ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

don't allow concluded users reply to their own entries 

fixes VICE-2162
flag=none

test plan:
  - enable the discussion redesign flag
  - enroll a student in a course with a discussion topic
  - as that student, make a parent and child post
    - the reply/quote buttons should show up correctly
  - conclude that user's enrollement
    - Enrollment.find_by(user_id: <uid>, course_id: <cid>).conclude
  - refresh the page
    - the reply/quote buttons should no longer show up

qa risk: low

Change-Id: Ib1bcde8d89be55702bbf8e8668573a69bca8d476
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/276441
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Omar Soto-Fortuño <omar.soto@instructure.com>
QA-Review: Omar Soto-Fortuño <omar.soto@instructure.com>
Product-Review: Omar Soto-Fortuño <omar.soto@instructure.com>
This commit is contained in:
Davis Hyer 2021-10-20 16:17:34 -06:00
parent 3a80c3caa6
commit 6e7cbcd7ff
2 changed files with 19 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
app/models/discussion_entry.rb
View File

@ -314,7 +314,7 @@ class DiscussionEntry < ActiveRecord::Base
given { |user| self.user && self.user == user }
can :read
given { |user| self.user && self.user == user && self.discussion_topic.available_for?(user) }
given { |user| self.user && self.user == user && self.discussion_topic.available_for?(user) && self.discussion_topic.can_participate_in_course?(user) }
can :reply
given { |user| self.user && self.user == user && self.discussion_topic.available_for?(user) && context.user_can_manage_own_discussion_posts?(user) }

19
spec/models/discussion_entry_spec.rb
View File

@ -21,7 +21,7 @@
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper.rb')
describe DiscussionEntry do
let(:topic) { @course.discussion_topics.create! }
let(:topic) { discussion_topic_model }
describe 'callback lifecycle' do
before(:once) do
@ -805,4 +805,21 @@ describe DiscussionEntry do
expect(@student.cache_key).not_to eql(cache_key)
end
end
describe 'permissions' do
let(:user) { user_model }
let(:entry) { topic.discussion_entries.create!(message: "Hello!", user: user) }
describe 'reply' do
context 'when a user is no longer enrolled in the course' do
before do
create_enrollment(topic.course, user, { enrollment_state: "completed" })
end
it 'returns false for their own posts' do
expect(entry.grants_right?(user, :reply)).to eq false
end
end
end
end
end