grant :read on rubric assessments to users with :view_all_grades

test plan: a user in a custom account role that enables "View all grades" permission, but does _not_ enable "Manage courses", should be able to view grader comments on a rubric in SpeedGrader fixes CNVS-5563 Change-Id: Ib80bb49aaa6db0bf54c131e5917b5c8f5caa1f8a Reviewed-on: https://gerrit.instructure.com/57246 Tested-by: Jenkins Reviewed-by: James Williams <jamesw@instructure.com> QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com> Product-Review: Jeremy Stanley <jeremy@instructure.com>
2015-06-25 16:40:07 -06:00 · 2015-06-25 16:40:07 -06:00 · 715c053559
parent d7c1191ba6
commit 715c053559
3 changed files with 48 additions and 0 deletions
--- a/app/models/rubric_assessment.rb
+++ b/app/models/rubric_assessment.rb
@ -175,6 +175,9 @@ class RubricAssessment < ActiveRecord::Base
    given {|user, session| self.rubric_association && self.rubric_association.grants_right?(user, session, :manage) }
    can :create and can :read and can :delete

+    given {|user, session| self.rubric_association && self.rubric_association.grants_right?(user, session, :view_rubric_assessments) }
+    can :read
+
    given {|user, session|
      self.rubric_association &&
      self.rubric_association.grants_right?(user, session, :manage) &&
--- a/app/models/rubric_association.rb
+++ b/app/models/rubric_association.rb
@ -146,6 +146,9 @@ class RubricAssociation < ActiveRecord::Base

    given {|user, session| self.context.grants_right?(user, session, :participate_as_student) }
    can :submit
+
+    given {|user, session| self.context.grants_right?(user, session, :view_all_grades)}
+    can :view_rubric_assessments
  end

  def update_assignment_points
--- a/spec/models/rubric_assessment_spec.rb
+++ b/spec/models/rubric_assessment_spec.rb
@ -204,4 +204,46 @@ describe RubricAssessment do
      end
    end
  end
+
+  describe "read permissions" do
+    before(:once) do
+      @account = @course.root_account
+      @assessment = @association.assess({
+                                          :user => @student,
+                                          :assessor => @teacher,
+                                          :artifact => @assignment.find_or_create_submission(@student),
+                                          :assessment => {
+                                            :assessment_type => 'grading',
+                                            :criterion_crit1 => {
+                                              :points => 5,
+                                              :comments => "comments",
+                                            }
+                                          }
+                                        })
+    end
+
+    it "grants :read to the user" do
+      expect(@assessment.grants_right?(@student, :read)).to eq true
+    end
+
+    it "grants :read to the assessor" do
+      expect(@assessment.grants_right?(@teacher, :read)).to eq true
+    end
+
+    it "does not grant :read to an account user without :manage_courses or :view_all_grades" do
+      user
+      role = custom_account_role('custom', :account => @account)
+      @account.account_users.create!(user: @user, role: role)
+      expect(@assessment.grants_right?(@user, :read)).to eq false
+    end
+
+    it "grants :read to an account user with :view_all_grades but not :manage_courses" do
+      user
+      role = custom_account_role('custom', :account => @account)
+      RoleOverride.create!(:context => @account, :permission => 'view_all_grades', :role => role, :enabled => true)
+      RoleOverride.create!(:context => @account, :permission => 'manage_courses', :role => role, :enabled => false)
+      @account.account_users.create!(user: @user, role: role)
+      expect(@assessment.grants_right?(@user, :read)).to eq true
+    end
+  end
 end