2011-05-13 05:48:18 +08:00
|
|
|
#
|
2014-03-22 02:59:08 +08:00
|
|
|
# Copyright (C) 2011 - 2014 Instructure, Inc.
|
2011-05-13 05:48:18 +08:00
|
|
|
#
|
|
|
|
|
# This file is part of Canvas.
|
|
|
|
|
#
|
|
|
|
|
# Canvas is free software: you can redistribute it and/or modify it under
|
|
|
|
|
# the terms of the GNU Affero General Public License as published by the Free
|
|
|
|
|
# Software Foundation, version 3 of the License.
|
|
|
|
|
#
|
|
|
|
|
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
|
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
|
|
|
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
|
|
|
# details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU Affero General Public License along
|
|
|
|
|
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
#
|
|
|
|
|
|
|
|
|
|
module Api
|
integrate the active_model-better_errors gem
refs CNVS-6040
This gem will help us output json error responses in the API using error
codes, since by itself ActiveRecord::Errors just deals in human-readable
i18n'd strings, and doesn't store detailed machine-readable information
on the error.
BetterErrors is mostly compatible, there's a few differences that mean I
had to change some unrelated code:
* errors[field_name] always returns an array, even if there's only one
error on the field. This is an improvement IMO.
* errors is indexed by symbol, not by string
* iterating over the errors object now yields
|attr, error_object| rather than |attr, string_message|
This includes a backport of the gem to rails 2.3.
On rails 3, we just use the vanilla gem.
The error codes aren't yet documented in the API docs, support for doing
that will come in a subsequent commit.
test plan: specs, plus you can hit the one api endpoint i've converted
so far -- account authorization configs. try to create an invalid
config, such as adding both cas and ldap configs to the same account,
and verify the error response formatting
Change-Id: Iaadd843ca9ff3f52c64e0256d82b64595c5559fb
Reviewed-on: https://gerrit.instructure.com/26178
Reviewed-by: Brian Palmer <brianp@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
2013-11-09 07:56:31 +08:00
|
|
|
include Api::Errors::ControllerMethods
|
|
|
|
|
|
2011-09-13 23:21:00 +08:00
|
|
|
# find id in collection, by either id or sis_*_id
|
|
|
|
|
# if the collection is over the users table, `self` is replaced by @current_user.id
|
2015-09-02 04:14:10 +08:00
|
|
|
def api_find(collection, id, account: nil)
|
|
|
|
|
result = api_find_all(collection, [id], account: account).first
|
|
|
|
|
raise(ActiveRecord::RecordNotFound, "Couldn't find #{collection.name} with API id '#{id}'") unless result
|
|
|
|
|
result
|
2011-11-15 04:29:30 +08:00
|
|
|
end
|
2011-05-13 05:48:18 +08:00
|
|
|
|
2015-09-02 04:14:10 +08:00
|
|
|
def api_find_all(collection, ids, account: nil)
|
2011-11-15 04:29:30 +08:00
|
|
|
if collection.table_name == User.table_name && @current_user
|
|
|
|
|
ids = ids.map{|id| id == 'self' ? @current_user.id : id }
|
2011-09-13 23:21:00 +08:00
|
|
|
end
|
2012-10-20 04:25:17 +08:00
|
|
|
if collection.table_name == Account.table_name
|
|
|
|
|
ids = ids.map do |id|
|
|
|
|
|
case id
|
|
|
|
|
when 'self'
|
|
|
|
|
@domain_root_account.id
|
|
|
|
|
when 'default'
|
|
|
|
|
Account.default.id
|
|
|
|
|
when 'site_admin'
|
|
|
|
|
Account.site_admin.id
|
|
|
|
|
else
|
|
|
|
|
id
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
2014-02-12 07:46:44 +08:00
|
|
|
if collection.table_name == EnrollmentTerm.table_name
|
|
|
|
|
current_term = nil
|
|
|
|
|
ids = ids.map do |id|
|
|
|
|
|
case id
|
|
|
|
|
when 'default'
|
|
|
|
|
@domain_root_account.default_enrollment_term
|
|
|
|
|
when 'current'
|
|
|
|
|
if !current_term
|
2015-08-17 21:25:57 +08:00
|
|
|
current_terms = @domain_root_account
|
|
|
|
|
.enrollment_terms
|
|
|
|
|
.active
|
|
|
|
|
.where("(start_at<=? OR start_at IS NULL) AND (end_at >=? OR end_at IS NULL) AND NOT (start_at IS NULL AND end_at IS NULL)", Time.now.utc, Time.now.utc)
|
|
|
|
|
.limit(2)
|
|
|
|
|
.to_a
|
2014-02-12 07:46:44 +08:00
|
|
|
current_term = current_terms.length == 1 ? current_terms.first : :nil
|
|
|
|
|
end
|
|
|
|
|
current_term == :nil ? nil : current_term
|
|
|
|
|
else
|
|
|
|
|
id
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
2015-09-02 04:14:10 +08:00
|
|
|
Api.sis_relation_for_collection(collection, ids, account || @domain_root_account, @current_user)
|
2011-05-13 05:48:18 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# map a list of ids and/or sis ids to plain ids.
|
2011-10-05 00:31:34 +08:00
|
|
|
# sis ids that can't be found in the db won't appear in the result, however
|
|
|
|
|
# AR object ids aren't verified to exist in the db so they'll still be
|
|
|
|
|
# returned in the result.
|
2014-03-15 05:53:14 +08:00
|
|
|
def self.map_ids(ids, collection, root_account, current_user = nil)
|
2011-11-15 04:29:30 +08:00
|
|
|
sis_mapping = sis_find_sis_mapping_for_collection(collection)
|
2016-03-30 01:58:45 +08:00
|
|
|
columns = sis_parse_ids(ids, sis_mapping[:lookups], current_user,
|
|
|
|
|
root_account: root_account)
|
2011-11-15 04:29:30 +08:00
|
|
|
result = columns.delete(sis_mapping[:lookups]["id"]) || []
|
|
|
|
|
unless columns.empty?
|
2015-09-02 04:14:10 +08:00
|
|
|
relation = relation_for_sis_mapping_and_columns(collection, columns, sis_mapping, root_account)
|
|
|
|
|
# pluck ignores eager_load
|
|
|
|
|
relation = relation.joins(*relation.eager_load_values) if relation.eager_load_values.present?
|
|
|
|
|
result.concat relation.pluck(:id)
|
2011-11-15 04:29:30 +08:00
|
|
|
result.uniq!
|
2011-10-05 00:31:34 +08:00
|
|
|
end
|
|
|
|
|
result
|
2011-05-13 05:48:18 +08:00
|
|
|
end
|
|
|
|
|
|
2011-11-10 00:50:16 +08:00
|
|
|
SIS_MAPPINGS = {
|
2011-10-26 23:06:14 +08:00
|
|
|
'courses' =>
|
2015-09-02 04:14:10 +08:00
|
|
|
{ :lookups => { 'sis_course_id' => 'sis_source_id',
|
|
|
|
|
'id' => 'id',
|
|
|
|
|
'sis_integration_id' => 'integration_id',
|
|
|
|
|
'lti_context_id' => 'lti_context_id' }.freeze,
|
|
|
|
|
:is_not_scoped_to_account => ['id'].freeze,
|
|
|
|
|
:scope => 'root_account_id' }.freeze,
|
2011-10-26 23:06:14 +08:00
|
|
|
'enrollment_terms' =>
|
2015-09-02 04:14:10 +08:00
|
|
|
{ :lookups => { 'sis_term_id' => 'sis_source_id',
|
|
|
|
|
'id' => 'id',
|
|
|
|
|
'sis_integration_id' => 'integration_id' }.freeze,
|
|
|
|
|
:is_not_scoped_to_account => ['id'].freeze,
|
|
|
|
|
:scope => 'root_account_id' }.freeze,
|
2011-10-26 23:06:14 +08:00
|
|
|
'users' =>
|
2015-09-02 04:14:10 +08:00
|
|
|
{ :lookups => { 'sis_user_id' => 'pseudonyms.sis_user_id',
|
2015-10-06 02:35:39 +08:00
|
|
|
'sis_login_id' => {
|
|
|
|
|
column: 'LOWER(pseudonyms.unique_id)',
|
|
|
|
|
transform: ->(id) { QuotedValue.new("LOWER(#{Pseudonym.connection.quote(id)})") }
|
|
|
|
|
},
|
2015-09-02 04:14:10 +08:00
|
|
|
'id' => 'users.id',
|
|
|
|
|
'sis_integration_id' => 'pseudonyms.integration_id',
|
|
|
|
|
'lti_context_id' => 'users.lti_context_id',
|
|
|
|
|
'lti_user_id' => 'users.lti_context_id' }.freeze,
|
|
|
|
|
:is_not_scoped_to_account => ['users.id', 'users.lti_context_id'].freeze,
|
2011-11-15 04:29:30 +08:00
|
|
|
:scope => 'pseudonyms.account_id',
|
2015-09-02 04:14:10 +08:00
|
|
|
:joins => :pseudonym }.freeze,
|
2011-10-26 23:06:14 +08:00
|
|
|
'accounts' =>
|
2015-09-02 04:14:10 +08:00
|
|
|
{ :lookups => { 'sis_account_id' => 'sis_source_id',
|
|
|
|
|
'id' => 'id',
|
|
|
|
|
'sis_integration_id' => 'integration_id',
|
|
|
|
|
'lti_context_id' => 'lti_context_id' }.freeze,
|
|
|
|
|
:is_not_scoped_to_account => ['id', 'lti_context_id'].freeze,
|
|
|
|
|
:scope => 'root_account_id' }.freeze,
|
2011-10-26 23:06:14 +08:00
|
|
|
'course_sections' =>
|
2015-09-02 04:14:10 +08:00
|
|
|
{ :lookups => { 'sis_section_id' => 'sis_source_id',
|
|
|
|
|
'id' => 'id',
|
|
|
|
|
'sis_integration_id' => 'integration_id' }.freeze,
|
|
|
|
|
:is_not_scoped_to_account => ['id'].freeze,
|
|
|
|
|
:scope => 'root_account_id' }.freeze,
|
2013-06-20 11:38:00 +08:00
|
|
|
'groups' =>
|
2015-09-02 04:14:10 +08:00
|
|
|
{ :lookups => { 'sis_group_id' => 'sis_source_id',
|
|
|
|
|
'id' => 'id' }.freeze,
|
|
|
|
|
:is_not_scoped_to_account => ['id'].freeze,
|
|
|
|
|
:scope => 'root_account_id' }.freeze,
|
2011-11-10 00:50:16 +08:00
|
|
|
}.freeze
|
2011-09-13 23:21:00 +08:00
|
|
|
|
2013-06-18 06:08:36 +08:00
|
|
|
# (digits in 2**63-1) - 1, so that any ID representable in MAX_ID_LENGTH
|
|
|
|
|
# digits is < 2**63, which is the max signed 64-bit integer, which is what's
|
|
|
|
|
# used for the DB ids.
|
|
|
|
|
MAX_ID_LENGTH = 18
|
|
|
|
|
ID_REGEX = %r{\A\d{1,#{MAX_ID_LENGTH}}\z}
|
2012-10-20 04:25:17 +08:00
|
|
|
|
2016-03-30 01:58:45 +08:00
|
|
|
def self.sis_parse_id(id, lookups, _current_user = nil,
|
|
|
|
|
root_account: nil)
|
2011-11-15 04:29:30 +08:00
|
|
|
# returns column_name, column_value
|
2014-01-10 02:56:07 +08:00
|
|
|
return lookups['id'], id if id.is_a?(Numeric) || id.is_a?(ActiveRecord::Base)
|
2011-11-15 04:29:30 +08:00
|
|
|
id = id.to_s.strip
|
2014-05-22 12:55:43 +08:00
|
|
|
if id =~ %r{\Ahex:(lti_[\w_]+|sis_[\w_]+):(([0-9A-Fa-f]{2})+)\z}
|
2011-11-15 04:29:30 +08:00
|
|
|
sis_column = $1
|
|
|
|
|
sis_id = [$2].pack('H*')
|
2014-05-22 12:55:43 +08:00
|
|
|
elsif id =~ %r{\A(lti_[\w_]+|sis_[\w_]+):(.+)\z}
|
2011-11-15 04:29:30 +08:00
|
|
|
sis_column = $1
|
|
|
|
|
sis_id = $2
|
2012-10-20 04:25:17 +08:00
|
|
|
elsif id =~ ID_REGEX
|
|
|
|
|
return lookups['id'], (id =~ /\A\d+\z/ ? id.to_i : id)
|
2011-05-13 05:48:18 +08:00
|
|
|
else
|
2011-11-15 04:29:30 +08:00
|
|
|
return nil, nil
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
column = lookups[sis_column]
|
|
|
|
|
return nil, nil unless column
|
2015-10-06 02:35:39 +08:00
|
|
|
if column.is_a?(Hash)
|
|
|
|
|
sis_id = column[:transform].call(sis_id)
|
|
|
|
|
column = column[:column]
|
|
|
|
|
end
|
2011-11-15 04:29:30 +08:00
|
|
|
return column, sis_id
|
|
|
|
|
end
|
2011-05-13 05:48:18 +08:00
|
|
|
|
2016-03-30 01:58:45 +08:00
|
|
|
def self.sis_parse_ids(ids, lookups, current_user = nil, root_account: nil)
|
2011-11-15 04:29:30 +08:00
|
|
|
# returns {column_name => [column_value,...].uniq, ...}
|
|
|
|
|
columns = {}
|
|
|
|
|
ids.compact.each do |id|
|
2016-03-30 01:58:45 +08:00
|
|
|
column, sis_id = sis_parse_id(id, lookups,
|
|
|
|
|
current_user,
|
|
|
|
|
root_account: root_account)
|
2011-11-15 04:29:30 +08:00
|
|
|
next unless column && sis_id
|
|
|
|
|
columns[column] ||= []
|
|
|
|
|
columns[column] << sis_id
|
|
|
|
|
end
|
|
|
|
|
columns.keys.each { |key| columns[key].uniq! }
|
|
|
|
|
return columns
|
|
|
|
|
end
|
|
|
|
|
|
2013-02-13 00:50:20 +08:00
|
|
|
# remove things that don't look like valid database IDs
|
|
|
|
|
# return in integer format if possible
|
|
|
|
|
# (note that ID_REGEX may be redefined by a plugin!)
|
|
|
|
|
def self.map_non_sis_ids(ids)
|
|
|
|
|
ids.map{ |id| id.to_s.strip }.select{ |id| id =~ ID_REGEX }.map do |id|
|
|
|
|
|
id =~ /\A\d+\z/ ? id.to_i : id
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2011-11-15 04:29:30 +08:00
|
|
|
def self.sis_find_sis_mapping_for_collection(collection)
|
|
|
|
|
SIS_MAPPINGS[collection.table_name] or
|
2011-09-13 23:21:00 +08:00
|
|
|
raise(ArgumentError, "need to add support for table name: #{collection.table_name}")
|
2011-11-15 04:29:30 +08:00
|
|
|
end
|
|
|
|
|
|
2015-09-02 04:14:10 +08:00
|
|
|
def self.sis_relation_for_collection(collection, ids, sis_root_account, current_user = nil)
|
|
|
|
|
relation_for_sis_mapping(collection,
|
|
|
|
|
sis_find_sis_mapping_for_collection(collection),
|
|
|
|
|
ids,
|
|
|
|
|
sis_root_account,
|
|
|
|
|
current_user)
|
2011-11-15 04:29:30 +08:00
|
|
|
end
|
|
|
|
|
|
2015-09-02 04:14:10 +08:00
|
|
|
def self.relation_for_sis_mapping(relation, sis_mapping, ids, sis_root_account, current_user = nil)
|
|
|
|
|
relation_for_sis_mapping_and_columns(relation,
|
2016-05-19 02:35:01 +08:00
|
|
|
sis_parse_ids(ids,
|
|
|
|
|
sis_mapping[:lookups],
|
|
|
|
|
current_user,
|
|
|
|
|
root_account: sis_root_account),
|
2015-09-02 04:14:10 +08:00
|
|
|
sis_mapping,
|
|
|
|
|
sis_root_account)
|
2011-11-15 04:29:30 +08:00
|
|
|
end
|
2011-09-13 23:21:00 +08:00
|
|
|
|
2015-09-02 04:14:10 +08:00
|
|
|
def self.relation_for_sis_mapping_and_columns(relation, columns, sis_mapping, sis_root_account)
|
2011-11-15 04:29:30 +08:00
|
|
|
raise ArgumentError, "sis_root_account required for lookups" unless sis_root_account.is_a?(Account)
|
2011-10-05 00:31:34 +08:00
|
|
|
|
2015-09-02 04:14:10 +08:00
|
|
|
return relation.none if columns.empty?
|
2011-11-15 04:29:30 +08:00
|
|
|
|
2012-10-20 04:25:17 +08:00
|
|
|
not_scoped_to_account = sis_mapping[:is_not_scoped_to_account] || []
|
|
|
|
|
|
|
|
|
|
if columns.length == 1 && not_scoped_to_account.include?(columns.keys.first)
|
2015-09-02 04:14:10 +08:00
|
|
|
relation = relation.where(columns)
|
2012-10-20 04:25:17 +08:00
|
|
|
else
|
|
|
|
|
args = []
|
|
|
|
|
query = []
|
|
|
|
|
columns.keys.sort.each do |column|
|
|
|
|
|
if not_scoped_to_account.include?(column)
|
|
|
|
|
query << "#{column} IN (?)"
|
2014-03-15 05:53:14 +08:00
|
|
|
args << columns[column]
|
2012-10-20 04:25:17 +08:00
|
|
|
else
|
|
|
|
|
raise ArgumentError, "missing scope for collection" unless sis_mapping[:scope]
|
2014-03-15 05:53:14 +08:00
|
|
|
ids = columns[column]
|
|
|
|
|
if ids.any? { |id| id.is_a?(Array) }
|
|
|
|
|
ids_hash = {}
|
|
|
|
|
ids.each do |id|
|
|
|
|
|
id = Array(id)
|
|
|
|
|
account = id.last || sis_root_account
|
|
|
|
|
ids_hash[account] ||= []
|
|
|
|
|
ids_hash[account] << id.first
|
|
|
|
|
end
|
|
|
|
|
else
|
|
|
|
|
ids_hash = { sis_root_account => ids }
|
|
|
|
|
end
|
|
|
|
|
ids_hash.each do |root_account, ids|
|
|
|
|
|
query << "(#{sis_mapping[:scope]} = #{root_account.id} AND #{column} IN (?))"
|
|
|
|
|
args << ids
|
|
|
|
|
end
|
2012-10-20 04:25:17 +08:00
|
|
|
end
|
2011-09-13 23:21:00 +08:00
|
|
|
end
|
2012-10-20 04:25:17 +08:00
|
|
|
|
|
|
|
|
args.unshift(query.join(" OR "))
|
2015-09-02 04:14:10 +08:00
|
|
|
relation = relation.where(*args)
|
2011-07-06 06:23:35 +08:00
|
|
|
end
|
2011-11-15 04:29:30 +08:00
|
|
|
|
2015-09-02 04:14:10 +08:00
|
|
|
relation = relation.eager_load(sis_mapping[:joins]) if sis_mapping[:joins]
|
|
|
|
|
relation
|
2011-07-06 06:23:35 +08:00
|
|
|
end
|
2012-01-04 04:30:49 +08:00
|
|
|
|
2013-11-07 05:03:21 +08:00
|
|
|
def self.max_per_page
|
|
|
|
|
Setting.get('api_max_per_page', '50').to_i
|
|
|
|
|
end
|
|
|
|
|
|
2016-03-04 05:21:29 +08:00
|
|
|
def self.per_page
|
|
|
|
|
Setting.get('api_per_page', '10').to_i
|
|
|
|
|
end
|
|
|
|
|
|
2013-11-08 05:37:20 +08:00
|
|
|
def self.per_page_for(controller, options={})
|
2016-03-04 05:21:29 +08:00
|
|
|
per_page_requested = controller.params[:per_page] || options[:default] || per_page
|
2013-11-07 05:03:21 +08:00
|
|
|
max = options[:max] || max_per_page
|
2016-03-04 05:21:29 +08:00
|
|
|
[[per_page_requested.to_i, 1].max, max.to_i].min
|
2012-08-28 02:48:38 +08:00
|
|
|
end
|
|
|
|
|
|
2011-07-22 00:35:46 +08:00
|
|
|
# Add [link HTTP Headers](http://www.w3.org/Protocols/9707-link-header.html) for pagination
|
2011-09-02 23:34:12 +08:00
|
|
|
# The collection needs to be a will_paginate collection (or act like one)
|
2011-08-23 00:47:40 +08:00
|
|
|
# a new, paginated collection will be returned
|
2013-09-26 03:01:06 +08:00
|
|
|
def self.paginate(collection, controller, base_url, pagination_args = {}, response_args = {})
|
import ActiveModel::Serializers port and convert quizzes api to it
test plan:
- The quiz api should work like it normally does when you don't pass
an 'Accept: application/vnd.api+json' header.
- The quizzes index page and quiz edit page should work like they
always do.
- Testing the Quizzes API for "jsonapi" style:
- For all requests, you MUST have the "Accept" header set to
"application/vnd.api+json"
- Test all the endpoints (PUT, POST, GET, INDEX, DELETE) like you
normally would, except you'll need to format the data according to
the next few steps:
- For "POST" and "PUT" (create and update) requests, you should send
the data like: { "quizzes": [ { id: 1, title: "blah" } ]
- For all requests (except DELETE), you should get back a response
that looks like: { "quizzes": [ { quiz you requested } ]
- For the "delete" action, you should get a "no content" response
and the request should be successful
Change-Id: Ie91deaeb6772cbe52a0fc46a28ab93a4e3036061
Reviewed-on: https://gerrit.instructure.com/25997
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
2013-12-05 03:06:32 +08:00
|
|
|
collection = paginate_collection!(collection, controller, pagination_args)
|
2013-09-26 03:01:06 +08:00
|
|
|
hash = build_links_hash(base_url, meta_for_pagination(controller, collection))
|
|
|
|
|
links = build_links_from_hash(hash)
|
import ActiveModel::Serializers port and convert quizzes api to it
test plan:
- The quiz api should work like it normally does when you don't pass
an 'Accept: application/vnd.api+json' header.
- The quizzes index page and quiz edit page should work like they
always do.
- Testing the Quizzes API for "jsonapi" style:
- For all requests, you MUST have the "Accept" header set to
"application/vnd.api+json"
- Test all the endpoints (PUT, POST, GET, INDEX, DELETE) like you
normally would, except you'll need to format the data according to
the next few steps:
- For "POST" and "PUT" (create and update) requests, you should send
the data like: { "quizzes": [ { id: 1, title: "blah" } ]
- For all requests (except DELETE), you should get back a response
that looks like: { "quizzes": [ { quiz you requested } ]
- For the "delete" action, you should get a "no content" response
and the request should be successful
Change-Id: Ie91deaeb6772cbe52a0fc46a28ab93a4e3036061
Reviewed-on: https://gerrit.instructure.com/25997
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
2013-12-05 03:06:32 +08:00
|
|
|
controller.response.headers["Link"] = links.join(',') if links.length > 0
|
2013-09-26 03:01:06 +08:00
|
|
|
if response_args[:enhanced_return]
|
|
|
|
|
{hash: hash, collection: collection}
|
|
|
|
|
else
|
|
|
|
|
collection
|
|
|
|
|
end
|
import ActiveModel::Serializers port and convert quizzes api to it
test plan:
- The quiz api should work like it normally does when you don't pass
an 'Accept: application/vnd.api+json' header.
- The quizzes index page and quiz edit page should work like they
always do.
- Testing the Quizzes API for "jsonapi" style:
- For all requests, you MUST have the "Accept" header set to
"application/vnd.api+json"
- Test all the endpoints (PUT, POST, GET, INDEX, DELETE) like you
normally would, except you'll need to format the data according to
the next few steps:
- For "POST" and "PUT" (create and update) requests, you should send
the data like: { "quizzes": [ { id: 1, title: "blah" } ]
- For all requests (except DELETE), you should get back a response
that looks like: { "quizzes": [ { quiz you requested } ]
- For the "delete" action, you should get a "no content" response
and the request should be successful
Change-Id: Ie91deaeb6772cbe52a0fc46a28ab93a4e3036061
Reviewed-on: https://gerrit.instructure.com/25997
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
2013-12-05 03:06:32 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# Returns collection as the first return value, and the meta information hash
|
|
|
|
|
# as the second return value
|
|
|
|
|
def self.jsonapi_paginate(collection, controller, base_url, pagination_args={})
|
|
|
|
|
collection = paginate_collection!(collection, controller, pagination_args)
|
|
|
|
|
meta = jsonapi_meta(collection, controller, base_url)
|
|
|
|
|
|
|
|
|
|
return collection, meta
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.jsonapi_meta(collection, controller, base_url)
|
|
|
|
|
pagination = meta_for_pagination(controller, collection)
|
|
|
|
|
|
|
|
|
|
meta = {
|
|
|
|
|
per_page: collection.per_page
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
meta.merge!(build_links_hash(base_url, pagination))
|
|
|
|
|
|
|
|
|
|
if collection.ordinal_pages?
|
|
|
|
|
meta[:page] = pagination[:current]
|
|
|
|
|
meta[:template] = meta[:current].sub(/page=\d+/, "page={page}")
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
meta[:count] = collection.total_entries if collection.total_entries
|
|
|
|
|
meta[:page_count] = collection.total_pages if collection.total_pages
|
2013-12-19 02:36:42 +08:00
|
|
|
|
import ActiveModel::Serializers port and convert quizzes api to it
test plan:
- The quiz api should work like it normally does when you don't pass
an 'Accept: application/vnd.api+json' header.
- The quizzes index page and quiz edit page should work like they
always do.
- Testing the Quizzes API for "jsonapi" style:
- For all requests, you MUST have the "Accept" header set to
"application/vnd.api+json"
- Test all the endpoints (PUT, POST, GET, INDEX, DELETE) like you
normally would, except you'll need to format the data according to
the next few steps:
- For "POST" and "PUT" (create and update) requests, you should send
the data like: { "quizzes": [ { id: 1, title: "blah" } ]
- For all requests (except DELETE), you should get back a response
that looks like: { "quizzes": [ { quiz you requested } ]
- For the "delete" action, you should get a "no content" response
and the request should be successful
Change-Id: Ie91deaeb6772cbe52a0fc46a28ab93a4e3036061
Reviewed-on: https://gerrit.instructure.com/25997
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
2013-12-05 03:06:32 +08:00
|
|
|
{ pagination: meta }
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.paginate_collection!(collection, controller, pagination_args)
|
|
|
|
|
wrap_pagination_args!(pagination_args, controller)
|
2013-12-19 02:36:42 +08:00
|
|
|
begin
|
|
|
|
|
paginated = collection.paginate(pagination_args)
|
|
|
|
|
rescue Folio::InvalidPage
|
|
|
|
|
if pagination_args[:page].to_s =~ /\d+/ && pagination_args[:page].to_i > 0 && collection.build_page.ordinal_pages?
|
|
|
|
|
# for backwards compatibility we currently require returning [] for
|
|
|
|
|
# pages beyond the end of an ordinal collection, rather than a 404.
|
|
|
|
|
paginated = Folio::Ordinal::Page.create
|
|
|
|
|
paginated.current_page = pagination_args[:page].to_i
|
|
|
|
|
else
|
|
|
|
|
# we're not dealing with a simple out-of-bounds on an ordinal
|
|
|
|
|
# collection, let the exception propagate (and turn into a 404)
|
|
|
|
|
raise
|
|
|
|
|
end
|
|
|
|
|
end
|
import ActiveModel::Serializers port and convert quizzes api to it
test plan:
- The quiz api should work like it normally does when you don't pass
an 'Accept: application/vnd.api+json' header.
- The quizzes index page and quiz edit page should work like they
always do.
- Testing the Quizzes API for "jsonapi" style:
- For all requests, you MUST have the "Accept" header set to
"application/vnd.api+json"
- Test all the endpoints (PUT, POST, GET, INDEX, DELETE) like you
normally would, except you'll need to format the data according to
the next few steps:
- For "POST" and "PUT" (create and update) requests, you should send
the data like: { "quizzes": [ { id: 1, title: "blah" } ]
- For all requests (except DELETE), you should get back a response
that looks like: { "quizzes": [ { quiz you requested } ]
- For the "delete" action, you should get a "no content" response
and the request should be successful
Change-Id: Ie91deaeb6772cbe52a0fc46a28ab93a4e3036061
Reviewed-on: https://gerrit.instructure.com/25997
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
2013-12-05 03:06:32 +08:00
|
|
|
paginated
|
2012-09-12 05:12:36 +08:00
|
|
|
end
|
|
|
|
|
|
import ActiveModel::Serializers port and convert quizzes api to it
test plan:
- The quiz api should work like it normally does when you don't pass
an 'Accept: application/vnd.api+json' header.
- The quizzes index page and quiz edit page should work like they
always do.
- Testing the Quizzes API for "jsonapi" style:
- For all requests, you MUST have the "Accept" header set to
"application/vnd.api+json"
- Test all the endpoints (PUT, POST, GET, INDEX, DELETE) like you
normally would, except you'll need to format the data according to
the next few steps:
- For "POST" and "PUT" (create and update) requests, you should send
the data like: { "quizzes": [ { id: 1, title: "blah" } ]
- For all requests (except DELETE), you should get back a response
that looks like: { "quizzes": [ { quiz you requested } ]
- For the "delete" action, you should get a "no content" response
and the request should be successful
Change-Id: Ie91deaeb6772cbe52a0fc46a28ab93a4e3036061
Reviewed-on: https://gerrit.instructure.com/25997
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
2013-12-05 03:06:32 +08:00
|
|
|
def self.wrap_pagination_args!(pagination_args, controller)
|
|
|
|
|
pagination_args.reverse_merge!(
|
|
|
|
|
page: controller.params[:page],
|
|
|
|
|
per_page: per_page_for(controller,
|
|
|
|
|
default: pagination_args.delete(:default_per_page),
|
|
|
|
|
max: pagination_args.delete(:max_per_page)))
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.meta_for_pagination(controller, collection)
|
|
|
|
|
{
|
|
|
|
|
query_parameters: controller.request.query_parameters,
|
|
|
|
|
per_page: collection.per_page,
|
|
|
|
|
current: collection.current_page,
|
|
|
|
|
next: collection.next_page,
|
|
|
|
|
prev: collection.previous_page,
|
|
|
|
|
first: collection.first_page,
|
|
|
|
|
last: collection.last_page,
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
PAGINATION_PARAMS = [:current, :next, :prev, :first, :last]
|
2012-09-12 05:12:36 +08:00
|
|
|
EXCLUDE_IN_PAGINATION_LINKS = %w(page per_page access_token api_key)
|
|
|
|
|
def self.build_links(base_url, opts={})
|
import ActiveModel::Serializers port and convert quizzes api to it
test plan:
- The quiz api should work like it normally does when you don't pass
an 'Accept: application/vnd.api+json' header.
- The quizzes index page and quiz edit page should work like they
always do.
- Testing the Quizzes API for "jsonapi" style:
- For all requests, you MUST have the "Accept" header set to
"application/vnd.api+json"
- Test all the endpoints (PUT, POST, GET, INDEX, DELETE) like you
normally would, except you'll need to format the data according to
the next few steps:
- For "POST" and "PUT" (create and update) requests, you should send
the data like: { "quizzes": [ { id: 1, title: "blah" } ]
- For all requests (except DELETE), you should get back a response
that looks like: { "quizzes": [ { quiz you requested } ]
- For the "delete" action, you should get a "no content" response
and the request should be successful
Change-Id: Ie91deaeb6772cbe52a0fc46a28ab93a4e3036061
Reviewed-on: https://gerrit.instructure.com/25997
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
2013-12-05 03:06:32 +08:00
|
|
|
links = build_links_hash(base_url, opts)
|
2013-09-26 03:01:06 +08:00
|
|
|
build_links_from_hash(links)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.build_links_from_hash(links)
|
import ActiveModel::Serializers port and convert quizzes api to it
test plan:
- The quiz api should work like it normally does when you don't pass
an 'Accept: application/vnd.api+json' header.
- The quizzes index page and quiz edit page should work like they
always do.
- Testing the Quizzes API for "jsonapi" style:
- For all requests, you MUST have the "Accept" header set to
"application/vnd.api+json"
- Test all the endpoints (PUT, POST, GET, INDEX, DELETE) like you
normally would, except you'll need to format the data according to
the next few steps:
- For "POST" and "PUT" (create and update) requests, you should send
the data like: { "quizzes": [ { id: 1, title: "blah" } ]
- For all requests (except DELETE), you should get back a response
that looks like: { "quizzes": [ { quiz you requested } ]
- For the "delete" action, you should get a "no content" response
and the request should be successful
Change-Id: Ie91deaeb6772cbe52a0fc46a28ab93a4e3036061
Reviewed-on: https://gerrit.instructure.com/25997
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
2013-12-05 03:06:32 +08:00
|
|
|
# iterate in order, but only using the keys present from build_links_hash
|
|
|
|
|
(PAGINATION_PARAMS & links.keys).map do |k|
|
|
|
|
|
v = links[k]
|
|
|
|
|
"<#{v}>; rel=\"#{k}\""
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.build_links_hash(base_url, opts={})
|
2012-01-04 04:30:49 +08:00
|
|
|
base_url += (base_url =~ /\?/ ? '&': '?')
|
2012-09-12 05:12:36 +08:00
|
|
|
qp = opts[:query_parameters] || {}
|
|
|
|
|
qp = qp.with_indifferent_access.except(*EXCLUDE_IN_PAGINATION_LINKS)
|
|
|
|
|
base_url += "#{qp.to_query}&" if qp.present?
|
import ActiveModel::Serializers port and convert quizzes api to it
test plan:
- The quiz api should work like it normally does when you don't pass
an 'Accept: application/vnd.api+json' header.
- The quizzes index page and quiz edit page should work like they
always do.
- Testing the Quizzes API for "jsonapi" style:
- For all requests, you MUST have the "Accept" header set to
"application/vnd.api+json"
- Test all the endpoints (PUT, POST, GET, INDEX, DELETE) like you
normally would, except you'll need to format the data according to
the next few steps:
- For "POST" and "PUT" (create and update) requests, you should send
the data like: { "quizzes": [ { id: 1, title: "blah" } ]
- For all requests (except DELETE), you should get back a response
that looks like: { "quizzes": [ { quiz you requested } ]
- For the "delete" action, you should get a "no content" response
and the request should be successful
Change-Id: Ie91deaeb6772cbe52a0fc46a28ab93a4e3036061
Reviewed-on: https://gerrit.instructure.com/25997
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
2013-12-05 03:06:32 +08:00
|
|
|
PAGINATION_PARAMS.each_with_object({}) do |param, obj|
|
|
|
|
|
if opts[param].present?
|
|
|
|
|
obj[param] = "#{base_url}page=#{opts[param]}&per_page=#{opts[:per_page]}"
|
2012-09-12 05:12:36 +08:00
|
|
|
end
|
2011-07-22 00:35:46 +08:00
|
|
|
end
|
|
|
|
|
end
|
2012-01-04 04:30:49 +08:00
|
|
|
|
2012-10-18 05:43:39 +08:00
|
|
|
def self.parse_pagination_links(link_header)
|
|
|
|
|
link_header.split(",").map do |link|
|
|
|
|
|
url, rel = link.match(%r{^<([^>]+)>; rel="([^"]+)"}).captures
|
|
|
|
|
uri = URI.parse(url)
|
|
|
|
|
raise(ArgumentError, "pagination url is not an absolute uri: #{url}") unless uri.is_a?(URI::HTTP)
|
|
|
|
|
Rack::Utils.parse_nested_query(uri.query).merge(:uri => uri, :rel => rel)
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2011-10-08 05:41:19 +08:00
|
|
|
def media_comment_json(media_object_or_hash)
|
|
|
|
|
media_object_or_hash = OpenStruct.new(media_object_or_hash) if media_object_or_hash.is_a?(Hash)
|
|
|
|
|
{
|
|
|
|
|
'content-type' => "#{media_object_or_hash.media_type}/mp4",
|
2015-10-30 23:15:24 +08:00
|
|
|
'display_name' => media_object_or_hash.title.presence || media_object_or_hash.user_entered_title,
|
2011-10-08 05:41:19 +08:00
|
|
|
'media_id' => media_object_or_hash.media_id,
|
|
|
|
|
'media_type' => media_object_or_hash.media_type,
|
|
|
|
|
'url' => user_media_download_url(:user_id => @current_user.id,
|
|
|
|
|
:entryId => media_object_or_hash.media_id,
|
|
|
|
|
:type => "mp4",
|
|
|
|
|
:redirect => "1")
|
|
|
|
|
}
|
|
|
|
|
end
|
|
|
|
|
|
2012-06-26 23:52:40 +08:00
|
|
|
|
2015-09-10 21:38:06 +08:00
|
|
|
def api_bulk_load_user_content_attachments(htmls, context = nil)
|
|
|
|
|
|
|
|
|
|
regex = context ? %r{/#{context.class.name.tableize}/#{context.id}/files/(\d+)} : %r{/files/(\d+)}
|
|
|
|
|
|
2013-07-09 03:08:06 +08:00
|
|
|
attachment_ids = []
|
2015-09-10 21:38:06 +08:00
|
|
|
htmls.compact.each do |html|
|
|
|
|
|
html.scan(regex).each do |match|
|
|
|
|
|
attachment_ids << match.first
|
|
|
|
|
end
|
2013-07-09 03:08:06 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
if attachment_ids.blank?
|
|
|
|
|
{}
|
|
|
|
|
else
|
|
|
|
|
attachments = if context.is_a?(User) || context.nil?
|
|
|
|
|
Attachment.where(id: attachment_ids)
|
|
|
|
|
else
|
|
|
|
|
context.attachments.where(id: attachment_ids)
|
|
|
|
|
end
|
2015-09-10 21:38:06 +08:00
|
|
|
|
2015-09-10 00:23:40 +08:00
|
|
|
attachments.preload(:context).index_by(&:id)
|
2013-07-09 03:08:06 +08:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2015-03-26 07:03:01 +08:00
|
|
|
PLACEHOLDER_PROTOCOL = 'https'
|
|
|
|
|
PLACEHOLDER_HOST = 'placeholder.invalid'
|
|
|
|
|
|
|
|
|
|
def get_host_and_protocol_from_request
|
|
|
|
|
[ request.host_with_port, request.ssl? ? 'https' : 'http' ]
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def resolve_placeholders(content)
|
|
|
|
|
host, protocol = get_host_and_protocol_from_request
|
2016-01-20 04:23:25 +08:00
|
|
|
# content is a json-encoded string; slashes are escaped (at least in Rails 4.0)
|
|
|
|
|
content.gsub("#{PLACEHOLDER_PROTOCOL}:\\/\\/#{PLACEHOLDER_HOST}", "#{protocol}:\\/\\/#{host}").
|
|
|
|
|
gsub("#{PLACEHOLDER_PROTOCOL}://#{PLACEHOLDER_HOST}", "#{protocol}://#{host}")
|
2015-03-26 07:03:01 +08:00
|
|
|
end
|
|
|
|
|
|
2015-09-10 00:23:40 +08:00
|
|
|
def user_can_download_attachment?(attachment, context, user)
|
|
|
|
|
# checking on the context first can improve performance when checking many attachments for admins
|
|
|
|
|
(context && context.grants_any_right?(user, :manage_files, :read_as_admin)) || attachment.grants_right?(user, nil, :download)
|
|
|
|
|
end
|
|
|
|
|
|
2014-12-06 02:11:25 +08:00
|
|
|
def api_user_content(html, context = @context, user = @current_user, preloaded_attachments = {}, is_public=false)
|
2011-11-10 05:39:18 +08:00
|
|
|
return html if html.blank?
|
|
|
|
|
|
2015-03-26 07:03:01 +08:00
|
|
|
# use the host of the request if available;
|
|
|
|
|
# use a placeholder host for pre-generated content, which we will replace with the request host when available;
|
|
|
|
|
# otherwise let HostUrl figure out what host is appropriate
|
|
|
|
|
if self.respond_to?(:request)
|
|
|
|
|
host, protocol = get_host_and_protocol_from_request
|
|
|
|
|
elsif self.respond_to?(:use_placeholder_host?) && use_placeholder_host?
|
|
|
|
|
host = PLACEHOLDER_HOST
|
|
|
|
|
protocol = PLACEHOLDER_PROTOCOL
|
2012-04-04 04:17:56 +08:00
|
|
|
else
|
|
|
|
|
host = HostUrl.context_host(context, @account_domain.try(:host))
|
2012-06-26 23:52:40 +08:00
|
|
|
protocol = HostUrl.protocol
|
2012-04-04 04:17:56 +08:00
|
|
|
end
|
2012-03-28 02:41:55 +08:00
|
|
|
|
2011-10-08 00:36:22 +08:00
|
|
|
rewriter = UserContent::HtmlRewriter.new(context, user)
|
|
|
|
|
rewriter.set_handler('files') do |match|
|
2013-03-27 00:43:40 +08:00
|
|
|
if match.obj_id
|
2013-07-09 03:08:06 +08:00
|
|
|
obj = preloaded_attachments[match.obj_id]
|
|
|
|
|
obj ||= if context.is_a?(User) || context.nil?
|
2014-09-18 01:29:06 +08:00
|
|
|
Attachment.where(id: match.obj_id).first
|
2013-07-09 03:08:06 +08:00
|
|
|
else
|
|
|
|
|
context.attachments.find_by_id(match.obj_id)
|
|
|
|
|
end
|
2013-03-27 00:43:40 +08:00
|
|
|
end
|
2014-10-25 03:39:29 +08:00
|
|
|
|
2015-12-09 00:30:06 +08:00
|
|
|
unless obj && !obj.deleted? && ((is_public && !obj.locked_for?(user)) || user_can_download_attachment?(obj, context, user))
|
2015-03-25 04:59:04 +08:00
|
|
|
if obj && obj.previewable_media? && (uri = URI.parse(match.url) rescue nil)
|
|
|
|
|
uri.query = (uri.query.to_s.split("&") + ["no_preview=1"]).join("&")
|
|
|
|
|
next uri.to_s
|
|
|
|
|
else
|
|
|
|
|
next
|
|
|
|
|
end
|
|
|
|
|
end
|
2013-04-12 00:57:09 +08:00
|
|
|
|
|
|
|
|
if ["Course", "Group", "Account", "User"].include?(obj.context_type)
|
2015-02-10 06:53:13 +08:00
|
|
|
opts = {:only_path => true}
|
2015-04-01 21:09:29 +08:00
|
|
|
opts.merge!(:verifier => obj.uuid) unless respond_to?(:in_app?, true) && in_app? && !is_public
|
2013-04-12 00:57:09 +08:00
|
|
|
if match.rest.start_with?("/preview")
|
2014-08-13 21:37:27 +08:00
|
|
|
url = self.send("#{obj.context_type.downcase}_file_preview_url", obj.context_id, obj.id, opts)
|
2013-04-12 00:57:09 +08:00
|
|
|
else
|
2014-08-13 21:37:27 +08:00
|
|
|
opts[:download] = '1'
|
|
|
|
|
opts[:wrap] = '1' if match.rest.include?('wrap=1')
|
|
|
|
|
url = self.send("#{obj.context_type.downcase}_file_download_url", obj.context_id, obj.id, opts)
|
2013-04-12 00:57:09 +08:00
|
|
|
end
|
|
|
|
|
else
|
2015-02-10 06:53:13 +08:00
|
|
|
opts = {:download => '1', :only_path => true}
|
2015-04-01 21:09:29 +08:00
|
|
|
opts.merge!(:verifier => obj.uuid) unless respond_to?(:in_app?, true) && in_app? && !is_public
|
2015-02-10 06:53:13 +08:00
|
|
|
url = file_download_url(obj.id, opts)
|
2013-04-12 00:57:09 +08:00
|
|
|
end
|
|
|
|
|
url
|
2011-10-08 00:36:22 +08:00
|
|
|
end
|
|
|
|
|
html = rewriter.translate_content(html)
|
|
|
|
|
|
2014-09-03 02:49:25 +08:00
|
|
|
url_helper = Html::UrlProxy.new(self, context, host, protocol)
|
2015-12-05 00:57:07 +08:00
|
|
|
account = Context.get_account(context) || @domain_root_account
|
2015-08-27 02:44:55 +08:00
|
|
|
include_mobile = respond_to?(:mobile_device?, true) && mobile_device?
|
|
|
|
|
Html::Content.rewrite_outgoing(html, account, url_helper, include_mobile: include_mobile)
|
2011-10-08 00:36:22 +08:00
|
|
|
end
|
2012-05-22 00:11:48 +08:00
|
|
|
|
2013-04-13 05:46:13 +08:00
|
|
|
# This removes the verifier parameters that are added to attachment links by api_user_content
|
|
|
|
|
# and adds context (e.g. /courses/:id/) if it is missing
|
2013-06-18 05:24:00 +08:00
|
|
|
# exception: it leaves user-context file links alone
|
2013-04-13 05:46:13 +08:00
|
|
|
def process_incoming_html_content(html)
|
2014-09-03 02:49:25 +08:00
|
|
|
Html::Content.process_incoming(html)
|
2013-04-13 05:46:13 +08:00
|
|
|
end
|
|
|
|
|
|
2012-05-22 00:11:48 +08:00
|
|
|
def value_to_boolean(value)
|
|
|
|
|
Canvas::Plugin.value_to_boolean(value)
|
|
|
|
|
end
|
2012-08-15 05:47:53 +08:00
|
|
|
|
2014-02-26 02:53:21 +08:00
|
|
|
# takes a comma separated string, an array, or nil and returns an array
|
2014-01-07 07:45:51 +08:00
|
|
|
def self.value_to_array(value)
|
2014-02-26 02:53:21 +08:00
|
|
|
value.is_a?(String) ? value.split(',') : (value || [])
|
2014-01-07 07:45:51 +08:00
|
|
|
end
|
|
|
|
|
|
2014-04-10 05:05:22 +08:00
|
|
|
def self.invalid_time_stamp_error(attribute, message)
|
2015-04-05 10:39:49 +08:00
|
|
|
Canvas::Errors.capture(
|
|
|
|
|
'invalid_date_time',
|
|
|
|
|
message: "invalid #{attribute}",
|
|
|
|
|
exception_message: message
|
|
|
|
|
)
|
2014-04-10 05:05:22 +08:00
|
|
|
end
|
|
|
|
|
|
|
|
|
|
# regex for valid iso8601 dates
|
2014-04-24 06:37:49 +08:00
|
|
|
ISO8601_REGEX = /^(?<year>[0-9]{4})-
|
2014-04-10 05:05:22 +08:00
|
|
|
(?<month>1[0-2]|0[1-9])-
|
|
|
|
|
(?<day>3[0-1]|0[1-9]|[1-2][0-9])T
|
|
|
|
|
(?<hour>2[0-3]|[0-1][0-9]):
|
|
|
|
|
(?<minute>[0-5][0-9]):
|
|
|
|
|
(?<second>60|[0-5][0-9])
|
|
|
|
|
(?<fraction>\.[0-9]+)?
|
|
|
|
|
(?<timezone>Z|[+-](?:2[0-3]|[0-1][0-9]):[0-5][0-9])?$/x
|
|
|
|
|
|
|
|
|
|
# regex for valid dates
|
|
|
|
|
DATE_REGEX = /^\d{4}[- \/.](0[1-9]|1[012])[- \/.](0[1-9]|[12][0-9]|3[01])$/
|
|
|
|
|
|
2012-08-15 05:47:53 +08:00
|
|
|
# regex for shard-aware ID
|
|
|
|
|
ID = '(?:\d+~)?\d+'
|
|
|
|
|
|
modules api, closes #10404
also modifies the discussion topic and assignment API
controllers to make sure "must_view" requirements are
fulfilled
test plan:
* check the API documentation; ensure it looks okay
* create a course with module items of each supported type
* set completion criteria of each supported type
* create another module, so you can set prerequisites
* use the list modules API and verify its output matches
the course and the documentation
* as a teacher, "state" should be missing
* as a student, "state" should be "locked", "unlocked",
"started", or "completed"
* use the show module API and verify the correct information
is returned for a single module
* use the list module items API and verify the output
* as a teacher, the "completion_requirement" omits the
"completed" flag
* as a student, "completed" should be true or false,
depending on whether the requirement was met
* use the show module API and verify the correct information
is returned for a single module item
* last but not least, verify "must view" requirements can
be fulfilled through the api_data_endpoints supplied
for files, pages, discussions, and assignments
* files are viewed when downloading their content
* pages are viewed by the show action (where content
is returned)
* discussions are viewed when marked read via the
mark_topic_read or mark_all_read actions
* assignments are viewed by the show action
(where description is returned). they are not viewed
if the assignment is locked and the user does not
have access to the content yet.
Change-Id: I0cbbbc542f69215e7b396a501d4d86ff2f76c149
Reviewed-on: https://gerrit.instructure.com/13626
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
2012-09-12 01:16:48 +08:00
|
|
|
# maps a Canvas data type to an API-friendly type name
|
|
|
|
|
API_DATA_TYPE = { "Attachment" => "File",
|
|
|
|
|
"WikiPage" => "Page",
|
|
|
|
|
"DiscussionTopic" => "Discussion",
|
|
|
|
|
"Assignment" => "Assignment",
|
2014-01-15 06:11:27 +08:00
|
|
|
"Quizzes::Quiz" => "Quiz",
|
modules api, closes #10404
also modifies the discussion topic and assignment API
controllers to make sure "must_view" requirements are
fulfilled
test plan:
* check the API documentation; ensure it looks okay
* create a course with module items of each supported type
* set completion criteria of each supported type
* create another module, so you can set prerequisites
* use the list modules API and verify its output matches
the course and the documentation
* as a teacher, "state" should be missing
* as a student, "state" should be "locked", "unlocked",
"started", or "completed"
* use the show module API and verify the correct information
is returned for a single module
* use the list module items API and verify the output
* as a teacher, the "completion_requirement" omits the
"completed" flag
* as a student, "completed" should be true or false,
depending on whether the requirement was met
* use the show module API and verify the correct information
is returned for a single module item
* last but not least, verify "must view" requirements can
be fulfilled through the api_data_endpoints supplied
for files, pages, discussions, and assignments
* files are viewed when downloading their content
* pages are viewed by the show action (where content
is returned)
* discussions are viewed when marked read via the
mark_topic_read or mark_all_read actions
* assignments are viewed by the show action
(where description is returned). they are not viewed
if the assignment is locked and the user does not
have access to the content yet.
Change-Id: I0cbbbc542f69215e7b396a501d4d86ff2f76c149
Reviewed-on: https://gerrit.instructure.com/13626
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
2012-09-12 01:16:48 +08:00
|
|
|
"ContextModuleSubHeader" => "SubHeader",
|
|
|
|
|
"ExternalUrl" => "ExternalUrl",
|
2013-08-22 06:36:47 +08:00
|
|
|
"ContextExternalTool" => "ExternalTool",
|
|
|
|
|
"ContextModule" => "Module",
|
|
|
|
|
"ContentTag" => "ModuleItem" }.freeze
|
|
|
|
|
|
|
|
|
|
# matches the other direction, case insensitively
|
|
|
|
|
def self.api_type_to_canvas_name(api_type)
|
|
|
|
|
unless @inverse_map
|
|
|
|
|
m = {}
|
|
|
|
|
API_DATA_TYPE.each do |k, v|
|
|
|
|
|
m[v.downcase] = k
|
|
|
|
|
end
|
|
|
|
|
@inverse_map = m
|
|
|
|
|
end
|
|
|
|
|
return nil unless api_type
|
|
|
|
|
@inverse_map[api_type.downcase]
|
|
|
|
|
end
|
modules api, closes #10404
also modifies the discussion topic and assignment API
controllers to make sure "must_view" requirements are
fulfilled
test plan:
* check the API documentation; ensure it looks okay
* create a course with module items of each supported type
* set completion criteria of each supported type
* create another module, so you can set prerequisites
* use the list modules API and verify its output matches
the course and the documentation
* as a teacher, "state" should be missing
* as a student, "state" should be "locked", "unlocked",
"started", or "completed"
* use the show module API and verify the correct information
is returned for a single module
* use the list module items API and verify the output
* as a teacher, the "completion_requirement" omits the
"completed" flag
* as a student, "completed" should be true or false,
depending on whether the requirement was met
* use the show module API and verify the correct information
is returned for a single module item
* last but not least, verify "must view" requirements can
be fulfilled through the api_data_endpoints supplied
for files, pages, discussions, and assignments
* files are viewed when downloading their content
* pages are viewed by the show action (where content
is returned)
* discussions are viewed when marked read via the
mark_topic_read or mark_all_read actions
* assignments are viewed by the show action
(where description is returned). they are not viewed
if the assignment is locked and the user does not
have access to the content yet.
Change-Id: I0cbbbc542f69215e7b396a501d4d86ff2f76c149
Reviewed-on: https://gerrit.instructure.com/13626
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
2012-09-12 01:16:48 +08:00
|
|
|
|
2014-01-11 08:44:27 +08:00
|
|
|
def self.recursively_stringify_json_ids(value, opts = {})
|
2013-10-20 01:14:31 +08:00
|
|
|
case value
|
|
|
|
|
when Hash
|
2014-01-11 08:44:27 +08:00
|
|
|
stringify_json_ids(value, opts)
|
|
|
|
|
value.each_value { |v| recursively_stringify_json_ids(v, opts) if v.is_a?(Hash) || v.is_a?(Array) }
|
2013-10-20 01:14:31 +08:00
|
|
|
when Array
|
2014-01-11 08:44:27 +08:00
|
|
|
value.each { |v| recursively_stringify_json_ids(v, opts) if v.is_a?(Hash) || v.is_a?(Array) }
|
2013-10-20 01:14:31 +08:00
|
|
|
end
|
|
|
|
|
value
|
|
|
|
|
end
|
|
|
|
|
|
2014-01-11 08:44:27 +08:00
|
|
|
def self.stringify_json_ids(value, opts = {})
|
2013-08-31 05:30:56 +08:00
|
|
|
return unless value.is_a?(Hash)
|
|
|
|
|
value.keys.each do |key|
|
|
|
|
|
if key =~ /(^|_)id$/
|
|
|
|
|
# id, foo_id, etc.
|
2014-01-11 08:44:27 +08:00
|
|
|
value[key] = stringify_json_id(value[key], opts)
|
2013-08-31 05:30:56 +08:00
|
|
|
elsif key =~ /(^|_)ids$/ && value[key].is_a?(Array)
|
|
|
|
|
# ids, foo_ids, etc.
|
2014-01-11 08:44:27 +08:00
|
|
|
value[key].map!{ |id| stringify_json_id(id, opts) }
|
2013-08-31 05:30:56 +08:00
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
2014-01-11 08:44:27 +08:00
|
|
|
def self.stringify_json_id(id, opts = {})
|
|
|
|
|
if opts[:reverse]
|
|
|
|
|
id.is_a?(String) ? id.to_i : id
|
|
|
|
|
else
|
|
|
|
|
id.is_a?(Integer) ? id.to_s : id
|
|
|
|
|
end
|
2013-08-31 05:30:56 +08:00
|
|
|
end
|
2013-10-23 23:47:41 +08:00
|
|
|
|
|
|
|
|
def accepts_jsonapi?
|
|
|
|
|
!!(/application\/vnd\.api\+json/ =~ request.headers['Accept'].to_s)
|
|
|
|
|
end
|
Quiz Submissions API - Create & Complete
Allows users to start a "quiz-taking session" via the API by creating
a QuizSubmission and later on completing it.
Note that this patch isn't concerned with actually using the QS to
answer questions. That task will be the concern of a new API controller,
QuizSubmissionQuestions.
closes CNVS-8980
TEST PLAN
---- ----
- Create a quiz
- Keep a tab open on the Moderate Quiz (MQ from now) page
Create the quiz submission (ie, start a quiz-taking session):
- Via the API, as a student:
- POST to /courses/:course_id/quizzes/:quiz_id/submissions
- Verify that you receive a 200 response with the newly created
QuizSubmission in the JSON response.
- Copy the "validation_token" field down, you will need this later
- Go to the MQ tab and verify that it says the student has started a
quiz attempt
Complete the quiz submission (ie, finish a quiz-taking session):
- Via the API, as a student, prepare a request with:
- Method: POST
- URI: /courses/:course_id/quizzes/:quiz_id/submissions/:id/complete
- Parameter "validation_token" to what you copied earlier
- Parameter "attempt" to the current attempt number (starts at 1)
- Now perform the request, and:
- Verify that you receive a 200 response
- Go to the MQ tab and verify that it says the submission has been
completed (ie, Time column reads "finished in X seconds/minutes")
Other stuff to test (failure scenarios):
The first endpoint (one for starting a quiz attempt) should reject your
request in any of the following cases:
- The quiz has been locked
- You are not enrolled in the quiz course
- The Quiz has an Access Code that you either didn't pass, or passed
incorrectly
- The Quiz has an IP filter and you're not in the address range
- You are already taking the quiz (you've created the submission and
did not call /complete yet)
- You are not currently taking the quiz, but you already took it
earlier and the Quiz does not allow for multiple attempts
The second endpoint (one for completing the quiz attempt) should reject
your request in any of the following cases:
- You pass in an invalid "validation_token"
- You already completed that quiz submission (e.g, you called that
endpoint earlier)
Change-Id: Iff8a47859d7477c210de46ea034544d5e2527fb2
Reviewed-on: https://gerrit.instructure.com/27015
Reviewed-by: Derek DeVries <ddevries@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Myller de Araujo <myller@instructure.com>
Product-Review: Ahmad Amireh <ahmad@instructure.com>
2013-12-05 22:10:12 +08:00
|
|
|
|
2013-12-03 04:42:07 +08:00
|
|
|
# Return a template url that follows the root links key for the jsonapi.org
|
|
|
|
|
# standard.
|
|
|
|
|
#
|
|
|
|
|
def templated_url(method, *args)
|
|
|
|
|
format = /^\{.*\}$/
|
|
|
|
|
placeholder = "PLACEHOLDER"
|
|
|
|
|
|
|
|
|
|
placeholders = args.each_with_index.map do |arg, index|
|
|
|
|
|
arg =~ format ? "#{placeholder}#{index}" : arg
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
url = send(method, *placeholders)
|
|
|
|
|
|
|
|
|
|
args.each_with_index do |arg, index|
|
|
|
|
|
url.sub!("#{placeholder}#{index}", arg) if arg =~ format
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
url
|
|
|
|
|
end
|
2011-05-13 05:48:18 +08:00
|
|
|
end
|