Add setting to prevent teachers from editing course availability

The setting is used in both the new UI and the old. With the React component a new JS environment variable was required for this specific check. fixes LS-1959 flag=none test plan: - Create a course and add a teacher - Verify the teacher can edit course availability - As a site admin, enable the prevent teachrs from editing course availability flag in account settings - As the teacher, verify you can no longer make course availability changes - Enable new course availability ui - Verify the teacher is still unable to edit course availability Change-Id: I27a1fb77a43d7cb6ff1bea48d8b01a293c05333c Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/261288 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Jackson Howe <jackson.howe@instructure.com> QA-Review: Jackson Howe <jackson.howe@instructure.com> Product-Review: Eric Saupe <eric.saupe@instructure.com>
2021-03-18 08:33:03 -07:00 · 2021-03-18 08:33:03 -07:00 · 12dd590618
parent 872961eb55
commit 12dd590618
7 changed files with 35 additions and 16 deletions
--- a/app/controllers/accounts_controller.rb
+++ b/app/controllers/accounts_controller.rb
@ -1568,10 +1568,10 @@ class AccountsController < ApplicationController
                                   :include_students_in_global_survey, :license_type,
                                   {:lock_all_announcements => [:value, :locked]}.freeze,
                                   :login_handle_name, :mfa_settings, :no_enrollments_can_create_courses,
-                                   :mobile_qr_login_is_enabled,
-                                   :open_registration, :outgoing_email_default_name,
-                                   :prevent_course_renaming_by_teachers, :restrict_quiz_questions,
-                                   {:restrict_student_future_listing => [:value, :locked]}.freeze,
+                                   :mobile_qr_login_is_enabled, :open_registration,
+                                   :outgoing_email_default_name, :prevent_course_renaming_by_teachers,
+                                   :prevent_course_availability_editing_by_teachers, :restrict_quiz_questions,
+                                   {:restrict_student_future_listing => [:value, :locked].freeze}.freeze,
                                   {:restrict_student_future_view => [:value, :locked]}.freeze,
                                   {:restrict_student_past_view => [:value, :locked]}.freeze,
                                   :self_enrollment, :show_scheduler, :sis_app_token, :sis_app_url,
--- a/app/controllers/courses_controller.rb
+++ b/app/controllers/courses_controller.rb
@ -1415,6 +1415,7 @@ class CoursesController < ApplicationController

      course_card_images_enabled = @context.feature_enabled?(:course_card_images)
      js_permissions = {
+        :manage_courses => @context.account.grants_right?(@current_user, session, :manage_courses),
        :manage_students => @context.grants_right?(@current_user, session, :manage_students),
        :manage_account_settings => @context.account.grants_right?(@current_user, session, :manage_account_settings),
        :create_tool_manually => @context.grants_right?(@current_user, session, :create_tool_manually),
@ -1450,7 +1451,8 @@ class CoursesController < ApplicationController
        NEW_FEATURES_UI: Account.site_admin.feature_enabled?(:new_features_ui),
        NEW_COURSE_AVAILABILITY_UI: @context.root_account.feature_enabled?(:new_course_availability_ui),
        RESTRICT_STUDENT_PAST_VIEW_LOCKED: @context.account.restrict_student_past_view[:locked],
-        RESTRICT_STUDENT_FUTURE_VIEW_LOCKED: @context.account.restrict_student_future_view[:locked]
+        RESTRICT_STUDENT_FUTURE_VIEW_LOCKED: @context.account.restrict_student_future_view[:locked],
+        PREVENT_COURSE_AVAILABILITY_EDITING_BY_TEACHERS: @context.root_account.settings[:prevent_course_availability_editing_by_teachers]
      })

      set_tutorial_js_env
--- a/app/jsx/bundles/course_settings.js
+++ b/app/jsx/bundles/course_settings.js
@ -70,7 +70,10 @@ const availabilityOptionsContainer = document.getElementById('availability_optio
 if (availabilityOptionsContainer) {
  ReactDOM.render(
    <CourseAvailabilityOptions
-      canManage={ENV.PERMISSIONS.manage}
+      canManage={
+        ENV.PERMISSIONS.manage_courses ||
+        (ENV.PERMISSIONS.manage && !ENV.PREVENT_COURSE_AVAILABILITY_EDITING_BY_TEACHERS)
+      }
      viewPastLocked={ENV.RESTRICT_STUDENT_PAST_VIEW_LOCKED}
      viewFutureLocked={ENV.RESTRICT_STUDENT_FUTURE_VIEW_LOCKED}
    />,
--- a/app/models/account.rb
+++ b/app/models/account.rb
@ -250,6 +250,7 @@ class Account < ActiveRecord::Base
  add_setting :support_url, :root_only => true

  add_setting :prevent_course_renaming_by_teachers, :boolean => true, :root_only => true
+  add_setting :prevent_course_availability_editing_by_teachers, :boolean => true, :root_only => true
  add_setting :login_handle_name, root_only: true
  add_setting :change_password_url, root_only: true
  add_setting :unknown_user_url, root_only: true
--- a/app/views/accounts/settings.html.erb
+++ b/app/views/accounts/settings.html.erb
@ -194,6 +194,11 @@
                    <%= settings.label :prevent_course_renaming_by_teachers, :en => "Don't let teachers rename their courses" %>
                    </td>
                  </tr>
+                  <tr>
+                    <td colspan="2"><%= settings.check_box :prevent_course_availability_editing_by_teachers, :checked => @account.settings[:prevent_course_availability_editing_by_teachers] %>
+                    <%= settings.label :prevent_course_availability_editing_by_teachers, :en => "Don't let teachers modify course availability dates" %>
+                    </td>
+                  </tr>
                  <tr>
                    <td colspan="2"><%= settings.check_box :allow_sending_scores_in_emails, :checked => @account.settings[:allow_sending_scores_in_emails] != false %>
                    <%= settings.label :allow_sending_scores_in_emails, :en => "Students can opt-in to receiving scores in email notifications" %>
--- a/app/views/courses/settings.html.erb
+++ b/app/views/courses/settings.html.erb
@ -26,6 +26,7 @@

  can_manage_courses = can_do(@context.account, @current_user, :manage_courses)
  can_rename_course = can_manage_courses || (can_manage && !@context.root_account.settings[:prevent_course_renaming_by_teachers])
+  can_change_course_availability = can_manage_courses || (can_manage && !@context.root_account.settings[:prevent_course_availability_editing_by_teachers])
  can_manage_master_courses = can_manage_courses && can_do(@context.account, @current_user, :manage_master_courses)
  has_multiple_sections = @context.course_sections.active.count > 1

@ -250,17 +251,20 @@
          </div>
        </div>
      <% else %>
-        <div class="form-row">
-          <div></div>
-          <div class="tall-row">
-            <div class="aside top-hint">
-              <%= t "Changing course dates may override term availability settings and placement in the Courses page and Dashboard. Please confirm term dates before modifying course dates." %>
+        <% if can_change_course_availability %>
+          <div class="form-row">
+            <div></div>
+            <div class="tall-row">
+              <div class="aside top-hint">
+                <%= t "Changing course dates may override term availability settings and placement in the Courses page and Dashboard. Please confirm term dates before modifying course dates." %>
+              </div>
            </div>
          </div>
-        </div><div class="form-row">
+        <% end %>
+        <div class="form-row">
          <div class="form-label"><%= f.blabel :start_at, :en => "Starts" %></div>
          <div class="nobr">
-            <% if can_manage %>
+            <% if can_change_course_availability %>
              <%= f.text_field :start_at, :class => "date_entry", :value => datetime_string(@context.start_at, :verbose) %>
            <% else %>
              <%= datetime_string(@context.start_at, :verbose) %>
@ -269,7 +273,7 @@
        </div><div class="form-row course-conclude-at-row">
          <div class="form-label"><%= f.blabel :conclude_at, :en => "Ends" %></div>
          <div class="nobr tall-row">
-            <% if can_manage %>
+            <% if can_change_course_availability %>
            <div>
              <% warning_message = t(:course_conclude_at_warning_message, "The course is currently set to end at midnight, meaning that the previous day will be the last day this course is active.") %>
              <%= f.text_field :conclude_at, :class => "date_entry", :value => datetime_string(@context.conclude_at, :verbose) %>
@ -303,11 +307,11 @@
          <div class="tall-row">
            <div class="nobr" role="group" aria-describedby="restrict-view-description">
              <div class="checkbox-flex-container">
-                <%= f.check_box :restrict_student_past_view, :disabled => !can_manage || @context.account.restrict_student_past_view[:locked] %>
+                <%= f.check_box :restrict_student_past_view, :disabled => !can_manage || @context.account.restrict_student_past_view[:locked] || !can_change_course_availability %>
                <%= f.label :restrict_student_past_view, :en => "Restrict students from viewing this course after end date" %>
              </div>
              <div class="checkbox-flex-container">
-                <%= f.check_box :restrict_student_future_view, :disabled => !can_manage || @context.account.restrict_student_future_view[:locked] %>
+                <%= f.check_box :restrict_student_future_view, :disabled => !can_manage || @context.account.restrict_student_future_view[:locked] || !can_change_course_availability %>
                <%= f.label :restrict_student_future_view, :en => "Restrict students from viewing this course before start date" %>
              </div>
            </div>
--- a/spec/selenium/admin/admin_settings_tab_spec.rb
+++ b/spec/selenium/admin/admin_settings_tab_spec.rb
@ -151,6 +151,10 @@ describe "admin settings tab" do
      check_box_verifier("#account_settings_prevent_course_renaming_by_teachers", :prevent_course_renaming_by_teachers)
    end

+    it "should click on don't let teachers change availability on their courses" do
+      check_box_verifier("#account_settings_prevent_course_availability_editing_by_teachers", :prevent_course_availability_editing_by_teachers)
+    end
+
    it "should uncheck 'students can opt-in to receiving scores in email notifications' " do
      check_box_verifier("#account_settings_allow_sending_scores_in_emails", :allow_sending_scores_in_emails, false)
    end