ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
canvas-lms/lib/api/v1/group.rb

64 lines
2.4 KiB
Ruby
Raw Normal View History

Initial commit. closes #6988138
2011-02-01 09:57:29 +08:00
#
# Copyright (C) 2011 Instructure, Inc.
#
# This file is part of Canvas.
#
# Canvas is free software: you can redistribute it and/or modify it under
# the terms of the GNU Affero General Public License as published by the Free
# Software Foundation, version 3 of the License.
#
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
calendar and scheduler apis; refs #3395 Change-Id: I0bafb21630086ff2a99b8b881568bff51afabedc Reviewed-on: https://gerrit.instructure.com/7823 Tested-by: Hudson <hudson@instructure.com> Reviewed-by: Brian Palmer <brianp@instructure.com> Reviewed-by: Zach Wily <zach@instructure.com>
2012-01-04 04:30:49 +08:00
module Api::V1::Group
include Api::V1::Json
api: list current user's groups; closes #4749 an api endpoint which lists the active groups for which the current user is an active member. test plan: - hit /api/v1/users/self/groups - you should get back the groups you belong to Change-Id: Iace05a70f4a77af0cebbb7dbaa3e6f77eb6785c8 Reviewed-on: https://gerrit.instructure.com/12230 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-07-14 02:33:15 +08:00
include Api::V1::Context
Initial commit. closes #6988138
2011-02-01 09:57:29 +08:00
basic groups api; refs #8598 this adds show/create/edit/delete api actions for groups. currently create only allows creating community groups. the changes to these controller functions should be backwards compatible with course and student groups. anyone should be able to create a community (for now), but only moderators or account admins are allowed to edit/delete them. test plan: - test the four api actions from the command line - make sure managing course and student groups still works (there should be no visible changes here) Change-Id: I9cac73ab434b0ba464ecfe399ab42174eff9b48a Reviewed-on: https://gerrit.instructure.com/11148 Reviewed-by: Brian Palmer <brianp@instructure.com> Tested-by: Jenkins <jenkins@instructure.com>
2012-05-30 06:55:40 +08:00
API_GROUP_JSON_OPTS = {
:only => %w(id name description is_public join_level group_category_id),
add ability to set/retrieve storage quota to groups API fixes CNVS-4782 note that setting quotas requires the manage_storage_quotas permission; not everybody who can create a group has the right to set the storage quota for that group test plan: * view the API documentation and notice the new 'storage_quota_mb' field, which represents the group's storage quota, in megabytes * as an account admin, - retrieve a group via the API; verify the storage_quota_mb field is returned - create a group via the API, setting storage_quota_mb; verify the value was set properly - update a group via the API, setting storage_quota_mb; verify the value was set properly * as a teacher, - retrieve a group via the API; verify the storage_quota_mb field is returned - create a group via the API, setting storage_quota_mb; verify the value was ignored (but the other values were accepted) - update a group via the API, setting storage_quota_mb; verify the value was ignored (but the other values were accepted) Change-Id: Ia0c6c2ac2cbe85289a2e18d16589e4fe04b08a30 Reviewed-on: https://gerrit.instructure.com/18919 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Bracken Mosbacker <bracken@instructure.com> QA-Review: Adam Phillipps <adam@instructure.com> Product-Review: Bracken Mosbacker <bracken@instructure.com>
2013-03-22 07:03:24 +08:00
:methods => %w(members_count storage_quota_mb),
basic groups api; refs #8598 this adds show/create/edit/delete api actions for groups. currently create only allows creating community groups. the changes to these controller functions should be backwards compatible with course and student groups. anyone should be able to create a community (for now), but only moderators or account admins are allowed to edit/delete them. test plan: - test the four api actions from the command line - make sure managing course and student groups still works (there should be no visible changes here) Change-Id: I9cac73ab434b0ba464ecfe399ab42174eff9b48a Reviewed-on: https://gerrit.instructure.com/11148 Reviewed-by: Brian Palmer <brianp@instructure.com> Tested-by: Jenkins <jenkins@instructure.com>
2012-05-30 06:55:40 +08:00
}
group join/leave/invite api allow users to join, or request to join groups and leave groups they are part of, if the group allows those actions. allow moderators to invite others to the group by email address. allows moderators to add or remove moderator privleges of other group members. test plan: - no ui yet, so try these api actions manually and make sure they do the right thing. Change-Id: I2765f07acb131e503add67b0daa37f18fdbde6c2 Reviewed-on: https://gerrit.instructure.com/11229 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Simon Williams <simon@instructure.com>
2012-06-02 03:18:32 +08:00
API_GROUP_MEMBERSHIP_JSON_OPTS = {
:only => %w(id group_id user_id workflow_state moderator)
}
Add a permission option in the api to return if the user can create topics. closes CNVS-6824 This adds a permissions attribute to the returned json for discussion topic contexts (Course, Group). The permissions attribute contains an optional permission of "create_discission_topic" which returns true or false depending on whether the current user can create discussion topics for the course or group. For performance reasons this is only added to a single course/group json and not in lists so the only call that will return it is /api/v1/<context>/<context_id> where context is a course or group. Since we did not want to include this on every response its a custom permissions attribute for course and groups in the course_json or group_json serialization methods. Using the includes parameter for the API supplying a value of "permissions" will include the permissions with "create_discussion_topic" for a group and course. When the object is serialized to json it checked to see if the model implements a serialize_permissions method and calls that to render or override permissions generated from the policies. - Create a test Course. Make sure the course allows members to post topics. - Add a student to the course. - Make a call to /api/v1/courses/<id> where "<id>" is the id of the created course. - The response should include a permissions attribute with a boolean value for "create_discission_topic" see the example below. - Make a call to /api/v1/courses to return a list of course objects. - The permissions attribute should not be included in the response. - Create a test Group tied to the course created in the first step. - Add a mamber to the group. - Make a call to /api/v1/groups/<id> where "<id>" is the id of the created group. - The response should include a permissions attribute with a boolean value for "create_discission_topic" see the example below. - Make a call to /api/v1/groups to return a list of group objects. - The permissions attribute should not be included in the response. Example Response: { id: 42, ... permissions: { create_discission_topic: true } } Change-Id: Ia02d5aa67e345740a93dd0f63e357e7cb5e1efd6 Reviewed-on: https://gerrit.instructure.com/24478 Reviewed-by: Jacob Fugal <jacob@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Nick Cloward <ncloward@instructure.com>
2013-09-18 06:24:57 +08:00
API_PERMISSIONS_TO_INCLUDE = %w(create_discussion_topic)
calendar and scheduler apis; refs #3395 Change-Id: I0bafb21630086ff2a99b8b881568bff51afabedc Reviewed-on: https://gerrit.instructure.com/7823 Tested-by: Hudson <hudson@instructure.com> Reviewed-by: Brian Palmer <brianp@instructure.com> Reviewed-by: Zach Wily <zach@instructure.com>
2012-01-04 04:30:49 +08:00
def group_json(group, user, session, options = {})
Add a permission option in the api to return if the user can create topics. closes CNVS-6824 This adds a permissions attribute to the returned json for discussion topic contexts (Course, Group). The permissions attribute contains an optional permission of "create_discission_topic" which returns true or false depending on whether the current user can create discussion topics for the course or group. For performance reasons this is only added to a single course/group json and not in lists so the only call that will return it is /api/v1/<context>/<context_id> where context is a course or group. Since we did not want to include this on every response its a custom permissions attribute for course and groups in the course_json or group_json serialization methods. Using the includes parameter for the API supplying a value of "permissions" will include the permissions with "create_discussion_topic" for a group and course. When the object is serialized to json it checked to see if the model implements a serialize_permissions method and calls that to render or override permissions generated from the policies. - Create a test Course. Make sure the course allows members to post topics. - Add a student to the course. - Make a call to /api/v1/courses/<id> where "<id>" is the id of the created course. - The response should include a permissions attribute with a boolean value for "create_discission_topic" see the example below. - Make a call to /api/v1/courses to return a list of course objects. - The permissions attribute should not be included in the response. - Create a test Group tied to the course created in the first step. - Add a mamber to the group. - Make a call to /api/v1/groups/<id> where "<id>" is the id of the created group. - The response should include a permissions attribute with a boolean value for "create_discission_topic" see the example below. - Make a call to /api/v1/groups to return a list of group objects. - The permissions attribute should not be included in the response. Example Response: { id: 42, ... permissions: { create_discission_topic: true } } Change-Id: Ia02d5aa67e345740a93dd0f63e357e7cb5e1efd6 Reviewed-on: https://gerrit.instructure.com/24478 Reviewed-by: Jacob Fugal <jacob@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Nick Cloward <ncloward@instructure.com>
2013-09-18 06:24:57 +08:00
includes = options[:include] || []
permissions_to_include = API_PERMISSIONS_TO_INCLUDE if includes.include?('permissions')
hash = api_json(group, user, session, API_GROUP_JSON_OPTS, permissions_to_include)
api: list current user's groups; closes #4749 an api endpoint which lists the active groups for which the current user is an active member. test plan: - hit /api/v1/users/self/groups - you should get back the groups you belong to Change-Id: Iace05a70f4a77af0cebbb7dbaa3e6f77eb6785c8 Reviewed-on: https://gerrit.instructure.com/12230 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-07-14 02:33:15 +08:00
hash.merge!(context_data(group))
add avatar_attachment to groups give groups an avatar, and add a way to set the avatar in the api. test plan: - add an image to the group's files (either through api or web) - use the group api update action to set the avatar - make sure the resulting object has a valid, non-nil avatar_url Change-Id: I7db62615e65800fca9caba81c2de67a59bccf5f7 Reviewed-on: https://gerrit.instructure.com/11208 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Simon Williams <simon@instructure.com>
2012-06-02 00:24:41 +08:00
image = group.avatar_attachment
hash['avatar_url'] = image && thumbnail_image_url(image, image.uuid)
add ability to set/retrieve storage quota to groups API fixes CNVS-4782 note that setting quotas requires the manage_storage_quotas permission; not everybody who can create a group has the right to set the storage quota for that group test plan: * view the API documentation and notice the new 'storage_quota_mb' field, which represents the group's storage quota, in megabytes * as an account admin, - retrieve a group via the API; verify the storage_quota_mb field is returned - create a group via the API, setting storage_quota_mb; verify the value was set properly - update a group via the API, setting storage_quota_mb; verify the value was set properly * as a teacher, - retrieve a group via the API; verify the storage_quota_mb field is returned - create a group via the API, setting storage_quota_mb; verify the value was ignored (but the other values were accepted) - update a group via the API, setting storage_quota_mb; verify the value was ignored (but the other values were accepted) Change-Id: Ia0c6c2ac2cbe85289a2e18d16589e4fe04b08a30 Reviewed-on: https://gerrit.instructure.com/18919 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Bracken Mosbacker <bracken@instructure.com> QA-Review: Adam Phillipps <adam@instructure.com> Product-Review: Bracken Mosbacker <bracken@instructure.com>
2013-03-22 07:03:24 +08:00
hash['role'] = group.group_category.role if group.group_category
Remove unused collections stuff This was a beta api that didn't work out. Test plan: canvas should still work (sorry, this touches lots of stuff) Change-Id: I31680b83f72f6d739ce74735ba40d7a760debb33 Reviewed-on: https://gerrit.instructure.com/29506 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Jon Jensen <jon@instructure.com> QA-Review: Caleb Guanzon <cguanzon@instructure.com> Product-Review: Cameron Matheson <cameron@instructure.com>
2014-01-31 03:23:21 +08:00
Add a permission option in the api to return if the user can create topics. closes CNVS-6824 This adds a permissions attribute to the returned json for discussion topic contexts (Course, Group). The permissions attribute contains an optional permission of "create_discission_topic" which returns true or false depending on whether the current user can create discussion topics for the course or group. For performance reasons this is only added to a single course/group json and not in lists so the only call that will return it is /api/v1/<context>/<context_id> where context is a course or group. Since we did not want to include this on every response its a custom permissions attribute for course and groups in the course_json or group_json serialization methods. Using the includes parameter for the API supplying a value of "permissions" will include the permissions with "create_discussion_topic" for a group and course. When the object is serialized to json it checked to see if the model implements a serialize_permissions method and calls that to render or override permissions generated from the policies. - Create a test Course. Make sure the course allows members to post topics. - Add a student to the course. - Make a call to /api/v1/courses/<id> where "<id>" is the id of the created course. - The response should include a permissions attribute with a boolean value for "create_discission_topic" see the example below. - Make a call to /api/v1/courses to return a list of course objects. - The permissions attribute should not be included in the response. - Create a test Group tied to the course created in the first step. - Add a mamber to the group. - Make a call to /api/v1/groups/<id> where "<id>" is the id of the created group. - The response should include a permissions attribute with a boolean value for "create_discission_topic" see the example below. - Make a call to /api/v1/groups to return a list of group objects. - The permissions attribute should not be included in the response. Example Response: { id: 42, ... permissions: { create_discission_topic: true } } Change-Id: Ia02d5aa67e345740a93dd0f63e357e7cb5e1efd6 Reviewed-on: https://gerrit.instructure.com/24478 Reviewed-by: Jacob Fugal <jacob@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Nick Cloward <ncloward@instructure.com>
2013-09-18 06:24:57 +08:00
if includes.include?('users')
api: list current user's groups; closes #4749 an api endpoint which lists the active groups for which the current user is an active member. test plan: - hit /api/v1/users/self/groups - you should get back the groups you belong to Change-Id: Iace05a70f4a77af0cebbb7dbaa3e6f77eb6785c8 Reviewed-on: https://gerrit.instructure.com/12230 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Brian Palmer <brianp@instructure.com>
2012-07-14 02:33:15 +08:00
# TODO: this should be switched to user_display_json
calendar and scheduler apis; refs #3395 Change-Id: I0bafb21630086ff2a99b8b881568bff51afabedc Reviewed-on: https://gerrit.instructure.com/7823 Tested-by: Hudson <hudson@instructure.com> Reviewed-by: Brian Palmer <brianp@instructure.com> Reviewed-by: Zach Wily <zach@instructure.com>
2012-01-04 04:30:49 +08:00
hash['users'] = group.users.map{ |u| user_json(u, user, session) }
end
Add a permission option in the api to return if the user can create topics. closes CNVS-6824 This adds a permissions attribute to the returned json for discussion topic contexts (Course, Group). The permissions attribute contains an optional permission of "create_discission_topic" which returns true or false depending on whether the current user can create discussion topics for the course or group. For performance reasons this is only added to a single course/group json and not in lists so the only call that will return it is /api/v1/<context>/<context_id> where context is a course or group. Since we did not want to include this on every response its a custom permissions attribute for course and groups in the course_json or group_json serialization methods. Using the includes parameter for the API supplying a value of "permissions" will include the permissions with "create_discussion_topic" for a group and course. When the object is serialized to json it checked to see if the model implements a serialize_permissions method and calls that to render or override permissions generated from the policies. - Create a test Course. Make sure the course allows members to post topics. - Add a student to the course. - Make a call to /api/v1/courses/<id> where "<id>" is the id of the created course. - The response should include a permissions attribute with a boolean value for "create_discission_topic" see the example below. - Make a call to /api/v1/courses to return a list of course objects. - The permissions attribute should not be included in the response. - Create a test Group tied to the course created in the first step. - Add a mamber to the group. - Make a call to /api/v1/groups/<id> where "<id>" is the id of the created group. - The response should include a permissions attribute with a boolean value for "create_discission_topic" see the example below. - Make a call to /api/v1/groups to return a list of group objects. - The permissions attribute should not be included in the response. Example Response: { id: 42, ... permissions: { create_discission_topic: true } } Change-Id: Ia02d5aa67e345740a93dd0f63e357e7cb5e1efd6 Reviewed-on: https://gerrit.instructure.com/24478 Reviewed-by: Jacob Fugal <jacob@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Nick Cloward <ncloward@instructure.com>
2013-09-18 06:24:57 +08:00
hash['html_url'] = group_url(group) if includes.include? 'html_url'
sis_group_id support in both requests and responses test plan: * in all group and group membership apis, it should be able to use the sis id of the group instead of the canvas id (sis ids are only supported on account level groups) * in api responses that return groups, it should include the sis_group_id if the calling user can read sis data at the root account level Change-Id: I439bf2d33661ed128a75c759c304c897fe0fc38b Reviewed-on: https://gerrit.instructure.com/21612 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Jacob Fugal <jacob@instructure.com> QA-Review: Jeremy Putnam <jeremyp@instructure.com> Product-Review: Cody Cutrer <cody@instructure.com>
2013-06-20 11:38:00 +08:00
hash['sis_group_id'] = group.sis_source_id if group.context_type == 'Account' && group.root_account.grants_rights?(user, session, :read_sis, :manage_sis).values.any?
add sis_import_id to groups api refs CNVS-10408 test plan - import groups through SIS - create groups manually - GET /api/v1/accounts/:account_id/groups should have sis_import_id if you have permissions to see it - check that sis_import_id is in api docs Change-Id: Ibbd63c076835440b760952343d150ce986a386fd Reviewed-on: https://gerrit.instructure.com/29943 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Cody Cutrer <cody@instructure.com> QA-Review: August Thornton <august@instructure.com> Product-Review: Rob Orton <rob@instructure.com>
2014-02-11 08:09:06 +08:00
hash['sis_import_id'] = group.sis_batch_id if group.context_type == 'Account' && group.root_account.grants_right?(user, session, :manage_sis)
calendar and scheduler apis; refs #3395 Change-Id: I0bafb21630086ff2a99b8b881568bff51afabedc Reviewed-on: https://gerrit.instructure.com/7823 Tested-by: Hudson <hudson@instructure.com> Reviewed-by: Brian Palmer <brianp@instructure.com> Reviewed-by: Zach Wily <zach@instructure.com>
2012-01-04 04:30:49 +08:00
hash
Initial commit. closes #6988138
2011-02-01 09:57:29 +08:00
end
group join/leave/invite api allow users to join, or request to join groups and leave groups they are part of, if the group allows those actions. allow moderators to invite others to the group by email address. allows moderators to add or remove moderator privleges of other group members. test plan: - no ui yet, so try these api actions manually and make sure they do the right thing. Change-Id: I2765f07acb131e503add67b0daa37f18fdbde6c2 Reviewed-on: https://gerrit.instructure.com/11229 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Simon Williams <simon@instructure.com>
2012-06-02 03:18:32 +08:00
support for student organized groups in new ui, fixes CNVS-8210 test plan: 1. under course settings, let students organize their own groups 2. as a student, create a group 3. as a teacher, go to the groups UI 4. the Student Groups category 1. it should be present (first tab) w/ a big notice about how it's special 2. you should see the student's group in it 3. the student should be a member 4. you should *not* be able to edit or delete the category 5. you should be able to add/edit/delete groups in the category 5. instead of "Unassigned Users", you should see "Everyone" 1. assigning a user to a group should not remove it from "Everyone" 2. removing a user from a group should not double-add it to "Everyone" 6. in large_roster view, you should be able add anyone to a group (even if already in another group) 7. you should be able to move students from group to another Change-Id: I7d4255610f353a8911c0c4f591780ff009a12998 Reviewed-on: https://gerrit.instructure.com/25911 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Landon Wilkins <lwilkins@instructure.com> Product-Review: Marc LeGendre <marc@instructure.com> QA-Review: Marc LeGendre <marc@instructure.com>
2013-11-01 06:42:38 +08:00
def group_membership_json(membership, user, session, options = {})
includes = options[:include] || []
hash = api_json(membership, user, session, API_GROUP_MEMBERSHIP_JSON_OPTS)
if includes.include?('just_created')
hash['just_created'] = membership.just_created || false
end
hash
group join/leave/invite api allow users to join, or request to join groups and leave groups they are part of, if the group allows those actions. allow moderators to invite others to the group by email address. allows moderators to add or remove moderator privleges of other group members. test plan: - no ui yet, so try these api actions manually and make sure they do the right thing. Change-Id: I2765f07acb131e503add67b0daa37f18fdbde6c2 Reviewed-on: https://gerrit.instructure.com/11229 Tested-by: Jenkins <jenkins@instructure.com> Reviewed-by: Simon Williams <simon@instructure.com>
2012-06-02 03:18:32 +08:00
end
Initial commit. closes #6988138
2011-02-01 09:57:29 +08:00
end