Revert "Check sub accounts for course creation permissions"

This reverts commit I2af1ad88d522a6125e9d521bf36267ee7e81e1a5 refs LS-3519 Reason for revert: Teachers with account memberships with no course creation rights lost their ability to create courses even with "Teacher can create courses" ON. Change-Id: I2df23e6a54f072d34f1001f6d1271988a86e0d61 Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/302823 Reviewed-by: Robin Kuss <rkuss@instructure.com> QA-Review: Robin Kuss <rkuss@instructure.com> Product-Review: Luis Oliveira <luis.oliveira@instructure.com> Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
2022-10-07 18:14:56 -03:00 · 2022-10-07 18:14:56 -03:00 · 1811885320
parent 44ab0a1660
commit 1811885320
7 changed files with 18 additions and 61 deletions
--- a/app/controllers/courses_controller.rb
+++ b/app/controllers/courses_controller.rb
@ -508,11 +508,14 @@ class CoursesController < ApplicationController
          css_bundle :context_list, :course_list
          js_bundle :course_list

+          create_permission_root_account = @current_user.create_courses_right(@domain_root_account)
+          create_permission_mcc_account = @current_user.create_courses_right(@domain_root_account.manually_created_courses_account)
+
          js_env({
                   CREATE_COURSES_PERMISSIONS: {
-                     PERMISSION: ccr = @current_user.create_courses_right(@current_user.sub_account_for_course_creation(@domain_root_account)),
-                     RESTRICT_TO_MCC_ACCOUNT: ccr && !@domain_root_account.grants_any_right?(@current_user, session, :manage_courses, :create_courses)
-                   },
+                     PERMISSION: create_permission_root_account || create_permission_mcc_account,
+                     RESTRICT_TO_MCC_ACCOUNT: !!(!create_permission_root_account && create_permission_mcc_account)
+                   }
                 })

          set_k5_mode(require_k5_theme: true)
@ -822,7 +825,8 @@ class CoursesController < ApplicationController
  #
  # @returns Course
  def create
-    @account = params[:account_id] ? api_find(Account, params[:account_id]) : @current_user.sub_account_for_course_creation(@domain_root_account)
+    @account = params[:account_id] ? api_find(Account, params[:account_id]) : @domain_root_account.manually_created_courses_account
+
    if authorized_action(@account, @current_user, [:manage_courses, :create_courses])
      params[:course] ||= {}
      params_for_create = course_params
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -523,6 +523,8 @@ class UsersController < ApplicationController
    js_env({ K5_USER: k5_user && !k5_disabled }, true)

    # things needed on both k5 and classic dashboards
+    create_permission_root_account = @current_user.create_courses_right(@domain_root_account)
+    create_permission_mcc_account = @current_user.create_courses_right(@domain_root_account.manually_created_courses_account)
    js_env({
             PREFERENCES: {
               dashboard_view: @current_user.dashboard_view(@domain_root_account),
@ -534,8 +536,8 @@ class UsersController < ApplicationController
             STUDENT_PLANNER_GROUPS: planner_enabled? && map_groups_for_planner(@current_user.current_groups),
             ALLOW_ELEMENTARY_DASHBOARD: k5_disabled && k5_user,
             CREATE_COURSES_PERMISSIONS: {
-               PERMISSION: ccr = @current_user.create_courses_right(@current_user.sub_account_for_course_creation(@domain_root_account)),
-               RESTRICT_TO_MCC_ACCOUNT: ccr && !@domain_root_account.grants_any_right?(@current_user, session, :manage_courses, :create_courses)
+               PERMISSION: create_permission_root_account || create_permission_mcc_account,
+               RESTRICT_TO_MCC_ACCOUNT: !!(!create_permission_root_account && create_permission_mcc_account)
             },
             OBSERVED_USERS_LIST: observed_users_list,
             CAN_ADD_OBSERVEE: @current_user
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -493,7 +493,12 @@ module ApplicationHelper
  def show_user_create_course_button(user, account = nil)
    return true if account&.grants_any_right?(user, session, :manage_courses, :create_courses)

-    user&.sub_account_for_course_creation(@domain_root_account)&.grants_any_right?(user, session, :manage_courses, :create_courses)
+    @domain_root_account.manually_created_courses_account.grants_any_right?(
+      user,
+      session,
+      :manage_courses,
+      :create_courses
+    )
  end

  # Public: Create HTML for a sidebar button w/ icon.
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -1909,12 +1909,6 @@ class User < ActiveRecord::Base
    pseudonym.account rescue Account.default
  end

-  def sub_account_for_course_creation(domain_root_account)
-    Rails.cache.fetch_with_batched_keys(["sub_account_for_course_creation", domain_root_account].cache_key, batch_object: self, batched_keys: %i[account_users]) do
-      account_users.active.detect { |au| break au if au.root_account_id == domain_root_account.id }&.account || domain_root_account.manually_created_courses_account
-    end
-  end
-
  def courses_with_primary_enrollment(association = :current_and_invited_courses, enrollment_uuid = nil, options = {})
    cache_key = [association, enrollment_uuid, options].cache_key
    @courses_with_primary_enrollment ||= {}
--- a/spec/controllers/courses_controller_spec.rb
+++ b/spec/controllers/courses_controller_spec.rb
@ -2334,14 +2334,6 @@ describe CoursesController do
           }
    end

-    it "correctly checks a sub-account admin's permission" do
-      @sub_account = Account.create!(name: "sub_account", parent_account: @account)
-      @sub_admin = account_admin_user(account: @sub_account)
-      user_session @sub_admin
-      expect(Auditors::Course).to receive(:record_created)
-      post "create", params: { course: { name: "whatever" } }
-    end
-
    it "sets the visibility settings when we have permission" do
      post "create",
           params: {
--- a/spec/helpers/application_helper_spec.rb
+++ b/spec/helpers/application_helper_spec.rb
@ -96,15 +96,6 @@ describe ApplicationHelper do
      account_admin_user
      expect(show_user_create_course_button(@admin)).to be_truthy
    end
-
-    it "works for a sub-account admin" do
-      @sub_account = Account.create!(parent_account: @domain_root_account)
-      @sub_sub_account = Account.create!(parent_account: @sub_account)
-      @sub_admin = account_admin_user(account: @sub_account)
-      @sub_sub_admin = account_admin_user(account: @sub_sub_account)
-      expect(show_user_create_course_button(@sub_admin)).to be_truthy
-      expect(show_user_create_course_button(@sub_sub_admin)).to be_truthy
-    end
  end

  describe "tomorrow_at_midnight" do
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@ -744,37 +744,6 @@ describe User do
    end
  end

-  describe "#course_creation_rights?" do
-    it "return appropriately for lower level admins" do
-      @sub_account = Account.create!(parent_account: Account.default)
-      @sub_sub_account = Account.create!(parent_account: @sub_account)
-      @sub_sub_admin = account_admin_user(account: @sub_sub_account)
-      expect(@sub_sub_admin.sub_account_for_course_creation(Account.default)).to eq @sub_sub_account
-    end
-
-    it "return appropriately for teachers and students when applicable" do
-      @c = Course.create!
-      Account.default.update_attribute(:settings, { teachers_can_create_courses: true, students_can_create_courses: true })
-      @student = student_in_course(name: "Student", course: @c, enrollment_state: :active).user
-      @teacher = teacher_in_course(name: "Teacher", course: @c, enrollment_state: :active).user
-      expect(@student.sub_account_for_course_creation(Account.default)).to eq Account.default.manually_created_courses_account
-      expect(@teacher.sub_account_for_course_creation(Account.default)).to eq Account.default.manually_created_courses_account
-    end
-
-    it "caches the account properly" do
-      skip "Unskip in LS-3347"
-      enable_cache do
-        @sub_account = Account.create!(parent_account: Account.default)
-        @sub_admin = account_admin_user(account: @sub_account)
-        expect(Rails.cache.read(["sub_account_for_course_creation", Account.default, @sub_admin])).to be_falsey
-        @sub_admin.sub_account_for_course_creation Account.default
-        expect(Rails.cache.read(["sub_account_for_course_creation", Account.default, @sub_admin])).to be_truthy
-        Account.default.account_users.create!(user: @sub_admin)
-        expect(Rails.cache.read(["sub_account_for_course_creation", Account.default, @sub_admin])).to be_falsey
-      end
-    end
-  end
-
  describe "#courses_with_primary_enrollment" do
    it "returns appropriate courses with primary enrollment" do
      user_factory