From 49502e9573cb3af68db343e5e998e515912456a1 Mon Sep 17 00:00:00 2001
From: Matheus <luis.oliveira@instructure.com>
Date: Mon, 28 Aug 2023 12:40:02 -0300
Subject: [PATCH] Make the header for embedded unauthorized render an h3

fixes LF-618
flag=none

Test plan:
- Access a page you have no access to
- Check that the unauthorized message
  appears with the usual H1 (only one
  in the page).
- Access a page which you do have acces
  to, with a media you don't.
- Check that the unauthorized message
  inside the iframe uses an H3 and not
  an H1.

Change-Id: I0fc9bebf786eaef9f93b9d3dc73b18d8211c315c
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/326323
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Juan Chavez <juan.chavez@instructure.com>
Reviewed-by: Mysti Lilla <mysti@instructure.com>
QA-Review: Mysti Lilla <mysti@instructure.com>
Product-Review: Luis Oliveira <luis.oliveira@instructure.com>
---
 app/views/shared/unauthorized.html.erb          |  6 +++++-
 spec/views/shared/unauthorized.html.erb_spec.rb | 12 ++++++++++++
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/app/views/shared/unauthorized.html.erb b/app/views/shared/unauthorized.html.erb
index e344b84886f..ec6a43a86fd 100644
--- a/app/views/shared/unauthorized.html.erb
+++ b/app/views/shared/unauthorized.html.erb
@@ -32,7 +32,11 @@
       <h1><%= t('headings.unpublished', %{Not Yet Available}) %></h1>
     <% else %>
       <img class="ic-Error-img" role="presentation" alt="" aria-hidden="true" src="/images/401_permissions.svg">
-      <h1><%= t("Access Denied") %></h1>
+      <% if request.query_parameters[:embedded] %>
+        <h3><%= t("Access Denied") %></h3>
+      <% else %>
+        <h1><%= t("Access Denied") %></h1>
+      <% end %>
     <% end %>
     <% if @unauthorized_message %>
       <p><%= @unauthorized_message %></p>
diff --git a/spec/views/shared/unauthorized.html.erb_spec.rb b/spec/views/shared/unauthorized.html.erb_spec.rb
index 2511bfdc69b..d58e8e4156a 100644
--- a/spec/views/shared/unauthorized.html.erb_spec.rb
+++ b/spec/views/shared/unauthorized.html.erb_spec.rb
@@ -26,5 +26,17 @@ describe "shared/unauthorized" do
     view_context
     render "shared/unauthorized"
     expect(response).not_to be_nil
+    page = Nokogiri(response.body)
+    expect(page.css("h1").first).not_to be_nil
+  end
+
+  it "renders embedded with proper headers" do
+    course_with_student
+    view_context
+    controller.request.query_parameters[:embedded] = true
+    render "shared/unauthorized"
+    page = Nokogiri(response.body)
+    expect(page.css("h3").first).not_to be_nil
+    expect(page.css("h1").first).to be_nil
   end
 end