From 7a96d3ba709cbffc9f412efe215dbe133f1e8289 Mon Sep 17 00:00:00 2001 From: Derek Bender Date: Wed, 1 Nov 2017 16:36:48 -0500 Subject: [PATCH] hide entered_score entered_grade when muted closes: GRADE-633 test plan: - Given a muted assignment - When requesting the student's submission via the API - Then 'entered_score' and 'entered_grade' are not present in the API Change-Id: I3936e3285da0f96132f1c0f297a760317ac9f877 Reviewed-on: https://gerrit.instructure.com/131540 Tested-by: Jenkins Reviewed-by: Keith T. Garner Reviewed-by: Jeremy Neander QA-Review: Indira Pai Product-Review: Keith T. Garner --- app/models/submission.rb | 2 +- spec/models/submission_spec.rb | 55 ++++++++++++++++++++++++++++++++-- 2 files changed, 53 insertions(+), 4 deletions(-) diff --git a/app/models/submission.rb b/app/models/submission.rb index 7e322e3a7cf..5922aeb72c8 100644 --- a/app/models/submission.rb +++ b/app/models/submission.rb @@ -2116,7 +2116,7 @@ class Submission < ActiveRecord::Base def filter_attributes_for_user(hash, user, session) unless user_can_read_grade?(user, session) - %w(score published_grade published_score grade).each do |secret_attr| + %w(score grade published_score published_grade entered_score entered_grade).each do |secret_attr| hash.delete secret_attr end end diff --git a/spec/models/submission_spec.rb b/spec/models/submission_spec.rb index 471f735ff50..6f15f446874 100644 --- a/spec/models/submission_spec.rb +++ b/spec/models/submission_spec.rb @@ -25,9 +25,10 @@ describe Submission do course_with_teacher(active_all: true) course_with_student(active_all: true, course: @course) @context = @course - @assignment = @context.assignments.new(:title => "some assignment") - @assignment.workflow_state = "published" - @assignment.save + @assignment = @context.assignments.create!( + title: 'some assignment', + workflow_state: 'published' + ) @valid_attributes = { assignment: @assignment, user: @user, @@ -4196,6 +4197,54 @@ describe Submission do end end + describe '#filter_attributes_for_user' do + let(:user) { instance_double('User', id: 1) } + let(:session) { {} } + let(:submission) { @assignment.submissions.build(user_id: 2) } + + context 'assignment is muted' do + before do + @assignment.update!(muted: true) + end + + it 'filters score' do + expect(submission.assignment).to receive(:user_can_read_grades?).and_return(false) + hash = { 'score' => 10 } + expect(submission.filter_attributes_for_user(hash, user, session)).not_to have_key('score') + end + + it 'filters grade' do + expect(submission.assignment).to receive(:user_can_read_grades?).and_return(false) + hash = { 'grade' => 10 } + expect(submission.filter_attributes_for_user(hash, user, session)).not_to have_key('grade') + end + + it 'filters published_score' do + expect(submission.assignment).to receive(:user_can_read_grades?).and_return(false) + hash = { 'published_score' => 10 } + expect(submission.filter_attributes_for_user(hash, user, session)).not_to have_key('published_score') + end + + it 'filters published_grade' do + expect(submission.assignment).to receive(:user_can_read_grades?).and_return(false) + hash = { 'published_grade' => 10 } + expect(submission.filter_attributes_for_user(hash, user, session)).not_to have_key('published_grade') + end + + it 'filters entered_score' do + expect(submission.assignment).to receive(:user_can_read_grades?).and_return(false) + hash = { 'entered_score' => 10 } + expect(submission.filter_attributes_for_user(hash, user, session)).not_to have_key('entered_score') + end + + it 'filters entered_grade' do + expect(submission.assignment).to receive(:user_can_read_grades?).and_return(false) + hash = { 'entered_grade' => 10 } + expect(submission.filter_attributes_for_user(hash, user, session)).not_to have_key('entered_grade') + end + end + end + def submission_spec_model(opts={}) opts = @valid_attributes.merge(opts) assignment = opts.delete(:assignment) || Assignment.find(opts.delete(:assignment_id))