|
before_save :ensure_defaults
|
|
|
|
|
before_save :set_update_account_associations_if_changed
|
|
|
|
|
after_save :update_account_associations_if_changed
|
2011-02-08 07:11:00 +08:00
|
|
|
after_create :default_enrollment_term
|
2011-02-01 09:57:29 +08:00
|
|
|
|
|
|
|
|
serialize :settings, Hash
|
2013-07-23 05:10:01 +08:00
|
|
|
include TimeZoneHelper
|
|
|
|
|
time_zone_attribute :default_time_zone, default: "America/Denver"
|
2011-02-01 09:57:29 +08:00
|
|
|
|
2011-07-13 04:31:40 +08:00
|
|
|
validates_locale :default_locale, :allow_nil => true
|
2013-08-20 01:36:53 +08:00
|
|
|
validates_length_of :name, :maximum => maximum_string_length, :allow_blank => true
|
2012-08-07 00:20:48 +08:00
|
|
|
validate :account_chain_loop, :if => :parent_account_id_changed?
|
2012-10-11 02:58:09 +08:00
|
|
|
validate :validate_auth_discovery_url
|
2013-08-08 06:19:48 +08:00
|
|
|
validates_presence_of :workflow_state
|
2011-07-13 04:31:40 +08:00
|
|
|
|
2011-09-22 01:36:45 +08:00
|
|
|
include StickySisFields
|
|
|
|
|
are_sis_sticky :name
|
|
|
|
|
|
2011-07-13 04:31:40 +08:00
|
|
|
def default_locale(recurse = false)
|
|
|
|
|
read_attribute(:default_locale) ||
|
|
|
|
|
(recurse && parent_account ? parent_account.default_locale(true) : nil)
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
cattr_accessor :account_settings_options
|
|
|
|
|
self.account_settings_options = {}
|
|
|
|
|
|
|
|
|
|
# I figure we're probably going to be adding more account-level
|
|
|
|
|
# settings in the future (and moving some of the column attributes
|
|
|
|
|
# to the settings hash), so it makes sense to have a general way
|
|
|
|
|
# of defining what settings are allowed when. Somebody please tell
|
|
|
|
|
# me if I'm overarchitecting...
|
|
|
|
|
def self.add_setting(setting, opts=nil)
|
|
|
|
|
self.account_settings_options[setting.to_sym] = opts || {}
|
refactor user creation/invitations closes #5833
fixes #5573, #5572, #5753
* communication channels are now only unique within a single user
* UserList changes
* Always resolve pseudonym#unique_ids
* Support looking up by SMS CCs
* Option to either require e-mails match an existing CC,
or e-mails that don't match a Pseudonym will always be
returned unattached (relying on better merging behavior
to not have a gazillion accounts created)
* Method to return users, creating new ones (*without* a
Pseudonym) if necessary. (can't create with a pseudonym,
since Pseudonym#unique_id is still unique, I can't have
multiple outstanding users with the same unique_id)
* EnrollmentsFromUserList is mostly gutted, now using UserList's
functionality directy.
* Use UserList for adding account admins, removing the now
unused Account#add_admin => User#find_by_email/User#assert_by_email
codepath
* Update UsersController#create to not worry about duplicate
communication channels
* Remove AccountsController#add_user, and just use
UsersController#create
* Change SIS::UserImporter to send out a merge opportunity
e-mail if a conflicting CC is found (but still create the CC)
* In /profile, don't worry about conflicting CCs (the CC confirmation
process will now allow merging)
* Remove CommunicationChannelsController#try_merge and #merge
* For the non-simple case of CoursesController#enrollment_invitation
redirect to /register (CommunicationsChannelController#confirm)
* Remove CoursesController#transfer_enrollment
* Move PseudonymsController#registration_confirmation to
CommunicationChannelsController#confirm (have to be able to
register an account without a Pseudonym yet)
* Fold the old direct confirm functionality in, if there are
no available merge opportunities
* Allow merging the new account with the currently logged in user
* Allow changing the Pseudonym#unique_id when registering a new
account (since there might be conflicts)
* Display a list of merge opportunities based on conflicting
communication channels
* Provide link(s) to log in as the other user,
redirecting back to the registration page after login is
complete (to complete the merge as the current user)
* Remove several assert_* methods that are no longer needed
* Update PseudonymSessionsController a bit to deal with the new
way of dealing with conflicting CCs (especially CCs from LDAP),
and to redirect back to the registration/confirmation page when
attempting to do a merge
* Expose the open_registration setting; use it to control if
inviting users to a course is able to create new users
Change-Id: If2f38818a71af656854d3bf8431ddbf5dcb84691
Reviewed-on: https://gerrit.instructure.com/6149
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
2011-10-13 04:30:48 +08:00
|
|
|
if (opts && opts[:boolean] && opts.has_key?(:default))
|
|
|
|
|
if opts[:default]
|
|
|
|
|
self.class_eval "def #{setting}?; settings[:#{setting}] != false; end"
|
|
|
|
|
else
|
|
|
|
|
self.class_eval "def #{setting}?; !!settings[:#{setting}]; end"
|
|
|
|
|
end
|
|
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# these settings either are or could be easily added to
|
|
|
|
|
# the account settings page
|
2011-11-22 03:28:20 +08:00
|
|
|
add_setting :global_includes, :root_only => true, :boolean => true, :default => false
|
sub-account branding; closes #9368
allow sub accounts to include their own global scripts and stylesheets. if
global includes are enabled on the root account, root account administrators
will have an option to enable them for immediate child accounts. those child
accounts can then choose to enable them for their sub-accounts, and so on down
the chain.
these includes are added to the page in order from highest to lowest account,
so sub-accounts are able to override styles added by their parents.
the logic for which styles to display on which pages is as follows:
- on account pages, include all styles in the chain from this account up to the
root account. this ensures that you can always see styles for account
X without any sub-account overrides on account X's page
- on course/group pages, include all styles in the chain from the account which
contains that course/group up to the root
- on the dashboard, calendar, user pages, and other pages that don't fall into
one of the above categories, we find the lowest account that contains all of
the current user's active classes + groups, and include styles from that
account up to the root
test plan:
- in a root account, create two sub-accounts, create courses in each of them,
and create 3 users, one enrolled only in the first course, one only in the
second course, and one enrolled in both courses.
- enable global includes on the root account (no sub-accounts yet) add files,
and make sure all three students see them.
- now enable sub-account includes, and add include files to each sub-account
- make sure both users in course 1 see include for sub-account 1
- make sure user 1 sees include for sub-account 1 on her dashboard, but user
3 does not.
Change-Id: I3d07d4bced39593f3084d5eac6ea3137666e319b
Reviewed-on: https://gerrit.instructure.com/12248
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
2012-07-10 05:30:16 +08:00
|
|
|
add_setting :global_javascript, :condition => :allow_global_includes
|
|
|
|
|
add_setting :global_stylesheet, :condition => :allow_global_includes
|
|
|
|
|
add_setting :sub_account_includes, :condition => :allow_global_includes, :boolean => true, :default => false
|
2011-02-01 09:57:29 +08:00
|
|
|
add_setting :error_reporting, :hash => true, :values => [:action, :email, :url, :subject_param, :body_param], :root_only => true
|
2011-11-11 10:43:36 +08:00
|
|
|
add_setting :custom_help_links, :root_only => true
|
2011-02-01 09:57:29 +08:00
|
|
|
add_setting :prevent_course_renaming_by_teachers, :boolean => true, :root_only => true
|
2013-03-26 03:38:02 +08:00
|
|
|
add_setting :restrict_student_future_view, :boolean => true, :root_only => true, :default => false
|
refactor user creation/invitations closes #5833
fixes #5573, #5572, #5753
* communication channels are now only unique within a single user
* UserList changes
* Always resolve pseudonym#unique_ids
* Support looking up by SMS CCs
* Option to either require e-mails match an existing CC,
or e-mails that don't match a Pseudonym will always be
returned unattached (relying on better merging behavior
to not have a gazillion accounts created)
* Method to return users, creating new ones (*without* a
Pseudonym) if necessary. (can't create with a pseudonym,
since Pseudonym#unique_id is still unique, I can't have
multiple outstanding users with the same unique_id)
* EnrollmentsFromUserList is mostly gutted, now using UserList's
functionality directy.
* Use UserList for adding account admins, removing the now
unused Account#add_admin => User#find_by_email/User#assert_by_email
codepath
* Update UsersController#create to not worry about duplicate
communication channels
* Remove AccountsController#add_user, and just use
UsersController#create
* Change SIS::UserImporter to send out a merge opportunity
e-mail if a conflicting CC is found (but still create the CC)
* In /profile, don't worry about conflicting CCs (the CC confirmation
process will now allow merging)
* Remove CommunicationChannelsController#try_merge and #merge
* For the non-simple case of CoursesController#enrollment_invitation
redirect to /register (CommunicationsChannelController#confirm)
* Remove CoursesController#transfer_enrollment
* Move PseudonymsController#registration_confirmation to
CommunicationChannelsController#confirm (have to be able to
register an account without a Pseudonym yet)
* Fold the old direct confirm functionality in, if there are
no available merge opportunities
* Allow merging the new account with the currently logged in user
* Allow changing the Pseudonym#unique_id when registering a new
account (since there might be conflicts)
* Display a list of merge opportunities based on conflicting
communication channels
* Provide link(s) to log in as the other user,
redirecting back to the registration page after login is
complete (to complete the merge as the current user)
* Remove several assert_* methods that are no longer needed
* Update PseudonymSessionsController a bit to deal with the new
way of dealing with conflicting CCs (especially CCs from LDAP),
and to redirect back to the registration/confirmation page when
attempting to do a merge
* Expose the open_registration setting; use it to control if
inviting users to a course is able to create new users
Change-Id: If2f38818a71af656854d3bf8431ddbf5dcb84691
Reviewed-on: https://gerrit.instructure.com/6149
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
2011-10-13 04:30:48 +08:00
|
|
|
add_setting :teachers_can_create_courses, :boolean => true, :root_only => true, :default => false
|
|
|
|
|
add_setting :students_can_create_courses, :boolean => true, :root_only => true, :default => false
|
|
|
|
|
add_setting :no_enrollments_can_create_courses, :boolean => true, :root_only => true, :default => false
|
2011-05-04 11:16:50 +08:00
|
|
|
add_setting :allow_sending_scores_in_emails, :boolean => true, :root_only => true
|
2011-02-01 09:57:29 +08:00
|
|
|
add_setting :support_url, :root_only => true
|
2011-03-27 11:38:54 +08:00
|
|
|
add_setting :self_enrollment
|
2011-02-03 05:30:07 +08:00
|
|
|
add_setting :equella_endpoint
|
|
|
|
|
add_setting :equella_teaser
|
2011-07-26 00:12:55 +08:00
|
|
|
add_setting :enable_alerts, :boolean => true, :root_only => true
|
2011-08-24 03:44:01 +08:00
|
|
|
add_setting :enable_eportfolios, :boolean => true, :root_only => true
|
2011-10-06 23:54:05 +08:00
|
|
|
add_setting :users_can_edit_name, :boolean => true, :root_only => true
|
allow disabling canvas auth for accounts with another auth source
disabling canvas auth also force-disables open registration, and
makes LDAP auth act like full delegated auth (CAS or SAML)
test plan:
* configure LDAP, CAS, or SAML. MAKE SURE YOU CAN LOG IN.
* go to account settings, and disable "Canvas Authentication"
* open registration should no longer show up on account settings
page (after saving)
* ensure you can no longer log in with your Canvas credentials, but
you can with LDAP, CAS, or SAML credentials.
* remove LDAP, CAS, or SAML from the account
* "Canvas Authentication" should no longer show up on the account
settings page, open registration should
* your Canvas credentials should start working again
* add LDAP, CAS, or SAML back
* "Canvas Authentication" should be back on in account settings
Change-Id: Ic7475623e5139bb545a87d8e5b1014dabaf4e854
Reviewed-on: https://gerrit.instructure.com/12850
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
2012-08-11 01:17:08 +08:00
|
|
|
add_setting :open_registration, :boolean => true, :root_only => true
|
2012-07-13 06:38:33 +08:00
|
|
|
add_setting :enable_scheduler, :boolean => true, :root_only => true, :default => false
|
2013-04-16 03:55:34 +08:00
|
|
|
add_setting :enable_draft, :boolean => true, :root_only => true, :default => false
|
2013-07-10 00:14:52 +08:00
|
|
|
add_setting :allow_draft, :boolean => true, :root_only => true, :default => false
|
2012-09-18 03:14:48 +08:00
|
|
|
add_setting :calendar2_only, :boolean => true, :root_only => true, :default => false
|
2012-11-13 05:12:57 +08:00
|
|
|
add_setting :show_scheduler, :boolean => true, :root_only => true, :default => false
|
2012-07-11 05:03:14 +08:00
|
|
|
add_setting :enable_profiles, :boolean => true, :root_only => true, :default => false
|
2013-09-12 07:03:20 +08:00
|
|
|
add_setting :enable_manage_groups2, :boolean => true, :root_only => true, :default => false
|
multi-factor authentication closes #9532
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-08-03 05:17:50 +08:00
|
|
|
add_setting :mfa_settings, :root_only => true
|
allow disabling canvas auth for accounts with another auth source
disabling canvas auth also force-disables open registration, and
makes LDAP auth act like full delegated auth (CAS or SAML)
test plan:
* configure LDAP, CAS, or SAML. MAKE SURE YOU CAN LOG IN.
* go to account settings, and disable "Canvas Authentication"
* open registration should no longer show up on account settings
page (after saving)
* ensure you can no longer log in with your Canvas credentials, but
you can with LDAP, CAS, or SAML credentials.
* remove LDAP, CAS, or SAML from the account
* "Canvas Authentication" should no longer show up on the account
settings page, open registration should
* your Canvas credentials should start working again
* add LDAP, CAS, or SAML back
* "Canvas Authentication" should be back on in account settings
Change-Id: Ic7475623e5139bb545a87d8e5b1014dabaf4e854
Reviewed-on: https://gerrit.instructure.com/12850
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
2012-08-11 01:17:08 +08:00
|
|
|
add_setting :canvas_authentication, :boolean => true, :root_only => true
|
2012-10-23 12:55:00 +08:00
|
|
|
add_setting :admins_can_change_passwords, :boolean => true, :root_only => true, :default => false
|
2013-03-15 03:36:27 +08:00
|
|
|
add_setting :admins_can_view_notifications, :boolean => true, :root_only => true, :default => false
|
2012-10-25 06:35:57 +08:00
|
|
|
add_setting :outgoing_email_default_name
|
2012-12-06 06:24:42 +08:00
|
|
|
add_setting :external_notification_warning, :boolean => true, :default => false
|
add root account setting for custom terms/privacy
fixes CNVS-6888
testing steps:
* from a console, set a custom privacy and terms url
Setting.set('privacy_policy_url', 'http://custom.example.com/privacy')
Setting.set('terms_of_use_url', 'http://custom.example.com/terms')
* verify the following location all display the new links:
* <canvas>/enroll/<join_code> - with self_enrollments enabled for
the course and currently logged out
* when self registration is disabled at the root account,
will be prompted to authenticate, "View Privacy Policy"
* when self registration is enabled at the root account,
will be prompted to authenticate or register, "View Privacy Policy"
* when logged in as a teacher, prompted to confirm enrollment
"View Privacy Policy"
* <canvas>/register_from_website - when logged out
* page footer links for "Terms of Use" and "Privacy Policy"
* "I'm a teacher", both links at bottom of dialog
* "I'm a student", both links at bottom of dialog
* "Parents sign up here", both links at bottom of dialog
* <canvas>/accounts/<id>/users - click "Add a New User" from
the right sidebar. "View Privacy Policy" in modal dialog.
Change-Id: Ic80c369dcea8483c93fb8adfcd9a80c1d6d3ad6a
Reviewed-on: https://gerrit.instructure.com/22712
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
2013-07-30 01:50:51 +08:00
|
|
|
# Terms of Use and Privacy Policy settings for the root account
|
|
|
|
|
add_setting :terms_changed_at, :root_only => true
|
2012-11-28 05:37:32 +08:00
|
|
|
# When a user is invited to a course, do we let them see a preview of the
|
|
|
|
|
# course even without registering? This is part of the free-for-teacher
|
|
|
|
|
# account perks, since anyone can invite anyone to join any course, and it'd
|
|
|
|
|
# be nice to be able to see the course first if you weren't expecting the
|
|
|
|
|
# invitation.
|
|
|
|
|
add_setting :allow_invitation_previews, :boolean => true, :root_only => true, :default => false
|
2013-01-11 05:29:19 +08:00
|
|
|
add_setting :self_registration, :boolean => true, :root_only => true, :default => false
|
2013-02-12 03:52:53 +08:00
|
|
|
add_setting :large_course_rosters, :boolean => true, :root_only => true, :default => false
|
2013-02-26 05:32:41 +08:00
|
|
|
add_setting :edit_institution_email, :boolean => true, :root_only => true, :default => true
|
2013-09-14 02:02:36 +08:00
|
|
|
add_setting :enable_quiz_regrade, :boolean => true, :root_only => true, :default => false
|
2013-10-08 01:09:08 +08:00
|
|
|
add_setting :agenda_view, boolean: true, root_only: true, default: false
|
2011-11-22 03:28:20 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def settings=(hash)
|
|
|
|
|
if hash.is_a?(Hash)
|
|
|
|
|
hash.each do |key, val|
|
|
|
|
|
if account_settings_options && account_settings_options[key.to_sym]
|
|
|
|
|
opts = account_settings_options[key.to_sym]
|
2011-12-28 05:38:15 +08:00
|
|
|
if (opts[:root_only] && !self.root_account?) || (opts[:condition] && !self.send("#{opts[:condition]}?".to_sym))
|
2011-02-01 09:57:29 +08:00
|
|
|
settings.delete key.to_sym
|
|
|
|
|
elsif opts[:boolean]
|
|
|
|
|
settings[key.to_sym] = (val == true || val == 'true' || val == '1' || val == 'on')
|
|
|
|
|
elsif opts[:hash]
|
|
|
|
|
new_hash = {}
|
|
|
|
|
if val.is_a?(Hash)
|
|
|
|
|
val.each do |inner_key, inner_val|
|
|
|
|
|
if opts[:values].include?(inner_key.to_sym)
|
|
|
|
|
new_hash[inner_key.to_sym] = inner_val.to_s
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
settings[key.to_sym] = new_hash.empty? ? nil : new_hash
|
|
|
|
|
else
|
|
|
|
|
settings[key.to_sym] = val.to_s
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
settings
|
|
|
|
|
end
|
2012-05-01 06:14:39 +08:00
|
|
|
|
sub-account branding; closes #9368
allow sub accounts to include their own global scripts and stylesheets. if
global includes are enabled on the root account, root account administrators
will have an option to enable them for immediate child accounts. those child
accounts can then choose to enable them for their sub-accounts, and so on down
the chain.
these includes are added to the page in order from highest to lowest account,
so sub-accounts are able to override styles added by their parents.
the logic for which styles to display on which pages is as follows:
- on account pages, include all styles in the chain from this account up to the
root account. this ensures that you can always see styles for account
X without any sub-account overrides on account X's page
- on course/group pages, include all styles in the chain from the account which
contains that course/group up to the root
- on the dashboard, calendar, user pages, and other pages that don't fall into
one of the above categories, we find the lowest account that contains all of
the current user's active classes + groups, and include styles from that
account up to the root
test plan:
- in a root account, create two sub-accounts, create courses in each of them,
and create 3 users, one enrolled only in the first course, one only in the
second course, and one enrolled in both courses.
- enable global includes on the root account (no sub-accounts yet) add files,
and make sure all three students see them.
- now enable sub-account includes, and add include files to each sub-account
- make sure both users in course 1 see include for sub-account 1
- make sure user 1 sees include for sub-account 1 on her dashboard, but user
3 does not.
Change-Id: I3d07d4bced39593f3084d5eac6ea3137666e319b
Reviewed-on: https://gerrit.instructure.com/12248
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
2012-07-10 05:30:16 +08:00
|
|
|
def allow_global_includes?
|
|
|
|
|
self.global_includes? || self.parent_account.try(:sub_account_includes?)
|
|
|
|
|
end
|
|
|
|
|
|
2012-08-19 02:37:31 +08:00
|
|
|
def global_includes_hash
|
|
|
|
|
includes = {}
|
|
|
|
|
if allow_global_includes?
|
|
|
|
|
includes = {}
|
|
|
|
|
includes[:js] = settings[:global_javascript] if settings[:global_javascript].present?
|
|
|
|
|
includes[:css] = settings[:global_stylesheet] if settings[:global_stylesheet].present?
|
|
|
|
|
end
|
|
|
|
|
includes.present? ? includes : nil
|
|
|
|
|
end
|
|
|
|
|
|
multi-factor authentication closes #9532
test plan:
* enable optional MFA, and check the following:
* normal log in should not be affected
* you can enroll in MFA from your profile page
* you can re-enroll in MFA from your profile page
* you can disable MFA from your profile page
* MFA can be reset by an admin on your user page
* when enrolled, you are asked for verification code after
username/password when logging in
* you can't access any other part of the site directly until
until entering your verification code
* enable required MFA, and check the following
* when not enrolled in MFA, and you log in, you are forced to
enroll
* you cannot disable MFA from your profile page
* you can re-enroll in MFA from your profile page
* an admin (other than himself) can reset MFA from the user page
* for enrolling in MFA
* use Google Authenticator and scan the QR code; you should have
30-seconds or so of extra leeway to enter your code
* having no SMS communication channels on your profile, the
enrollment page should just have a form to add a new phone
* having one or more SMS communication channels on your profile,
the enrollment page should list them, or allow you to create
a new one (and switch back)
* having more than one SMS communication channel on your profile,
the enrollment page should remember which one you have selected
after you click "send"
* an unconfirmed SMS channel should go to confirmed when it's used
to enroll in MFA
* you should not be able to go directly to /login/otp to enroll
if you used "Remember me" token to log in
* MFA login flow
* if configured with SMS, it should send you an SMS after you
put in your username/password; you should have about 5 minutes
of leeway to put it in
* if you don't check "remember computer" checkbox, you should have
to enter a verification code each time you log in
* if you do check it, you shouldn't have to enter your code
anymore (for three days). it also shouldn't SMS you a
verification code each time you log in
* setting MFA to required for admins should make it required for
admins, optional for other users
* with MFA enabled, directly go to /login/otp after entering
username/password but before entering a verification code; it
should send you back to the main login page
* if you enrolled via SMS, you should not be able to remove that
SMS from your profile
* there should not be a reset MFA link on a user page if they
haven't enrolled
* test a login or required enrollment sequence with CAS and/or SAML
Change-Id: I692de7405bf7ca023183e717930ee940ccf0d5e6
Reviewed-on: https://gerrit.instructure.com/12700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-08-03 05:17:50 +08:00
|
|
|
def mfa_settings
|
|
|
|
|
settings[:mfa_settings].try(:to_sym) || :disabled
|
|
|
|
|
end
|
|
|
|
|
|
allow disabling canvas auth for accounts with another auth source
disabling canvas auth also force-disables open registration, and
makes LDAP auth act like full delegated auth (CAS or SAML)
test plan:
* configure LDAP, CAS, or SAML. MAKE SURE YOU CAN LOG IN.
* go to account settings, and disable "Canvas Authentication"
* open registration should no longer show up on account settings
page (after saving)
* ensure you can no longer log in with your Canvas credentials, but
you can with LDAP, CAS, or SAML credentials.
* remove LDAP, CAS, or SAML from the account
* "Canvas Authentication" should no longer show up on the account
settings page, open registration should
* your Canvas credentials should start working again
* add LDAP, CAS, or SAML back
* "Canvas Authentication" should be back on in account settings
Change-Id: Ic7475623e5139bb545a87d8e5b1014dabaf4e854
Reviewed-on: https://gerrit.instructure.com/12850
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
2012-08-11 01:17:08 +08:00
|
|
|
def canvas_authentication?
|
|
|
|
|
settings[:canvas_authentication] != false || !self.account_authorization_config
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def open_registration?
|
|
|
|
|
!!settings[:open_registration] && canvas_authentication?
|
|
|
|
|
end
|
|
|
|
|
|
2013-01-11 05:29:19 +08:00
|
|
|
def self_registration?
|
|
|
|
|
!!settings[:self_registration] && canvas_authentication?
|
|
|
|
|
end
|
|
|
|
|
|
add root account setting for custom terms/privacy
fixes CNVS-6888
testing steps:
* from a console, set a custom privacy and terms url
Setting.set('privacy_policy_url', 'http://custom.example.com/privacy')
Setting.set('terms_of_use_url', 'http://custom.example.com/terms')
* verify the following location all display the new links:
* <canvas>/enroll/<join_code> - with self_enrollments enabled for
the course and currently logged out
* when self registration is disabled at the root account,
will be prompted to authenticate, "View Privacy Policy"
* when self registration is enabled at the root account,
will be prompted to authenticate or register, "View Privacy Policy"
* when logged in as a teacher, prompted to confirm enrollment
"View Privacy Policy"
* <canvas>/register_from_website - when logged out
* page footer links for "Terms of Use" and "Privacy Policy"
* "I'm a teacher", both links at bottom of dialog
* "I'm a student", both links at bottom of dialog
* "Parents sign up here", both links at bottom of dialog
* <canvas>/accounts/<id>/users - click "Add a New User" from
the right sidebar. "View Privacy Policy" in modal dialog.
Change-Id: Ic80c369dcea8483c93fb8adfcd9a80c1d6d3ad6a
Reviewed-on: https://gerrit.instructure.com/22712
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
2013-07-30 01:50:51 +08:00
|
|
|
def terms_of_use_url
|
2013-10-05 04:02:49 +08:00
|
|
|
Setting.get('terms_of_use_url', 'http://www.instructure.com/policies/terms-of-use')
|
add root account setting for custom terms/privacy
fixes CNVS-6888
testing steps:
* from a console, set a custom privacy and terms url
Setting.set('privacy_policy_url', 'http://custom.example.com/privacy')
Setting.set('terms_of_use_url', 'http://custom.example.com/terms')
* verify the following location all display the new links:
* <canvas>/enroll/<join_code> - with self_enrollments enabled for
the course and currently logged out
* when self registration is disabled at the root account,
will be prompted to authenticate, "View Privacy Policy"
* when self registration is enabled at the root account,
will be prompted to authenticate or register, "View Privacy Policy"
* when logged in as a teacher, prompted to confirm enrollment
"View Privacy Policy"
* <canvas>/register_from_website - when logged out
* page footer links for "Terms of Use" and "Privacy Policy"
* "I'm a teacher", both links at bottom of dialog
* "I'm a student", both links at bottom of dialog
* "Parents sign up here", both links at bottom of dialog
* <canvas>/accounts/<id>/users - click "Add a New User" from
the right sidebar. "View Privacy Policy" in modal dialog.
Change-Id: Ic80c369dcea8483c93fb8adfcd9a80c1d6d3ad6a
Reviewed-on: https://gerrit.instructure.com/22712
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
2013-07-30 01:50:51 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def privacy_policy_url
|
2013-10-05 04:02:49 +08:00
|
|
|
Setting.get('privacy_policy_url', 'http://www.instructure.com/policies/privacy-policy-instructure')
|
add root account setting for custom terms/privacy
fixes CNVS-6888
testing steps:
* from a console, set a custom privacy and terms url
Setting.set('privacy_policy_url', 'http://custom.example.com/privacy')
Setting.set('terms_of_use_url', 'http://custom.example.com/terms')
* verify the following location all display the new links:
* <canvas>/enroll/<join_code> - with self_enrollments enabled for
the course and currently logged out
* when self registration is disabled at the root account,
will be prompted to authenticate, "View Privacy Policy"
* when self registration is enabled at the root account,
will be prompted to authenticate or register, "View Privacy Policy"
* when logged in as a teacher, prompted to confirm enrollment
"View Privacy Policy"
* <canvas>/register_from_website - when logged out
* page footer links for "Terms of Use" and "Privacy Policy"
* "I'm a teacher", both links at bottom of dialog
* "I'm a student", both links at bottom of dialog
* "Parents sign up here", both links at bottom of dialog
* <canvas>/accounts/<id>/users - click "Add a New User" from
the right sidebar. "View Privacy Policy" in modal dialog.
Change-Id: Ic80c369dcea8483c93fb8adfcd9a80c1d6d3ad6a
Reviewed-on: https://gerrit.instructure.com/22712
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
2013-07-30 01:50:51 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def terms_required?
|
2013-10-05 04:02:49 +08:00
|
|
|
Setting.get('terms_required', 'true') == 'true'
|
add root account setting for custom terms/privacy
fixes CNVS-6888
testing steps:
* from a console, set a custom privacy and terms url
Setting.set('privacy_policy_url', 'http://custom.example.com/privacy')
Setting.set('terms_of_use_url', 'http://custom.example.com/terms')
* verify the following location all display the new links:
* <canvas>/enroll/<join_code> - with self_enrollments enabled for
the course and currently logged out
* when self registration is disabled at the root account,
will be prompted to authenticate, "View Privacy Policy"
* when self registration is enabled at the root account,
will be prompted to authenticate or register, "View Privacy Policy"
* when logged in as a teacher, prompted to confirm enrollment
"View Privacy Policy"
* <canvas>/register_from_website - when logged out
* page footer links for "Terms of Use" and "Privacy Policy"
* "I'm a teacher", both links at bottom of dialog
* "I'm a student", both links at bottom of dialog
* "Parents sign up here", both links at bottom of dialog
* <canvas>/accounts/<id>/users - click "Add a New User" from
the right sidebar. "View Privacy Policy" in modal dialog.
Change-Id: Ic80c369dcea8483c93fb8adfcd9a80c1d6d3ad6a
Reviewed-on: https://gerrit.instructure.com/22712
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
2013-07-30 01:50:51 +08:00
|
|
|
end
|
|
|
|
|
|
2013-07-30 05:28:02 +08:00
|
|
|
def require_acceptance_of_terms?(user)
|
|
|
|
|
return false if !terms_required?
|
|
|
|
|
return true if user.nil? || user.new_record?
|
|
|
|
|
terms_changed_at = settings[:terms_changed_at]
|
|
|
|
|
last_accepted = user.preferences[:accepted_terms]
|
2013-08-16 04:16:05 +08:00
|
|
|
return false if terms_changed_at.nil? && user.registered? # make sure existing users are grandfathered in
|
2013-07-31 03:50:49 +08:00
|
|
|
return false if last_accepted && (terms_changed_at.nil? || last_accepted > terms_changed_at)
|
2013-07-30 05:28:02 +08:00
|
|
|
true
|
|
|
|
|
end
|
|
|
|
|
|
2011-01-18 14:39:47 +08:00
|
|
|
def ip_filters=(params)
|
|
|
|
|
filters = {}
|
|
|
|
|
require 'ipaddr'
|
|
|
|
|
params.each do |key, str|
|
|
|
|
|
ips = []
|
|
|
|
|
vals = str.split(/,/)
|
|
|
|
|
vals.each do |val|
|
|
|
|
|
ip = IPAddr.new(val) rescue nil
|
|
|
|
|
# right now the ip_filter column on quizzes is just a string,
|
|
|
|
|
# so it has a max length. I figure whatever we set it to this
|
|
|
|
|
# setter should at the very least limit stored values to that
|
|
|
|
|
# length.
|
|
|
|
|
ips << val if ip && val.length <= 255
|
|
|
|
|
end
|
|
|
|
|
filters[key] = ips.join(',') unless ips.empty?
|
|
|
|
|
end
|
|
|
|
|
settings[:ip_filters] = filters
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def ensure_defaults
|
2011-04-15 06:09:37 +08:00
|
|
|
self.uuid ||= AutoHandle.generate_securish_uuid
|
2013-03-11 05:49:17 +08:00
|
|
|
self.lti_guid ||= self.uuid if self.respond_to?(:lti_guid)
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
2013-03-11 05:49:17 +08:00
|
|
|
|
2011-06-01 04:47:28 +08:00
|
|
|
def verify_unique_sis_source_id
|
|
|
|
|
return true unless self.sis_source_id
|
|
|
|
|
if self.root_account?
|
2011-11-17 00:47:54 +08:00
|
|
|
self.errors.add(:sis_source_id, t('#account.root_account_cant_have_sis_id', "SIS IDs cannot be set on root accounts"))
|
|
|
|
|
return false
|
2011-06-01 04:47:28 +08:00
|
|
|
end
|
2011-11-17 00:47:54 +08:00
|
|
|
|
|
|
|
|
root = self.root_account
|
|
|
|
|
existing_account = Account.find_by_root_account_id_and_sis_source_id(root.id, self.sis_source_id)
|
2011-06-01 04:47:28 +08:00
|
|
|
|
2011-11-17 00:47:54 +08:00
|
|
|
return true if !existing_account || existing_account.id == self.id
|
|
|
|
|
|
2011-06-16 04:39:32 +08:00
|
|
|
self.errors.add(:sis_source_id, t('#account.sis_id_in_use', "SIS ID \"%{sis_id}\" is already in use", :sis_id => self.sis_source_id))
|
2011-06-01 04:47:28 +08:00
|
|
|
false
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def set_update_account_associations_if_changed
|
|
|
|
|
self.root_account_id ||= self.parent_account.root_account_id if self.parent_account
|
2011-02-09 07:09:04 +08:00
|
|
|
self.root_account_id ||= self.parent_account_id
|
2011-02-01 09:57:29 +08:00
|
|
|
self.parent_account_id ||= self.root_account_id
|
|
|
|
|
Account.invalidate_cache(self.id) if self.id
|
|
|
|
|
@should_update_account_associations = self.parent_account_id_changed? || self.root_account_id_changed?
|
|
|
|
|
true
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def update_account_associations_if_changed
|
|
|
|
|
send_later_if_production(:update_account_associations) if @should_update_account_associations
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def equella_settings
|
2011-02-03 05:30:07 +08:00
|
|
|
endpoint = self.settings[:equella_endpoint] || self.equella_endpoint
|
|
|
|
|
if !endpoint.blank?
|
2011-02-01 09:57:29 +08:00
|
|
|
OpenObject.new({
|
2011-02-03 05:30:07 +08:00
|
|
|
:endpoint => endpoint,
|
|
|
|
|
:default_action => self.settings[:equella_action] || 'selectOrAdd',
|
|
|
|
|
:teaser => self.settings[:equella_teaser]
|
2011-02-01 09:57:29 +08:00
|
|
|
})
|
2011-02-03 05:30:07 +08:00
|
|
|
else
|
|
|
|
|
nil
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def settings
|
2011-08-05 03:10:53 +08:00
|
|
|
result = self.read_attribute(:settings)
|
|
|
|
|
return result if result
|
2013-03-22 07:32:21 +08:00
|
|
|
return write_attribute(:settings, {}) unless frozen?
|
2011-08-05 03:10:53 +08:00
|
|
|
{}.freeze
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
2011-04-27 23:30:56 +08:00
|
|
|
def domain
|
|
|
|
|
HostUrl.context_host(self)
|
|
|
|
|
end
|
|
|
|
|
|
2011-06-01 04:47:28 +08:00
|
|
|
def root_account?
|
|
|
|
|
!self.root_account_id
|
|
|
|
|
end
|
2011-12-28 05:57:56 +08:00
|
|
|
|
|
|
|
|
def root_account_with_self
|
|
|
|
|
return self if self.root_account?
|
|
|
|
|
root_account_without_self
|
|
|
|
|
end
|
|
|
|
|
alias_method_chain :root_account, :self
|
|
|
|
|
|
2011-08-05 23:38:31 +08:00
|
|
|
def sub_accounts_as_options(indent = 0, preloaded_accounts = nil)
|
|
|
|
|
unless preloaded_accounts
|
|
|
|
|
preloaded_accounts = {}
|
2011-12-28 05:57:56 +08:00
|
|
|
self.root_account.all_accounts.active.each do |account|
|
2011-08-05 23:38:31 +08:00
|
|
|
(preloaded_accounts[account.parent_account_id] ||= []) << account
|
|
|
|
|
end
|
|
|
|
|
end
|
2011-02-23 03:38:54 +08:00
|
|
|
res = [[(" " * indent).html_safe + self.name, self.id]]
|
2011-08-05 23:38:31 +08:00
|
|
|
if preloaded_accounts[self.id]
|
|
|
|
|
preloaded_accounts[self.id].each do |account|
|
|
|
|
|
res += account.sub_accounts_as_options(indent + 1, preloaded_accounts)
|
|
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
res
|
|
|
|
|
end
|
2013-06-07 20:59:27 +08:00
|
|
|
|
|
|
|
|
def users_visible_to(user)
|
|
|
|
|
self.grants_right?(user, nil, :read) ? self.all_users : self.all_users.where("?", false)
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def users_name_like(query="")
|
|
|
|
|
@cached_users_name_like ||= {}
|
|
|
|
|
@cached_users_name_like[query] ||= self.fast_all_users.name_like(query)
|
|
|
|
|
end
|
2011-05-27 06:23:06 +08:00
|
|
|
|
2013-06-04 05:04:55 +08:00
|
|
|
def associated_courses
|
|
|
|
|
Course.shard(shard).where("EXISTS (SELECT 1 FROM course_account_associations WHERE course_id=courses.id AND account_id=?)", self)
|
|
|
|
|
end
|
|
|
|
|
|
2011-05-27 06:23:06 +08:00
|
|
|
def fast_course_base(opts)
|
2012-04-06 03:23:56 +08:00
|
|
|
columns = "courses.id, courses.name, courses.workflow_state, courses.course_code, courses.sis_source_id, courses.enrollment_term_id"
|
2011-05-27 06:23:06 +08:00
|
|
|
associated_courses = self.associated_courses.active
|
2011-08-17 05:49:53 +08:00
|
|
|
associated_courses = associated_courses.with_enrollments if opts[:hide_enrollmentless_courses]
|
2011-05-27 06:23:06 +08:00
|
|
|
associated_courses = associated_courses.for_term(opts[:term]) if opts[:term].present?
|
2011-06-28 08:01:05 +08:00
|
|
|
associated_courses = yield associated_courses if block_given?
|
2013-06-04 05:04:55 +08:00
|
|
|
associated_courses.limit(opts[:limit]).active_first.select(columns).all
|
2011-05-27 06:23:06 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def fast_all_courses(opts={})
|
2011-02-01 09:57:29 +08:00
|
|
|
@cached_fast_all_courses ||= {}
|
2011-06-28 08:01:05 +08:00
|
|
|
@cached_fast_all_courses[opts] ||= self.fast_course_base(opts)
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
2011-05-27 06:23:06 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def all_users(limit=250)
|
|
|
|
|
@cached_all_users ||= {}
|
2013-03-19 03:07:47 +08:00
|
|
|
@cached_all_users[limit] ||= User.of_account(self).limit(limit)
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def fast_all_users(limit=nil)
|
|
|
|
|
@cached_fast_all_users ||= {}
|
2013-03-08 07:23:32 +08:00
|
|
|
@cached_fast_all_users[limit] ||= self.all_users(limit).active.select("users.id, users.name, users.sortable_name").order_by_sortable_name
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
2011-10-29 07:19:11 +08:00
|
|
|
|
|
|
|
|
def users_not_in_groups_sql(groups, opts={})
|
2013-06-07 20:59:27 +08:00
|
|
|
["SELECT users.id, users.name
|
|
|
|
|
FROM users
|
|
|
|
|
INNER JOIN user_account_associations uaa on uaa.user_id = users.id
|
|
|
|
|
WHERE uaa.account_id = ? AND users.workflow_state != 'deleted'
|
2013-01-09 06:06:48 +08:00
|
|
|
#{Group.not_in_group_sql_fragment(groups)}
|
2011-10-29 07:19:11 +08:00
|
|
|
#{"ORDER BY #{opts[:order_by]}" if opts[:order_by].present?}", self.id]
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def users_not_in_groups(groups)
|
|
|
|
|
User.find_by_sql(users_not_in_groups_sql(groups))
|
|
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
|
|
|
|
|
def paginate_users_not_in_groups(groups, page, per_page = 15)
|
2013-06-07 20:59:27 +08:00
|
|
|
User.paginate_by_sql(users_not_in_groups_sql(groups, :order_by => "#{User.sortable_name_order_by_clause('users')} ASC"),
|
2011-10-29 07:19:11 +08:00
|
|
|
:page => page, :per_page => per_page)
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
2011-05-27 06:23:06 +08:00
|
|
|
|
|
|
|
|
def courses_name_like(query="", opts={})
|
|
|
|
|
opts[:limit] ||= 200
|
|
|
|
|
@cached_courses_name_like ||= {}
|
|
|
|
|
@cached_courses_name_like[[query, opts]] ||= self.fast_course_base(opts) {|q| q.name_like(query)}
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
2012-12-07 14:28:37 +08:00
|
|
|
def self_enrollment_course_for(code)
|
|
|
|
|
all_courses.
|
2013-01-29 08:36:31 +08:00
|
|
|
where(:self_enrollment_code => code).
|
2012-12-07 14:28:37 +08:00
|
|
|
first
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def file_namespace
|
2013-04-19 02:34:50 +08:00
|
|
|
Shard.birth.activate { "account_#{self.root_account.id}" }
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.account_lookup_cache_key(id)
|
2011-09-28 04:36:33 +08:00
|
|
|
['_account_lookup2', id].cache_key
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.invalidate_cache(id)
|
|
|
|
|
Rails.cache.delete(account_lookup_cache_key(id)) if id
|
|
|
|
|
rescue
|
|
|
|
|
nil
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def quota
|
|
|
|
|
Rails.cache.fetch(['current_quota', self].cache_key) do
|
2011-06-18 00:46:48 +08:00
|
|
|
read_attribute(:storage_quota) ||
|
|
|
|
|
(self.parent_account.default_storage_quota rescue nil) ||
|
2013-10-05 04:02:49 +08:00
|
|
|
Setting.get('account_default_quota', 500.megabytes.to_s).to_i
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def default_storage_quota
|
|
|
|
|
read_attribute(:default_storage_quota) ||
|
2011-06-18 00:46:48 +08:00
|
|
|
(self.parent_account.default_storage_quota rescue nil) ||
|
2013-10-05 04:02:49 +08:00
|
|
|
Setting.get('account_default_quota', 500.megabytes.to_s).to_i
|
2011-06-18 00:46:48 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def default_storage_quota_mb
|
2011-06-18 04:19:46 +08:00
|
|
|
default_storage_quota / 1.megabyte
|
2011-06-18 00:46:48 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def default_storage_quota_mb=(val)
|
2011-07-09 21:22:33 +08:00
|
|
|
self.default_storage_quota = val.try(:to_i).try(:megabytes)
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def default_storage_quota=(val)
|
|
|
|
|
val = val.to_f
|
|
|
|
|
val = nil if val <= 0
|
|
|
|
|
# If the value is the same as the inherited value, then go
|
|
|
|
|
# ahead and blank it so it keeps using the inherited value
|
|
|
|
|
if parent_account && parent_account.default_storage_quota == val
|
|
|
|
|
val = nil
|
|
|
|
|
end
|
|
|
|
|
write_attribute(:default_storage_quota, val)
|
|
|
|
|
end
|
2012-07-03 03:16:08 +08:00
|
|
|
|
|
|
|
|
def default_user_storage_quota
|
|
|
|
|
read_attribute(:default_user_storage_quota) ||
|
|
|
|
|
User.default_storage_quota
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def default_user_storage_quota=(val)
|
|
|
|
|
val = val.to_i
|
|
|
|
|
val = nil if val == User.default_storage_quota || val <= 0
|
|
|
|
|
write_attribute(:default_user_storage_quota, val)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def default_user_storage_quota_mb
|
|
|
|
|
default_user_storage_quota / 1.megabyte
|
|
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
|
2012-07-03 03:16:08 +08:00
|
|
|
def default_user_storage_quota_mb=(val)
|
|
|
|
|
self.default_user_storage_quota = val.try(:to_i).try(:megabytes)
|
|
|
|
|
end
|
|
|
|
|
|
2013-06-05 02:50:15 +08:00
|
|
|
def default_group_storage_quota
|
|
|
|
|
read_attribute(:default_group_storage_quota) ||
|
|
|
|
|
Group.default_storage_quota
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def default_group_storage_quota=(val)
|
|
|
|
|
val = val.to_i
|
|
|
|
|
val = nil if val == Group.default_storage_quota || val <= 0
|
|
|
|
|
write_attribute(:default_group_storage_quota, val)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def default_group_storage_quota_mb
|
|
|
|
|
default_group_storage_quota / 1.megabyte
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def default_group_storage_quota_mb=(val)
|
|
|
|
|
self.default_group_storage_quota = val.try(:to_i).try(:megabytes)
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def turnitin_shared_secret=(secret)
|
|
|
|
|
return if secret.blank?
|
|
|
|
|
self.turnitin_crypted_secret, self.turnitin_salt = Canvas::Security.encrypt_password(secret, 'instructure_turnitin_secret_shared')
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def turnitin_shared_secret
|
|
|
|
|
return nil unless self.turnitin_salt && self.turnitin_crypted_secret
|
|
|
|
|
Canvas::Security.decrypt_password(self.turnitin_crypted_secret, self.turnitin_salt, 'instructure_turnitin_secret_shared')
|
|
|
|
|
end
|
2012-08-15 00:19:31 +08:00
|
|
|
|
2011-08-13 00:12:13 +08:00
|
|
|
def account_chain(opts = {})
|
2011-02-01 09:57:29 +08:00
|
|
|
res = [self]
|
2012-08-07 00:20:48 +08:00
|
|
|
|
2013-03-08 08:08:47 +08:00
|
|
|
if ActiveRecord::Base.configurations[Rails.env]['adapter'] == 'postgresql'
|
2013-01-30 06:10:51 +08:00
|
|
|
self.shard.activate do
|
|
|
|
|
res.concat Account.find_by_sql(<<-SQL) if self.parent_account_id
|
|
|
|
|
WITH RECURSIVE t AS (
|
|
|
|
|
SELECT * FROM accounts WHERE id=#{self.parent_account_id}
|
|
|
|
|
UNION
|
|
|
|
|
SELECT accounts.* FROM accounts INNER JOIN t ON accounts.id=t.parent_account_id
|
|
|
|
|
)
|
|
|
|
|
SELECT * FROM t
|
|
|
|
|
SQL
|
|
|
|
|
end
|
2012-08-07 00:20:48 +08:00
|
|
|
else
|
|
|
|
|
account = self
|
|
|
|
|
while account.parent_account
|
|
|
|
|
account = account.parent_account
|
|
|
|
|
res << account
|
|
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
2012-08-07 00:20:48 +08:00
|
|
|
res << self.root_account unless res.map(&:id).include?(self.root_account_id)
|
2011-08-13 00:12:13 +08:00
|
|
|
res << Account.site_admin if opts[:include_site_admin] && !self.site_admin?
|
2011-05-16 06:44:58 +08:00
|
|
|
res.compact
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
2012-01-18 04:35:11 +08:00
|
|
|
|
2012-08-07 00:20:48 +08:00
|
|
|
def account_chain_loop
|
|
|
|
|
# this record hasn't been saved to the db yet, so if the the chain includes
|
|
|
|
|
# this account, it won't point to the new parent yet, and should still be
|
|
|
|
|
# valid
|
|
|
|
|
if self.parent_account.account_chain_ids.include?(self.id)
|
|
|
|
|
errors.add(:parent_account_id,
|
|
|
|
|
"Setting account #{self.sis_source_id || self.id}'s parent to #{self.parent_account.sis_source_id || self.parent_account_id} would create a loop")
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2012-08-15 00:19:31 +08:00
|
|
|
# returns all sub_accounts recursively as far down as they go, in id order
|
|
|
|
|
# because this uses a custom sql query for postgresql, we can't use a normal
|
|
|
|
|
# named scope, so we pass the limit and offset into the method instead and
|
|
|
|
|
# build our own query string
|
|
|
|
|
def sub_accounts_recursive(limit, offset)
|
2013-03-08 08:08:47 +08:00
|
|
|
if ActiveRecord::Base.configurations[Rails.env]['adapter'] == 'postgresql'
|
2012-08-15 00:19:31 +08:00
|
|
|
Account.find_by_sql([<<-SQL, self.id, limit.to_i, offset.to_i])
|
|
|
|
|
WITH RECURSIVE t AS (
|
2013-06-06 02:08:00 +08:00
|
|
|
SELECT * FROM accounts
|
|
|
|
|
WHERE parent_account_id = ? AND workflow_state <>'deleted'
|
2012-08-15 00:19:31 +08:00
|
|
|
UNION
|
2013-06-06 02:08:00 +08:00
|
|
|
SELECT accounts.* FROM accounts
|
|
|
|
|
INNER JOIN t ON accounts.parent_account_id = t.id
|
|
|
|
|
WHERE accounts.workflow_state <>'deleted'
|
2012-08-15 00:19:31 +08:00
|
|
|
)
|
|
|
|
|
SELECT * FROM t ORDER BY parent_account_id, id LIMIT ? OFFSET ?
|
|
|
|
|
SQL
|
|
|
|
|
else
|
|
|
|
|
account_descendents = lambda do |id|
|
2013-06-06 02:08:00 +08:00
|
|
|
as = Account.where(:parent_account_id => id).active.order(:id)
|
2012-08-15 00:19:31 +08:00
|
|
|
as.empty? ?
|
|
|
|
|
[] :
|
|
|
|
|
as << as.map { |a| account_descendents.call(a.id) }
|
|
|
|
|
end
|
|
|
|
|
account_descendents.call(id).flatten[offset, limit]
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2012-01-18 04:35:11 +08:00
|
|
|
def associated_accounts
|
|
|
|
|
self.account_chain
|
|
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
|
2011-09-08 13:20:55 +08:00
|
|
|
def account_chain_ids(opts={})
|
|
|
|
|
account_chain(opts).map(&:id)
|
|
|
|
|
end
|
|
|
|
|
memoize :account_chain_ids
|
2012-03-10 01:30:31 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def membership_for_user(user)
|
|
|
|
|
self.account_users.find_by_user_id(user && user.id)
|
|
|
|
|
end
|
2012-03-10 01:30:31 +08:00
|
|
|
|
2012-12-27 04:09:58 +08:00
|
|
|
def available_custom_account_roles
|
|
|
|
|
account_roles = roles.for_accounts.active
|
|
|
|
|
account_roles |= self.parent_account.available_custom_account_roles if self.parent_account
|
|
|
|
|
account_roles
|
|
|
|
|
end
|
|
|
|
|
|
2012-11-30 05:23:30 +08:00
|
|
|
def available_account_roles
|
|
|
|
|
account_roles = roles.for_accounts.active.map(&:name)
|
|
|
|
|
account_roles |= ['AccountAdmin']
|
2012-12-08 03:28:30 +08:00
|
|
|
account_roles |= self.parent_account.available_account_roles if self.parent_account
|
2012-11-30 05:23:30 +08:00
|
|
|
account_roles
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
2011-08-13 00:12:13 +08:00
|
|
|
|
2012-12-13 23:24:21 +08:00
|
|
|
def available_course_roles(include_inactive=false)
|
|
|
|
|
available_course_roles_by_name(include_inactive).keys
|
2012-11-27 03:27:24 +08:00
|
|
|
end
|
|
|
|
|
|
2012-12-13 23:24:21 +08:00
|
|
|
def available_course_roles_by_name(include_inactive=false)
|
|
|
|
|
scope = include_inactive ? roles.for_courses.not_deleted : roles.for_courses.active
|
2012-12-08 03:28:30 +08:00
|
|
|
role_map = {}
|
2012-12-13 23:24:21 +08:00
|
|
|
scope.each { |role| role_map[role.name] = role }
|
|
|
|
|
role_map.reverse_merge!(parent_account.available_course_roles_by_name(include_inactive)) if parent_account
|
2012-12-08 03:28:30 +08:00
|
|
|
role_map
|
|
|
|
|
end
|
|
|
|
|
|
2012-11-27 03:27:24 +08:00
|
|
|
def get_course_role(role_name)
|
2012-12-15 05:44:50 +08:00
|
|
|
course_role = self.roles.for_courses.not_deleted.find_by_name(role_name)
|
2012-11-27 03:27:24 +08:00
|
|
|
course_role ||= self.parent_account.get_course_role(role_name) if self.parent_account
|
|
|
|
|
course_role
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def has_role?(role_name)
|
2013-03-19 03:07:47 +08:00
|
|
|
!!roles.not_deleted.where(:roles => { :name => role_name}).first
|
2012-11-30 05:23:30 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def find_role(role_name)
|
|
|
|
|
roles.not_deleted.find_by_name(role_name) || (parent_account && parent_account.find_role(role_name))
|
2012-11-27 03:27:24 +08:00
|
|
|
end
|
|
|
|
|
|
2011-06-08 22:17:06 +08:00
|
|
|
def account_authorization_config
|
|
|
|
|
# We support multiple auth configs per account, but several places we assume there is only one.
|
|
|
|
|
# This is for compatibility with those areas. TODO: migrate everything to supporting multiple
|
|
|
|
|
# auth configs
|
|
|
|
|
self.account_authorization_configs.first
|
|
|
|
|
end
|
|
|
|
|
|
2011-07-09 00:36:32 +08:00
|
|
|
def login_handle_name_is_customized?
|
2011-07-20 04:54:43 +08:00
|
|
|
self.account_authorization_config && self.account_authorization_config.login_handle_name.present?
|
2011-07-09 00:36:32 +08:00
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def login_handle_name
|
2011-07-09 00:36:32 +08:00
|
|
|
login_handle_name_is_customized? ? self.account_authorization_config.login_handle_name :
|
2011-10-29 03:33:49 +08:00
|
|
|
(self.delegated_authentication? ? AccountAuthorizationConfig.default_delegated_login_handle_name :
|
|
|
|
|
AccountAuthorizationConfig.default_login_handle_name)
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self_and_all_sub_accounts
|
2013-03-19 03:07:47 +08:00
|
|
|
@self_and_all_sub_accounts ||= Account.where("root_account_id=? OR parent_account_id=?", self, self).pluck(:id).uniq + [self.id]
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
workflow do
|
|
|
|
|
state :active
|
|
|
|
|
state :deleted
|
|
|
|
|
end
|
2011-08-13 00:12:13 +08:00
|
|
|
|
|
|
|
|
def account_users_for(user)
|
2012-09-18 03:22:39 +08:00
|
|
|
return [] unless user
|
2011-08-13 00:12:13 +08:00
|
|
|
@account_users_cache ||= {}
|
2012-09-18 03:22:39 +08:00
|
|
|
if self == Account.site_admin
|
2013-10-05 04:25:07 +08:00
|
|
|
@account_users_cache[user] ||= Rails.cache.fetch('all_site_admin_account_users') do
|
2012-09-18 03:22:39 +08:00
|
|
|
self.account_users.all
|
2012-11-26 11:13:55 +08:00
|
|
|
end.select { |au| au.user_id == user.id }.each { |au| au.account = self }
|
2012-09-18 03:22:39 +08:00
|
|
|
else
|
|
|
|
|
@account_chain_ids ||= self.account_chain(:include_site_admin => true).map { |a| a.active? ? a.id : nil }.compact
|
|
|
|
|
@account_users_cache[user] ||= Shard.partition_by_shard(@account_chain_ids) do |account_chain_ids|
|
|
|
|
|
if account_chain_ids == [Account.site_admin.id]
|
|
|
|
|
Account.site_admin.account_users_for(user)
|
|
|
|
|
else
|
2013-03-19 03:07:47 +08:00
|
|
|
AccountUser.where(:account_id => account_chain_ids, :user_id => user).all
|
2012-09-18 03:22:39 +08:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
2011-08-13 00:12:13 +08:00
|
|
|
@account_users_cache[user] ||= []
|
|
|
|
|
@account_users_cache[user]
|
|
|
|
|
end
|
2012-02-21 06:57:32 +08:00
|
|
|
|
|
|
|
|
# returns all account users for this entire account tree
|
|
|
|
|
def all_account_users_for(user)
|
|
|
|
|
raise "must be a root account" unless self.root_account?
|
|
|
|
|
Shard.partition_by_shard([self, Account.site_admin].uniq) do |accounts|
|
2013-03-19 03:07:47 +08:00
|
|
|
AccountUser.includes(:account).joins(:account).where("user_id=? AND (root_account_id IN (?) OR account_id IN (?))", user, accounts, accounts)
|
2012-02-21 06:57:32 +08:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
set_policy do
|
2012-02-28 23:50:10 +08:00
|
|
|
enrollment_types = RoleOverride.enrollment_types.map { |role| role[:name] }
|
|
|
|
|
RoleOverride.permissions.each do |permission, details|
|
2012-12-07 07:15:53 +08:00
|
|
|
given { |user| self.account_users_for(user).any? { |au| au.has_permission_to?(self, permission) && (!details[:if] || send(details[:if])) } }
|
2011-07-14 00:24:17 +08:00
|
|
|
can permission
|
2012-03-31 03:40:12 +08:00
|
|
|
can :create_courses if permission == :manage_courses
|
2012-02-28 23:50:10 +08:00
|
|
|
|
|
|
|
|
next unless details[:account_only]
|
|
|
|
|
((details[:available_to] | details[:true_for]) & enrollment_types).each do |role|
|
|
|
|
|
given { |user| user && RoleOverride.permission_for(self, permission, role)[:enabled] &&
|
2013-03-19 03:07:47 +08:00
|
|
|
self.course_account_associations.joins('INNER JOIN enrollments ON course_account_associations.course_id=enrollments.course_id').
|
|
|
|
|
where("enrollments.type=? AND enrollments.workflow_state IN ('active', 'completed') AND user_id=?", role, user).first &&
|
2012-08-17 06:41:43 +08:00
|
|
|
(!details[:if] || send(details[:if])) }
|
2012-02-28 23:50:10 +08:00
|
|
|
can permission
|
|
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
2011-08-13 00:12:13 +08:00
|
|
|
given { |user| !self.account_users_for(user).empty? }
|
2012-11-01 04:28:33 +08:00
|
|
|
can :read and can :manage and can :update and can :delete and can :read_outcomes
|
2011-08-10 06:09:17 +08:00
|
|
|
|
|
|
|
|
given { |user|
|
|
|
|
|
result = false
|
|
|
|
|
|
2013-03-19 03:07:47 +08:00
|
|
|
if !site_admin? && user
|
|
|
|
|
scope = user.enrollments.where(:root_account_id => root_account).where("enrollments.workflow_state<>'deleted'")
|
|
|
|
|
result = root_account.teachers_can_create_courses? &&
|
|
|
|
|
scope.where(:type => ['TeacherEnrollment', 'DesignerEnrollment']).exists?
|
|
|
|
|
result ||= root_account.students_can_create_courses? &&
|
|
|
|
|
scope.where(:type => ['StudentEnrollment', 'ObserverEnrollment']).exists?
|
|
|
|
|
result ||= root_account.no_enrollments_can_create_courses? &&
|
2013-04-23 13:13:07 +08:00
|
|
|
!scope.exists?
|
2011-08-10 06:09:17 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
result
|
|
|
|
|
}
|
|
|
|
|
can :create_courses
|
2012-11-01 04:28:33 +08:00
|
|
|
|
|
|
|
|
# any logged in user can read global outcomes, but must be checked against the site admin
|
|
|
|
|
given{ |user,session| self.site_admin? && user }
|
|
|
|
|
can :read_global_outcomes
|
|
|
|
|
|
|
|
|
|
# any user with an association to this account can read the outcomes in the account
|
|
|
|
|
given{ |user,session| user && self.user_account_associations.find_by_user_id(user.id) }
|
|
|
|
|
can :read_outcomes
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
alias_method :destroy!, :destroy
|
|
|
|
|
def destroy
|
|
|
|
|
self.workflow_state = 'deleted'
|
|
|
|
|
self.deleted_at = Time.now
|
|
|
|
|
save!
|
|
|
|
|
end
|
2012-04-11 03:54:42 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def to_atom
|
|
|
|
|
Atom::Entry.new do |entry|
|
|
|
|
|
entry.title = self.name
|
|
|
|
|
entry.updated = self.updated_at
|
|
|
|
|
entry.published = self.created_at
|
|
|
|
|
entry.links << Atom::Link.new(:rel => 'alternate',
|
|
|
|
|
:href => "/accounts/#{self.id}")
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def default_enrollment_term
|
2011-05-07 02:22:03 +08:00
|
|
|
return @default_enrollment_term if @default_enrollment_term
|
2011-12-28 05:38:15 +08:00
|
|
|
if self.root_account?
|
2011-08-03 21:49:38 +08:00
|
|
|
@default_enrollment_term = self.enrollment_terms.active.find_or_create_by_name(EnrollmentTerm::DEFAULT_TERM_NAME)
|
2011-02-08 07:11:00 +08:00
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def add_user(user, membership_type = nil)
|
|
|
|
|
return nil unless user && user.is_a?(User)
|
|
|
|
|
membership_type ||= 'AccountAdmin'
|
2011-05-14 00:49:23 +08:00
|
|
|
au = self.account_users.find_by_user_id_and_membership_type(user.id, membership_type)
|
|
|
|
|
au ||= self.account_users.create(:user => user, :membership_type => membership_type)
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def context_code
|
2013-03-08 08:08:47 +08:00
|
|
|
raise "DONT USE THIS, use .short_name instead" unless Rails.env.production?
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def short_name
|
|
|
|
|
name
|
|
|
|
|
end
|
|
|
|
|
|
2012-12-07 14:28:37 +08:00
|
|
|
# can be set/overridden by plugin to enforce email pseudonyms
|
|
|
|
|
attr_accessor :email_pseudonyms
|
2013-03-29 05:19:35 +08:00
|
|
|
|
|
|
|
|
def password_policy
|
|
|
|
|
Canvas::PasswordPolicy.default_policy.merge(settings[:password_policy] || {})
|
|
|
|
|
end
|
|
|
|
|
|
2011-04-08 07:01:32 +08:00
|
|
|
def password_authentication?
|
2011-02-01 09:57:29 +08:00
|
|
|
!!(!self.account_authorization_config || self.account_authorization_config.password_authentication?)
|
|
|
|
|
end
|
2011-04-08 07:01:32 +08:00
|
|
|
|
|
|
|
|
def delegated_authentication?
|
allow disabling canvas auth for accounts with another auth source
disabling canvas auth also force-disables open registration, and
makes LDAP auth act like full delegated auth (CAS or SAML)
test plan:
* configure LDAP, CAS, or SAML. MAKE SURE YOU CAN LOG IN.
* go to account settings, and disable "Canvas Authentication"
* open registration should no longer show up on account settings
page (after saving)
* ensure you can no longer log in with your Canvas credentials, but
you can with LDAP, CAS, or SAML credentials.
* remove LDAP, CAS, or SAML from the account
* "Canvas Authentication" should no longer show up on the account
settings page, open registration should
* your Canvas credentials should start working again
* add LDAP, CAS, or SAML back
* "Canvas Authentication" should be back on in account settings
Change-Id: Ic7475623e5139bb545a87d8e5b1014dabaf4e854
Reviewed-on: https://gerrit.instructure.com/12850
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
2012-08-11 01:17:08 +08:00
|
|
|
!canvas_authentication? || !!(self.account_authorization_config && self.account_authorization_config.delegated_authentication?)
|
2011-04-08 07:01:32 +08:00
|
|
|
end
|
2011-11-22 03:28:20 +08:00
|
|
|
|
2011-05-24 09:14:52 +08:00
|
|
|
def forgot_password_external_url
|
|
|
|
|
account_authorization_config.try(:change_password_url)
|
|
|
|
|
end
|
2011-04-08 07:01:32 +08:00
|
|
|
|
|
|
|
|
def cas_authentication?
|
|
|
|
|
!!(self.account_authorization_config && self.account_authorization_config.cas_authentication?)
|
|
|
|
|
end
|
2012-10-23 03:54:10 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def ldap_authentication?
|
2012-10-23 03:54:10 +08:00
|
|
|
self.account_authorization_configs.any? { |aac| aac.ldap_authentication? }
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
2012-10-23 03:54:10 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def saml_authentication?
|
2013-07-02 06:34:40 +08:00
|
|
|
!!(self.account_authorization_config && self.account_authorization_config.saml_authentication?) && AccountAuthorizationConfig.saml_enabled
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
2012-09-29 06:02:02 +08:00
|
|
|
|
|
|
|
|
def multi_auth?
|
|
|
|
|
self.account_authorization_configs.count > 1
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def auth_discovery_url=(url)
|
|
|
|
|
self.settings[:auth_discovery_url] = url
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def auth_discovery_url
|
|
|
|
|
self.settings[:auth_discovery_url]
|
|
|
|
|
end
|
2012-10-11 02:58:09 +08:00
|
|
|
|
|
|
|
|
def validate_auth_discovery_url
|
|
|
|
|
return if self.settings[:auth_discovery_url].blank?
|
|
|
|
|
|
|
|
|
|
begin
|
|
|
|
|
value, uri = CustomValidations.validate_url(self.settings[:auth_discovery_url])
|
|
|
|
|
self.auth_discovery_url = value
|
|
|
|
|
rescue URI::InvalidURIError, ArgumentError
|
|
|
|
|
errors.add(:discovery_url, t('errors.invalid_discovery_url', "The discovery URL is not valid" ))
|
|
|
|
|
end
|
|
|
|
|
end
|
2012-11-28 05:37:32 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def find_courses(string)
|
|
|
|
|
self.all_courses.select{|c| c.name.match(string) }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def find_users(string)
|
|
|
|
|
self.pseudonyms.map{|p| p.user }.select{|u| u.name.match(string) }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.site_admin
|
2012-02-07 02:36:46 +08:00
|
|
|
get_special_account(:site_admin, 'Site Admin')
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.default
|
2012-02-07 02:36:46 +08:00
|
|
|
get_special_account(:default, 'Default Account')
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.clear_special_account_cache!
|
|
|
|
|
@special_accounts = {}
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
2012-09-05 05:45:14 +08:00
|
|
|
# an opportunity for plugins to load some other stuff up before caching the account
|
|
|
|
|
def precache
|
|
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
|
2012-09-05 05:45:14 +08:00
|
|
|
def self.find_cached(id)
|
2013-10-05 04:25:07 +08:00
|
|
|
account = Rails.cache.fetch(account_lookup_cache_key(id)) do
|
2012-09-05 05:45:14 +08:00
|
|
|
account = Account.find_by_id(id)
|
|
|
|
|
account.precache if account
|
|
|
|
|
account || :nil
|
2012-02-07 02:36:46 +08:00
|
|
|
end
|
2012-09-05 05:45:14 +08:00
|
|
|
account = nil if account == :nil
|
|
|
|
|
account
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.get_special_account(special_account_type, default_account_name)
|
2013-04-19 02:34:50 +08:00
|
|
|
Shard.birth.activate do
|
2012-09-05 05:45:14 +08:00
|
|
|
@special_account_ids ||= {}
|
|
|
|
|
@special_accounts ||= {}
|
|
|
|
|
|
|
|
|
|
account = @special_accounts[special_account_type]
|
|
|
|
|
unless account
|
|
|
|
|
special_account_id = @special_account_ids[special_account_type] ||= Setting.get("#{special_account_type}_account_id", nil)
|
|
|
|
|
account = @special_accounts[special_account_type] = Account.find_cached(special_account_id) if special_account_id
|
2012-04-06 03:03:22 +08:00
|
|
|
end
|
2012-09-05 05:45:14 +08:00
|
|
|
# another process (i.e. selenium spec) may have changed the setting
|
|
|
|
|
unless account
|
|
|
|
|
special_account_id = Setting.get("#{special_account_type}_account_id", nil)
|
|
|
|
|
if special_account_id && special_account_id != @special_account_ids[special_account_type]
|
|
|
|
|
@special_account_ids[special_account_type] = special_account_id
|
|
|
|
|
account = @special_accounts[special_account_type] = Account.find_by_id(special_account_id)
|
|
|
|
|
end
|
|
|
|
|
end
|
2013-01-11 05:38:17 +08:00
|
|
|
if !account && default_account_name
|
2012-09-05 05:45:14 +08:00
|
|
|
# TODO i18n
|
|
|
|
|
t '#account.default_site_administrator_account_name', 'Site Admin'
|
|
|
|
|
t '#account.default_account_name', 'Default Account'
|
2013-03-15 05:31:31 +08:00
|
|
|
account = @special_accounts[special_account_type] = Account.new(:name => default_account_name)
|
|
|
|
|
account.save!
|
2012-09-05 05:45:14 +08:00
|
|
|
Setting.set("#{special_account_type}_account_id", account.id)
|
|
|
|
|
@special_account_ids[special_account_type] = account.id
|
|
|
|
|
end
|
|
|
|
|
account
|
2012-04-06 03:03:22 +08:00
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
2011-02-11 03:13:02 +08:00
|
|
|
def site_admin?
|
|
|
|
|
self == Account.site_admin
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def display_name
|
|
|
|
|
self.name
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Updates account associations for all the courses and users associated with this account
|
|
|
|
|
def update_account_associations
|
2013-01-26 01:32:08 +08:00
|
|
|
self.shard.activate do
|
|
|
|
|
account_chain_cache = {}
|
2013-06-04 04:52:42 +08:00
|
|
|
all_user_ids = Set.new
|
|
|
|
|
|
|
|
|
|
# make sure to use the non-associated_courses associations
|
|
|
|
|
# to catch courses that didn't ever have an association created
|
|
|
|
|
scopes = if root_account?
|
2013-06-04 05:04:55 +08:00
|
|
|
[all_courses,
|
2013-06-04 04:52:42 +08:00
|
|
|
associated_courses.
|
2013-06-04 05:04:55 +08:00
|
|
|
where("root_account_id<>?", self)]
|
2013-06-04 04:52:42 +08:00
|
|
|
else
|
2013-06-04 05:04:55 +08:00
|
|
|
[courses,
|
2013-06-04 04:52:42 +08:00
|
|
|
associated_courses.
|
2013-06-04 05:04:55 +08:00
|
|
|
where("courses.account_id<>?", self)]
|
2013-06-04 04:52:42 +08:00
|
|
|
end
|
|
|
|
|
# match the "batch" size in Course.update_account_associations
|
|
|
|
|
scopes.each do |scope|
|
2013-06-04 05:04:55 +08:00
|
|
|
scope.select([:id, :account_id]).find_in_batches(:batch_size => 500) do |courses|
|
2013-07-17 00:27:51 +08:00
|
|
|
all_user_ids.merge Course.update_account_associations(courses, :skip_user_account_associations => true, :account_chain_cache => account_chain_cache)
|
2013-06-04 04:52:42 +08:00
|
|
|
end
|
|
|
|
|
end
|
2011-08-18 03:33:10 +08:00
|
|
|
|
2013-01-26 01:32:08 +08:00
|
|
|
# Make sure we have all users with existing account associations.
|
2013-06-04 04:52:42 +08:00
|
|
|
all_user_ids.merge self.user_account_associations.pluck(:user_id)
|
|
|
|
|
if root_account?
|
|
|
|
|
all_user_ids.merge self.pseudonyms.active.pluck(:user_id)
|
|
|
|
|
end
|
2011-08-18 03:33:10 +08:00
|
|
|
|
2013-01-26 01:32:08 +08:00
|
|
|
# Update the users' associations as well
|
2013-06-04 04:52:42 +08:00
|
|
|
User.update_account_associations(all_user_ids.to_a, :account_chain_cache => account_chain_cache)
|
2013-01-26 01:32:08 +08:00
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# this will take an account and make it a sub_account of
|
|
|
|
|
# itself. Also updates all it's descendant accounts to point to
|
|
|
|
|
# the correct root account, and updates the pseudonyms to
|
|
|
|
|
# points to the new root account as well.
|
|
|
|
|
def consume_account(account)
|
|
|
|
|
account.all_accounts.each do |sub_account|
|
2011-12-28 05:57:56 +08:00
|
|
|
sub_account.root_account = self.root_account
|
2011-02-01 09:57:29 +08:00
|
|
|
sub_account.save!
|
|
|
|
|
end
|
|
|
|
|
account.parent_account = self
|
2011-12-28 05:57:56 +08:00
|
|
|
account.root_account = self.root_account
|
2011-02-01 09:57:29 +08:00
|
|
|
account.save!
|
|
|
|
|
account.pseudonyms.each do |pseudonym|
|
2011-12-28 05:57:56 +08:00
|
|
|
pseudonym.account = self.root_account
|
2011-02-01 09:57:29 +08:00
|
|
|
pseudonym.save!
|
|
|
|
|
end
|
|
|
|
|
end
|
2011-12-28 05:38:15 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def course_count
|
2011-08-27 04:01:23 +08:00
|
|
|
self.child_courses.not_deleted.count('DISTINCT course_id')
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
memoize :course_count
|
|
|
|
|
|
|
|
|
|
def sub_account_count
|
|
|
|
|
self.sub_accounts.active.count
|
|
|
|
|
end
|
|
|
|
|
memoize :sub_account_count
|
2011-08-30 02:25:20 +08:00
|
|
|
|
|
|
|
|
def user_count
|
|
|
|
|
self.user_account_associations.count
|
|
|
|
|
end
|
|
|
|
|
memoize :user_count
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def current_sis_batch
|
2011-04-27 11:55:24 +08:00
|
|
|
if (current_sis_batch_id = self.read_attribute(:current_sis_batch_id)) && current_sis_batch_id.present?
|
|
|
|
|
self.sis_batches.find_by_id(current_sis_batch_id)
|
|
|
|
|
end
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def turnitin_settings
|
2013-01-05 07:11:25 +08:00
|
|
|
if self.turnitin_account_id.present? && self.turnitin_shared_secret.present?
|
2013-07-03 02:37:29 +08:00
|
|
|
[self.turnitin_account_id, self.turnitin_shared_secret, self.turnitin_host]
|
2011-02-01 09:57:29 +08:00
|
|
|
else
|
2013-07-03 02:37:29 +08:00
|
|
|
self.parent_account.try(:turnitin_settings)
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def closest_turnitin_pledge
|
|
|
|
|
if self.turnitin_pledge && !self.turnitin_pledge.empty?
|
|
|
|
|
self.turnitin_pledge
|
|
|
|
|
else
|
2013-01-09 04:00:14 +08:00
|
|
|
res = self.parent_account.try(:closest_turnitin_pledge)
|
2011-06-16 04:39:32 +08:00
|
|
|
res ||= t('#account.turnitin_pledge', "This assignment submission is my own, original work")
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def closest_turnitin_comments
|
|
|
|
|
if self.turnitin_comments && !self.turnitin_comments.empty?
|
|
|
|
|
self.turnitin_comments
|
|
|
|
|
else
|
2013-07-03 02:37:29 +08:00
|
|
|
self.parent_account.try(:closest_turnitin_comments)
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2011-03-27 11:38:54 +08:00
|
|
|
def self_enrollment_allowed?(course)
|
|
|
|
|
if !settings[:self_enrollment].blank?
|
|
|
|
|
!!(settings[:self_enrollment] == 'any' || (!course.sis_source_id && settings[:self_enrollment] == 'manually_created'))
|
|
|
|
|
else
|
|
|
|
|
!!(parent_account && parent_account.self_enrollment_allowed?(course))
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
TAB_COURSES = 0
|
|
|
|
|
TAB_STATISTICS = 1
|
|
|
|
|
TAB_PERMISSIONS = 2
|
|
|
|
|
TAB_SUB_ACCOUNTS = 3
|
|
|
|
|
TAB_TERMS = 4
|
|
|
|
|
TAB_AUTHENTICATION = 5
|
|
|
|
|
TAB_USERS = 6
|
|
|
|
|
TAB_OUTCOMES = 7
|
|
|
|
|
TAB_RUBRICS = 8
|
|
|
|
|
TAB_SETTINGS = 9
|
|
|
|
|
TAB_FACULTY_JOURNAL = 10
|
|
|
|
|
TAB_SIS_IMPORT = 11
|
2011-04-09 06:45:38 +08:00
|
|
|
TAB_GRADING_STANDARDS = 12
|
2011-08-31 07:24:15 +08:00
|
|
|
TAB_QUESTION_BANKS = 13
|
2012-01-21 05:56:07 +08:00
|
|
|
# site admin tabs
|
|
|
|
|
TAB_PLUGINS = 14
|
|
|
|
|
TAB_JOBS = 15
|
2012-05-17 13:52:32 +08:00
|
|
|
TAB_DEVELOPER_KEYS = 16
|
2013-03-05 01:20:41 +08:00
|
|
|
TAB_ADMIN_TOOLS = 17
|
2011-07-26 00:12:55 +08:00
|
|
|
|
basic lti navigation links
By properly configuring external tools (see
/spec/models/course_spec/rb:898 for examples) they can
be added as left-side navigation links to a course,
an account, or to the user profile section of Canvas.
testing notes:
- you have to manually set options on the external tool:
- for user navigation the tool needs to be created on the root account
with the following settings:
{:user_navigation => {:url => <url>, :text => <tab label>} }
(there are also some optional language options you can set using
the :labels attribute)
- for account navigation it's the same
- for course navigation it's the same, except with :course_navigation
there's also some additional options:
:visibility => <value> // public, members, admins
:default => <value> // disabled, enabled
test plan:
- configure a user navigation tool at the root account level,
make sure it shows up in the user's profile section
- configure a course navigation tool at the account level,
make sure it shows up in the course's navigation
- configure a course navigation tool at the course level,
make sure it shows up in the course's navigation
- make sure :default => 'disabled' course navigation tools don't
appear by default in the navigation, but can be enabled on
the course settings page
- make sure :visibility => 'members' only shows up for course members
- make sure :visibility => 'admins' only shows up for course admins
- configure an account navigation tool at the account level,
make sure it shows up in the account's navigation, and
any sub-account's navigation
Change-Id: I977da3c6b89a9e32b4cff4c2b6b221f8162782ff
Reviewed-on: https://gerrit.instructure.com/5427
Reviewed-by: Brian Whitmer <brian@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
2011-08-18 13:49:01 +08:00
|
|
|
def external_tool_tabs(opts)
|
2012-01-18 13:32:57 +08:00
|
|
|
tools = ContextExternalTool.active.find_all_for(self, :account_navigation)
|
basic lti navigation links
By properly configuring external tools (see
/spec/models/course_spec/rb:898 for examples) they can
be added as left-side navigation links to a course,
an account, or to the user profile section of Canvas.
testing notes:
- you have to manually set options on the external tool:
- for user navigation the tool needs to be created on the root account
with the following settings:
{:user_navigation => {:url => <url>, :text => <tab label>} }
(there are also some optional language options you can set using
the :labels attribute)
- for account navigation it's the same
- for course navigation it's the same, except with :course_navigation
there's also some additional options:
:visibility => <value> // public, members, admins
:default => <value> // disabled, enabled
test plan:
- configure a user navigation tool at the root account level,
make sure it shows up in the user's profile section
- configure a course navigation tool at the account level,
make sure it shows up in the course's navigation
- configure a course navigation tool at the course level,
make sure it shows up in the course's navigation
- make sure :default => 'disabled' course navigation tools don't
appear by default in the navigation, but can be enabled on
the course settings page
- make sure :visibility => 'members' only shows up for course members
- make sure :visibility => 'admins' only shows up for course admins
- configure an account navigation tool at the account level,
make sure it shows up in the account's navigation, and
any sub-account's navigation
Change-Id: I977da3c6b89a9e32b4cff4c2b6b221f8162782ff
Reviewed-on: https://gerrit.instructure.com/5427
Reviewed-by: Brian Whitmer <brian@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
2011-08-18 13:49:01 +08:00
|
|
|
tools.sort_by(&:id).map do |tool|
|
|
|
|
|
{
|
|
|
|
|
:id => tool.asset_string,
|
|
|
|
|
:label => tool.label_for(:account_navigation, opts[:language]),
|
|
|
|
|
:css_class => tool.asset_string,
|
|
|
|
|
:href => :account_external_tool_path,
|
|
|
|
|
:external => true,
|
|
|
|
|
:args => [self.id, tool.id]
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def tabs_available(user=nil, opts={})
|
fix up account level permissions fixes #4478
So, we have several account level permissions, we just weren't
respecting them. Most notably is :manage_account_settings instead
of :manage, the generic permission.
Account users get all the generic permissions (:create, :read,
:update, :delete, :manage) because there are still lots of course
level things that check those permissions. We still want to keep
those intact until we fix all those other checks, so for account
level things we need to use specific permissions as much as possible.
Things that are either odd or not correctly checked (due to having
to work with courses as a context with the generic permission):
* Listing and searching Courses, and viewing Statistics, is
available to any account admin, because there aren't specific
permissions for them
* Rubrics are not linked to without :manage_outcomes, but are
accesible via direct URI
* External tools is available to any account admin
* Account reports uses the :read_reports permission, which is
described in the UI as "View usage reports for the course"
Change-Id: Ia0f9409659dfc421f1199f7c8ab93b43edcde511
Reviewed-on: https://gerrit.instructure.com/3735
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
2011-05-20 05:29:51 +08:00
|
|
|
manage_settings = user && self.grants_right?(user, nil, :manage_account_settings)
|
2011-02-11 03:13:02 +08:00
|
|
|
if site_admin?
|
2011-08-12 04:50:02 +08:00
|
|
|
tabs = []
|
2012-04-11 03:59:09 +08:00
|
|
|
tabs << { :id => TAB_USERS, :label => t('#account.tab_users', "Users"), :css_class => 'users', :href => :account_users_path } if user && self.grants_right?(user, nil, :read_roster)
|
2011-08-31 05:01:31 +08:00
|
|
|
tabs << { :id => TAB_PERMISSIONS, :label => t('#account.tab_permissions', "Permissions"), :css_class => 'permissions', :href => :account_permissions_path } if user && self.grants_right?(user, nil, :manage_role_overrides)
|
2013-01-16 01:05:31 +08:00
|
|
|
tabs << { :id => TAB_SUB_ACCOUNTS, :label => t('#account.tab_sub_accounts', "Sub-Accounts"), :css_class => 'sub_accounts', :href => :account_sub_accounts_path } if manage_settings
|
2011-12-14 02:58:11 +08:00
|
|
|
tabs << { :id => TAB_AUTHENTICATION, :label => t('#account.tab_authentication', "Authentication"), :css_class => 'authentication', :href => :account_account_authorization_configs_path } if manage_settings
|
2012-01-21 05:56:07 +08:00
|
|
|
tabs << { :id => TAB_PLUGINS, :label => t("#account.tab_plugins", "Plugins"), :css_class => "plugins", :href => :plugins_path, :no_args => true } if self.grants_right?(user, nil, :manage_site_settings)
|
2013-01-03 04:13:33 +08:00
|
|
|
tabs << { :id => TAB_JOBS, :label => t("#account.tab_jobs", "Jobs"), :css_class => "jobs", :href => :jobs_path, :no_args => true } if self.grants_right?(user, nil, :view_jobs)
|
2012-12-04 05:47:34 +08:00
|
|
|
tabs << { :id => TAB_DEVELOPER_KEYS, :label => t("#account.tab_developer_keys", "Developer Keys"), :css_class => "developer_keys", :href => :developer_keys_path, :no_args => true } if self.grants_right?(user, nil, :manage_developer_keys)
|
2011-02-11 03:13:02 +08:00
|
|
|
else
|
2011-08-12 04:50:02 +08:00
|
|
|
tabs = []
|
|
|
|
|
tabs << { :id => TAB_COURSES, :label => t('#account.tab_courses', "Courses"), :css_class => 'courses', :href => :account_path } if user && self.grants_right?(user, nil, :read_course_list)
|
2011-08-06 05:14:21 +08:00
|
|
|
tabs << { :id => TAB_USERS, :label => t('#account.tab_users', "Users"), :css_class => 'users', :href => :account_users_path } if user && self.grants_right?(user, nil, :read_roster)
|
2011-08-12 04:50:02 +08:00
|
|
|
tabs << { :id => TAB_STATISTICS, :label => t('#account.tab_statistics', "Statistics"), :css_class => 'statistics', :href => :statistics_account_path } if user && self.grants_right?(user, nil, :view_statistics)
|
2011-08-31 05:01:31 +08:00
|
|
|
tabs << { :id => TAB_PERMISSIONS, :label => t('#account.tab_permissions', "Permissions"), :css_class => 'permissions', :href => :account_permissions_path } if user && self.grants_right?(user, nil, :manage_role_overrides)
|
fix up account level permissions fixes #4478
So, we have several account level permissions, we just weren't
respecting them. Most notably is :manage_account_settings instead
of :manage, the generic permission.
Account users get all the generic permissions (:create, :read,
:update, :delete, :manage) because there are still lots of course
level things that check those permissions. We still want to keep
those intact until we fix all those other checks, so for account
level things we need to use specific permissions as much as possible.
Things that are either odd or not correctly checked (due to having
to work with courses as a context with the generic permission):
* Listing and searching Courses, and viewing Statistics, is
available to any account admin, because there aren't specific
permissions for them
* Rubrics are not linked to without :manage_outcomes, but are
accesible via direct URI
* External tools is available to any account admin
* Account reports uses the :read_reports permission, which is
described in the UI as "View usage reports for the course"
Change-Id: Ia0f9409659dfc421f1199f7c8ab93b43edcde511
Reviewed-on: https://gerrit.instructure.com/3735
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
2011-05-20 05:29:51 +08:00
|
|
|
if user && self.grants_right?(user, nil, :manage_outcomes)
|
2011-08-06 05:14:21 +08:00
|
|
|
tabs << { :id => TAB_OUTCOMES, :label => t('#account.tab_outcomes', "Outcomes"), :css_class => 'outcomes', :href => :account_outcomes_path }
|
|
|
|
|
tabs << { :id => TAB_RUBRICS, :label => t('#account.tab_rubrics', "Rubrics"), :css_class => 'rubrics', :href => :account_rubrics_path }
|
fix up account level permissions fixes #4478
So, we have several account level permissions, we just weren't
respecting them. Most notably is :manage_account_settings instead
of :manage, the generic permission.
Account users get all the generic permissions (:create, :read,
:update, :delete, :manage) because there are still lots of course
level things that check those permissions. We still want to keep
those intact until we fix all those other checks, so for account
level things we need to use specific permissions as much as possible.
Things that are either odd or not correctly checked (due to having
to work with courses as a context with the generic permission):
* Listing and searching Courses, and viewing Statistics, is
available to any account admin, because there aren't specific
permissions for them
* Rubrics are not linked to without :manage_outcomes, but are
accesible via direct URI
* External tools is available to any account admin
* Account reports uses the :read_reports permission, which is
described in the UI as "View usage reports for the course"
Change-Id: Ia0f9409659dfc421f1199f7c8ab93b43edcde511
Reviewed-on: https://gerrit.instructure.com/3735
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
2011-05-20 05:29:51 +08:00
|
|
|
end
|
2011-08-06 05:14:21 +08:00
|
|
|
tabs << { :id => TAB_GRADING_STANDARDS, :label => t('#account.tab_grading_standards', "Grading Schemes"), :css_class => 'grading_standards', :href => :account_grading_standards_path } if user && self.grants_right?(user, nil, :manage_grades)
|
2011-08-31 07:24:15 +08:00
|
|
|
tabs << { :id => TAB_QUESTION_BANKS, :label => t('#account.tab_question_banks', "Question Banks"), :css_class => 'question_banks', :href => :account_question_banks_path } if user && self.grants_right?(user, nil, :manage_grades)
|
2011-08-06 05:14:21 +08:00
|
|
|
tabs << { :id => TAB_SUB_ACCOUNTS, :label => t('#account.tab_sub_accounts', "Sub-Accounts"), :css_class => 'sub_accounts', :href => :account_sub_accounts_path } if manage_settings
|
2011-08-12 04:50:02 +08:00
|
|
|
tabs << { :id => TAB_FACULTY_JOURNAL, :label => t('#account.tab_faculty_journal', "Faculty Journal"), :css_class => 'faculty_journal', :href => :account_user_notes_path} if self.enable_user_notes && user && self.grants_right?(user, nil, :manage_user_notes)
|
2011-12-14 02:58:11 +08:00
|
|
|
tabs << { :id => TAB_TERMS, :label => t('#account.tab_terms', "Terms"), :css_class => 'terms', :href => :account_terms_path } if self.root_account? && manage_settings
|
|
|
|
|
tabs << { :id => TAB_AUTHENTICATION, :label => t('#account.tab_authentication', "Authentication"), :css_class => 'authentication', :href => :account_account_authorization_configs_path } if self.root_account? && manage_settings
|
2011-08-06 05:14:21 +08:00
|
|
|
tabs << { :id => TAB_SIS_IMPORT, :label => t('#account.tab_sis_import', "SIS Import"), :css_class => 'sis_import', :href => :account_sis_import_path } if self.root_account? && self.allow_sis_import && user && self.grants_right?(user, nil, :manage_sis)
|
|
|
|
|
end
|
basic lti navigation links
By properly configuring external tools (see
/spec/models/course_spec/rb:898 for examples) they can
be added as left-side navigation links to a course,
an account, or to the user profile section of Canvas.
testing notes:
- you have to manually set options on the external tool:
- for user navigation the tool needs to be created on the root account
with the following settings:
{:user_navigation => {:url => <url>, :text => <tab label>} }
(there are also some optional language options you can set using
the :labels attribute)
- for account navigation it's the same
- for course navigation it's the same, except with :course_navigation
there's also some additional options:
:visibility => <value> // public, members, admins
:default => <value> // disabled, enabled
test plan:
- configure a user navigation tool at the root account level,
make sure it shows up in the user's profile section
- configure a course navigation tool at the account level,
make sure it shows up in the course's navigation
- configure a course navigation tool at the course level,
make sure it shows up in the course's navigation
- make sure :default => 'disabled' course navigation tools don't
appear by default in the navigation, but can be enabled on
the course settings page
- make sure :visibility => 'members' only shows up for course members
- make sure :visibility => 'admins' only shows up for course admins
- configure an account navigation tool at the account level,
make sure it shows up in the account's navigation, and
any sub-account's navigation
Change-Id: I977da3c6b89a9e32b4cff4c2b6b221f8162782ff
Reviewed-on: https://gerrit.instructure.com/5427
Reviewed-by: Brian Whitmer <brian@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
2011-08-18 13:49:01 +08:00
|
|
|
tabs += external_tool_tabs(opts)
|
2013-03-05 01:20:41 +08:00
|
|
|
tabs << { :id => TAB_ADMIN_TOOLS, :label => t('#account.tab_admin_tools', "Admin Tools"), :css_class => 'admin_tools', :href => :account_admin_tools_path } if can_see_admin_tools_tab?(user)
|
2011-08-06 05:14:21 +08:00
|
|
|
tabs << { :id => TAB_SETTINGS, :label => t('#account.tab_settings', "Settings"), :css_class => 'settings', :href => :account_settings_path }
|
2011-02-01 09:57:29 +08:00
|
|
|
tabs
|
|
|
|
|
end
|
|
|
|
|
|
2013-03-05 01:20:41 +08:00
|
|
|
def can_see_admin_tools_tab?(user)
|
|
|
|
|
return false if !user || site_admin?
|
|
|
|
|
admin_tool_permissions = RoleOverride.manageable_permissions(self).find_all{|p| p[1][:admin_tool]}
|
|
|
|
|
admin_tool_permissions.any? do |p|
|
|
|
|
|
self.grants_right?(user, nil, p.first)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def is_a_context?
|
|
|
|
|
true
|
|
|
|
|
end
|
|
|
|
|
|
2011-11-11 10:43:36 +08:00
|
|
|
def help_links
|
2012-12-28 06:32:08 +08:00
|
|
|
Canvas::Help.default_links + (settings[:custom_help_links] || [])
|
2011-08-27 14:18:36 +08:00
|
|
|
end
|
2012-06-14 09:59:02 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def self.allowable_services
|
|
|
|
|
{
|
|
|
|
|
:google_docs => {
|
|
|
|
|
:name => "Google Docs",
|
2011-03-09 03:12:38 +08:00
|
|
|
:description => "",
|
2012-06-14 09:59:02 +08:00
|
|
|
:expose_to_ui => (GoogleDocs.config ? :service : false)
|
2011-03-09 03:12:38 +08:00
|
|
|
},
|
|
|
|
|
:google_docs_previews => {
|
|
|
|
|
:name => "Google Docs Previews",
|
|
|
|
|
:description => "",
|
2012-06-14 09:59:02 +08:00
|
|
|
:expose_to_ui => :service
|
2011-02-01 09:57:29 +08:00
|
|
|
},
|
|
|
|
|
:facebook => {
|
|
|
|
|
:name => "Facebook",
|
2011-03-09 03:12:38 +08:00
|
|
|
:description => "",
|
2012-06-14 09:59:02 +08:00
|
|
|
:expose_to_ui => (Facebook.config ? :service : false)
|
2011-02-01 09:57:29 +08:00
|
|
|
},
|
|
|
|
|
:skype => {
|
|
|
|
|
:name => "Skype",
|
2011-03-09 03:12:38 +08:00
|
|
|
:description => "",
|
2012-06-14 09:59:02 +08:00
|
|
|
:expose_to_ui => :service
|
2011-02-01 09:57:29 +08:00
|
|
|
},
|
|
|
|
|
:linked_in => {
|
|
|
|
|
:name => "LinkedIn",
|
2011-03-09 03:12:38 +08:00
|
|
|
:description => "",
|
2012-06-14 09:59:02 +08:00
|
|
|
:expose_to_ui => (LinkedIn.config ? :service : false)
|
2011-02-01 09:57:29 +08:00
|
|
|
},
|
|
|
|
|
:twitter => {
|
|
|
|
|
:name => "Twitter",
|
2011-03-09 03:12:38 +08:00
|
|
|
:description => "",
|
2012-06-14 09:59:02 +08:00
|
|
|
:expose_to_ui => (Twitter.config ? :service : false)
|
2011-02-01 09:57:29 +08:00
|
|
|
},
|
|
|
|
|
:delicious => {
|
|
|
|
|
:name => "Delicious",
|
2011-03-09 03:12:38 +08:00
|
|
|
:description => "",
|
2012-06-14 09:59:02 +08:00
|
|
|
:expose_to_ui => :service
|
2011-02-01 09:57:29 +08:00
|
|
|
},
|
|
|
|
|
:diigo => {
|
|
|
|
|
:name => "Diigo",
|
2011-03-09 03:12:38 +08:00
|
|
|
:description => "",
|
2012-06-14 09:59:02 +08:00
|
|
|
:expose_to_ui => :service
|
2011-02-01 09:57:29 +08:00
|
|
|
},
|
2011-09-24 14:26:16 +08:00
|
|
|
# TODO: move avatars to :settings hash, it makes more sense there
|
2012-06-14 09:59:02 +08:00
|
|
|
# In the meantime, we leave it as a service but expose it in the
|
|
|
|
|
# "Features" (settings) portion of the account admin UI
|
2011-02-01 09:57:29 +08:00
|
|
|
:avatars => {
|
|
|
|
|
:name => "User Avatars",
|
|
|
|
|
:description => "",
|
2011-09-24 14:26:16 +08:00
|
|
|
:default => false,
|
2012-06-14 09:59:02 +08:00
|
|
|
:expose_to_ui => :setting
|
2013-06-13 06:42:36 +08:00
|
|
|
},
|
|
|
|
|
:account_survey_notifications => {
|
|
|
|
|
:name => "Account Surveys",
|
|
|
|
|
:description => "",
|
|
|
|
|
:default => false,
|
|
|
|
|
:expose_to_ui => :setting,
|
|
|
|
|
:expose_to_ui_proc => proc { |user, account| user && account && account.grants_right?(user, :manage_site_settings) },
|
|
|
|
|
},
|
2012-06-14 09:59:02 +08:00
|
|
|
}.merge(@plugin_services || {}).freeze
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|
2012-06-14 09:59:02 +08:00
|
|
|
|
|
|
|
|
def self.register_service(service_name, info_hash)
|
|
|
|
|
@plugin_services ||= {}
|
|
|
|
|
@plugin_services[service_name.to_sym] = info_hash.freeze
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def self.default_allowable_services
|
|
|
|
|
self.allowable_services.reject {|s, info| info[:default] == false }
|
|
|
|
|
end
|
|
|
|
|
|
2011-03-09 03:12:38 +08:00
|
|
|
def set_service_availability(service, enable)
|
|
|
|
|
service = service.to_sym
|
|
|
|
|
raise "Invalid Service" unless Account.allowable_services[service]
|
|
|
|
|
allowed_service_names = (self.allowed_services || "").split(",").compact
|
|
|
|
|
if allowed_service_names.count > 0 and not [ '+', '-' ].member?(allowed_service_names[0][0,1])
|
|
|
|
|
# This account has a hard-coded list of services, so handle accordingly
|
2011-09-09 01:12:25 +08:00
|
|
|
allowed_service_names.reject! { |flag| flag.match("^[+-]?#{service}$") }
|
2011-03-09 03:12:38 +08:00
|
|
|
allowed_service_names << service if enable
|
|
|
|
|
else
|
2011-09-09 01:12:25 +08:00
|
|
|
allowed_service_names.reject! { |flag| flag.match("^[+-]?#{service}$") }
|
2011-03-09 03:12:38 +08:00
|
|
|
if enable
|
|
|
|
|
# only enable if it is not enabled by default
|
|
|
|
|
allowed_service_names << "+#{service}" unless Account.default_allowable_services[service]
|
|
|
|
|
else
|
|
|
|
|
# only disable if it is not enabled by default
|
|
|
|
|
allowed_service_names << "-#{service}" if Account.default_allowable_services[service]
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
@allowed_services_hash = nil
|
|
|
|
|
self.allowed_services = allowed_service_names.empty? ? nil : allowed_service_names.join(",")
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def enable_service(service)
|
|
|
|
|
set_service_availability(service, true)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def disable_service(service)
|
|
|
|
|
set_service_availability(service, false)
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def allowed_services_hash
|
|
|
|
|
return @allowed_services_hash if @allowed_services_hash
|
|
|
|
|
account_allowed_services = Account.default_allowable_services
|
|
|
|
|
if self.allowed_services
|
|
|
|
|
allowed_service_names = self.allowed_services.split(",").compact
|
|
|
|
|
|
|
|
|
|
if allowed_service_names.count > 0
|
|
|
|
|
unless [ '+', '-' ].member?(allowed_service_names[0][0,1])
|
|
|
|
|
# This account has a hard-coded list of services, so we clear out the defaults
|
|
|
|
|
account_allowed_services = { }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
allowed_service_names.each do |service_switch|
|
|
|
|
|
if service_switch =~ /\A([+-]?)(.*)\z/
|
|
|
|
|
flag = $1
|
|
|
|
|
service_name = $2.to_sym
|
|
|
|
|
|
|
|
|
|
if flag == '-'
|
|
|
|
|
account_allowed_services.delete(service_name)
|
|
|
|
|
else
|
|
|
|
|
account_allowed_services[service_name] = Account.allowable_services[service_name]
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
@allowed_services_hash = account_allowed_services
|
|
|
|
|
end
|
2012-06-14 09:59:02 +08:00
|
|
|
|
|
|
|
|
# if expose_as is nil, all services exposed in the ui are returned
|
|
|
|
|
# if it's :service or :setting, then only services set to be exposed as that type are returned
|
2013-06-13 06:42:36 +08:00
|
|
|
def self.services_exposed_to_ui_hash(expose_as = nil, current_user = nil, account = nil)
|
2012-06-14 09:59:02 +08:00
|
|
|
if expose_as
|
|
|
|
|
self.allowable_services.reject { |key, setting| setting[:expose_to_ui] != expose_as }
|
|
|
|
|
else
|
|
|
|
|
self.allowable_services.reject { |key, setting| !setting[:expose_to_ui] }
|
2013-06-13 06:42:36 +08:00
|
|
|
end.reject { |key, setting| setting[:expose_to_ui_proc] && !setting[:expose_to_ui_proc].call(current_user, account) }
|
2011-03-09 03:12:38 +08:00
|
|
|
end
|
2013-06-07 00:31:23 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def service_enabled?(service)
|
|
|
|
|
service = service.to_sym
|
|
|
|
|
case service
|
|
|
|
|
when :none
|
|
|
|
|
self.allowed_services_hash.empty?
|
|
|
|
|
else
|
|
|
|
|
self.allowed_services_hash.has_key?(service)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2011-04-09 06:45:38 +08:00
|
|
|
def self.all_accounts_for(context)
|
|
|
|
|
if context.respond_to?(:account)
|
|
|
|
|
context.account.account_chain
|
|
|
|
|
elsif context.respond_to?(:parent_account)
|
|
|
|
|
context.account_chain
|
|
|
|
|
else
|
|
|
|
|
[]
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
def self.serialization_excludes; [:uuid]; end
|
|
|
|
|
|
|
|
|
|
# This could be much faster if we implement a SQL tree for the account tree
|
|
|
|
|
# structure.
|
|
|
|
|
def find_child(child_id)
|
|
|
|
|
child_id = child_id.to_i
|
|
|
|
|
child_ids = self.class.connection.select_values("SELECT id FROM accounts WHERE parent_account_id = #{self.id}").map(&:to_i)
|
|
|
|
|
until child_ids.empty?
|
|
|
|
|
if child_ids.include?(child_id)
|
|
|
|
|
return self.class.find(child_id)
|
|
|
|
|
end
|
|
|
|
|
child_ids = self.class.connection.select_values("SELECT id FROM accounts WHERE parent_account_id IN (#{child_ids.join(",")})").map(&:to_i)
|
|
|
|
|
end
|
|
|
|
|
return false
|
|
|
|
|
end
|
|
|
|
|
|
2011-08-10 06:09:17 +08:00
|
|
|
def manually_created_courses_account
|
2012-09-05 07:00:13 +08:00
|
|
|
return self.root_account.manually_created_courses_account unless self.root_account?
|
|
|
|
|
display_name = t('#account.manually_created_courses', "Manually-Created Courses")
|
|
|
|
|
acct = manually_created_courses_account_from_settings
|
|
|
|
|
if acct.blank?
|
|
|
|
|
transaction do
|
|
|
|
|
lock!
|
|
|
|
|
acct = manually_created_courses_account_from_settings
|
|
|
|
|
acct ||= self.sub_accounts.find_by_name(display_name) # for backwards compatibility
|
|
|
|
|
acct ||= self.sub_accounts.create!(:name => display_name)
|
|
|
|
|
if acct.id != self.settings[:manually_created_courses_account_id]
|
|
|
|
|
self.settings[:manually_created_courses_account_id] = acct.id
|
|
|
|
|
self.save!
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
acct
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def manually_created_courses_account_from_settings
|
|
|
|
|
acct_id = self.settings[:manually_created_courses_account_id]
|
|
|
|
|
acct = self.sub_accounts.find_by_id(acct_id) if acct_id.present?
|
|
|
|
|
acct = nil if acct.present? && acct.root_account_id != self.id
|
|
|
|
|
acct
|
2011-08-10 06:09:17 +08:00
|
|
|
end
|
2012-09-05 07:00:13 +08:00
|
|
|
private :manually_created_courses_account_from_settings
|
2011-08-10 06:09:17 +08:00
|
|
|
|
2012-02-17 01:45:42 +08:00
|
|
|
def trusted_account_ids
|
|
|
|
|
return [] if !root_account? || self == Account.site_admin
|
|
|
|
|
[ Account.site_admin.id ]
|
|
|
|
|
end
|
|
|
|
|
|
introduce preferred user list search mode
closes #7059, #7411
preferred is a compromise between open registration and closed
registration. if a single user is found, that user is found without
introducing any temporary user to allow user disambiguation. if no
users are found, or multiple users are found, it's the same behavior
as open registration.
as part of this, the "only search existing users" checkbox has been
removed. instead, preferred searching will be used in the following
cases:
* adding an admin, and open registration is enabled
* adding an admin, open registration is disabled, and the user
has permission to create new users
* adding a user to a course, open registration is enabled, and
delegated authentication is in use
* adding a user to a course, open registration is disabled, and
the user has permission to create new users
the notable case that preferred searching is not used, and the
user would want to use search existing users is open registration
enabled, and adding a user to a course. in this case, a temporary
user will be created instead of sending the invitation to the
existing user. however, the end user experience is identical
(invitation sent to e-mail, invitation visible in the same locations
in the UI), with the small exception that the end user gets the
opportunity to create a separate account if desired (but not
preferred).
test plan:
* go through each of the cases above for a user that doesn't exist
yet, a single matching user exists, or multiple users exist.
it should behave as described above
Change-Id: Idbc7fe23bfc7430b4cd25f7981f5dc08b9e4ffda
Reviewed-on: https://gerrit.instructure.com/8966
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-02-24 06:24:48 +08:00
|
|
|
def user_list_search_mode_for(user)
|
|
|
|
|
return :preferred if self.root_account.open_registration?
|
|
|
|
|
return :preferred if self.root_account.grants_right?(user, :manage_user_logins)
|
|
|
|
|
:closed
|
|
|
|
|
end
|
|
|
|
|
|
2013-03-21 03:38:19 +08:00
|
|
|
scope :root_accounts, where(:root_account_id => nil)
|
|
|
|
|
scope :processing_sis_batch, where("accounts.current_sis_batch_id IS NOT NULL").order(:updated_at)
|
|
|
|
|
scope :name_like, lambda { |name|
|
|
|
|
|
where(wildcard('accounts.name', name))
|
2011-02-01 09:57:29 +08:00
|
|
|
}
|
2013-03-21 03:38:19 +08:00
|
|
|
scope :active, where("accounts.workflow_state<>'deleted'")
|
2012-06-27 00:45:12 +08:00
|
|
|
|
|
|
|
|
def canvas_network_enabled?
|
|
|
|
|
false
|
|
|
|
|
end
|
2012-08-21 21:57:13 +08:00
|
|
|
|
2013-07-10 00:14:52 +08:00
|
|
|
# Public: Determine if draft state is enabled for this account.
|
|
|
|
|
#
|
|
|
|
|
# Returns a boolean (default: false).
|
|
|
|
|
def draft_state_enabled?
|
|
|
|
|
root_account.settings[:enable_draft]
|
|
|
|
|
end
|
|
|
|
|
|
2012-08-21 21:57:13 +08:00
|
|
|
def import_from_migration(data, params, migration)
|
|
|
|
|
|
|
|
|
|
LearningOutcome.process_migration(data, migration)
|
|
|
|
|
|
|
|
|
|
migration.progress=100
|
|
|
|
|
migration.workflow_state = :imported
|
|
|
|
|
migration.save
|
|
|
|
|
end
|
2013-08-27 05:57:41 +08:00
|
|
|
|
|
|
|
|
def enable_draft!
|
2013-09-14 02:02:36 +08:00
|
|
|
change_root_account_setting!(:enable_draft, true)
|
2013-08-27 05:57:41 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def disable_draft!
|
2013-09-14 02:02:36 +08:00
|
|
|
change_root_account_setting!(:enable_draft, false)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def enable_quiz_regrade!
|
|
|
|
|
change_root_account_setting!(:enable_quiz_regrade, true)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def disable_quiz_regrade!
|
|
|
|
|
change_root_account_setting!(:enable_quiz_regrade, false)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def change_root_account_setting!(setting_name, new_value)
|
|
|
|
|
root_account.settings[setting_name] = new_value
|
2013-08-27 05:57:41 +08:00
|
|
|
root_account.save!
|
|
|
|
|
end
|
2013-09-14 02:02:36 +08:00
|
|
|
|
2011-02-01 09:57:29 +08:00
|
|
|
end
|