Suppress submission body in GQL if can't see grade
fixes EVAL-1258
flag=none
Test plan:
- Have a course with a student
- Create a quiz (in old quizzes)
- In the Gradebook, change the quiz to be manually posted
- As the student, take and submit the quiz
- In a Rails console, look up the submission ID of that student's
submission
- As the student, submit a GraphQL request for that submission ID:
query MyQuery {
submission(id: "<submission id>") {
id
body
score
submissionHistoriesConnection(first: 10) {
nodes {
body
score
}
}
}
}
- The "body" attribute, in both the submission itself and the history
nodes, should be returned as null
- As the teacher, run the same query and check that you do get a
response for the body
- As the teacher, post grades for the quiz in Gradebook
- Re-run the query as the student and check that the body attribute is
now populated
Change-Id: I09c968a509fbf0510ad4e5f07e4c63f1d74eb9bd
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/249727
Reviewed-by: Gary Mei <gmei@instructure.com>
Reviewed-by: Syed Hussain <shussain@instructure.com>
Reviewed-by: Spencer Olson <solson@instructure.com>
QA-Review: Gary Mei <gmei@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Product-Review: Syed Hussain <shussain@instructure.com>
This commit is contained in:
Adrian Packel
parent
e9c60dec02
commit
1563b8f53e
|
|
@ -222,6 +222,9 @@ module Interfaces::SubmissionInterface
|
|||
def body
|
||||
Loaders::AssociationLoader.for(Submission, :assignment).load(submission).then do |assignment|
|
||||
Loaders::AssociationLoader.for(Assignment, :context).load(assignment).then do
|
||||
# The "body" of submissions for (old) quiz assignments includes grade
|
||||
# information, so exclude it if the caller can't see the grade
|
||||
if !assignment.quiz? || submission.user_can_read_grade?(current_user, session)
|
||||
Loaders::ApiContentAttachmentLoader.for(assignment.context).load(object.body).then do |preloaded_attachments|
|
||||
GraphQLHelpers::UserContent.process(
|
||||
object.body,
|
||||
|
|
@ -235,6 +238,7 @@ module Interfaces::SubmissionInterface
|
|||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
field :media_object, Types::MediaObjectType, null: true
|
||||
def media_object
|
||||
|
|
|
|||
|
|
@ -144,6 +144,49 @@ describe Types::SubmissionType do
|
|||
end
|
||||
end
|
||||
|
||||
describe "body" do
|
||||
before(:each) do
|
||||
allow(GraphQLHelpers::UserContent).to receive(:process).and_return("bad")
|
||||
end
|
||||
|
||||
context "for a quiz" do
|
||||
let(:quiz) do
|
||||
quiz_with_submission
|
||||
@quiz
|
||||
end
|
||||
let(:assignment) { quiz.assignment }
|
||||
let(:submission) { assignment.submission_for_student(@student) }
|
||||
|
||||
let(:submission_type_for_student) { GraphQLTypeTester.new(submission, current_user: @student) }
|
||||
let(:submission_type_for_teacher) { GraphQLTypeTester.new(submission, current_user: @teacher) }
|
||||
|
||||
before(:each) do
|
||||
assignment.hide_submissions
|
||||
end
|
||||
|
||||
context "when the quiz is not posted" do
|
||||
it "returns nil for users who cannot read the grade" do
|
||||
expect(submission_type_for_student.resolve("body")).to be nil
|
||||
end
|
||||
|
||||
it "returns a value for users who can read the grade" do
|
||||
expect(submission_type_for_teacher.resolve("body")).to eq "bad"
|
||||
end
|
||||
end
|
||||
|
||||
it "returns the value of the body for a posted quiz" do
|
||||
assignment.post_submissions
|
||||
expect(submission_type_for_student.resolve("body")).to eq "bad"
|
||||
end
|
||||
end
|
||||
|
||||
it "returns the value of the body for a non-quiz assignment" do
|
||||
@submission.update!(body: "bad")
|
||||
submission_type = GraphQLTypeTester.new(@submission, current_user: @student)
|
||||
expect(submission_type.resolve("body")).to eq "bad"
|
||||
end
|
||||
end
|
||||
|
||||
describe "submissionStatus" do
|
||||
before do
|
||||
quiz_with_submission
|
||||
|
|
|
|||
Loading…
Reference in New Issue