make group conferences available to course admins, fixes #6681

this brings the overly strict tab display permission in line with the other controller/view checks... provided an admin can manage or even just view group pages, they can see web conferences. Change-Id: I8412b3e62ad053e33a1219f1c52dbdf0b1110958 Reviewed-on: https://gerrit.instructure.com/8102 Reviewed-by: Cody Cutrer <cody@instructure.com> Tested-by: Jon Jensen <jon@instructure.com>
2012-01-16 15:44:10 -07:00 · 2012-01-16 15:44:10 -07:00 · 7acc8b91be
parent ea973909f5
commit 7acc8b91be
2 changed files with 42 additions and 2 deletions
--- a/app/models/group.rb
+++ b/app/models/group.rb
@ -303,7 +303,7 @@ class Group < ActiveRecord::Base
    can :create

    given { |user, session| self.context && self.context.grants_right?(user, session, :manage_groups) }
-    can :read and can :read_roster and can :manage and can :manage_content and can :manage_students and can :manage_admin_users and can :update and can :delete and can :create and can :moderate_forum and can :post_to_forum and can :manage_wiki and can :manage_files
+    can :read and can :read_roster and can :manage and can :manage_content and can :manage_students and can :manage_admin_users and can :update and can :delete and can :create and can :moderate_forum and can :post_to_forum and can :manage_wiki and can :manage_files and can :create_conferences

    given { |user, session| self.context && self.context.grants_right?(user, session, :view_group_pages) }
    can :read and can :read_roster
@ -354,7 +354,7 @@ class Group < ActiveRecord::Base
      { :id => TAB_CHAT,          :label => t("#group.tabs.chat", "Chat"), :css_class => 'chat', :href => :group_chat_path },
      { :id => TAB_FILES,         :label => t("#group.tabs.files", "Files"), :css_class => 'files', :href => :group_files_path }
    ]
-    available_tabs << { :id => TAB_CONFERENCES, :label => t('#tabs.conferences', "Conferences"), :css_class => 'conferences', :href => :group_conferences_path } if user && self.grants_right?(user, nil, :create_conferences)
+    available_tabs << { :id => TAB_CONFERENCES, :label => t('#tabs.conferences', "Conferences"), :css_class => 'conferences', :href => :group_conferences_path } if user && self.grants_right?(user, nil, :read)
    available_tabs
  end

--- a/spec/models/group_spec.rb
+++ b/spec/models/group_spec.rb
@ -379,4 +379,44 @@ describe Group do
      group.should have_common_section_with_user(user2)
    end
  end
+
+  context "tabs_available" do
+    before do
+      course_with_teacher
+      @teacher = @user
+      @group = group(:group_context => @course)
+      @group.users << @student = student_in_course(:course => @course).user
+    end
+
+    it "should let members see everything" do
+      @group.tabs_available(@student).map{|t|t[:id]}.should eql [
+        Group::TAB_HOME,
+        Group::TAB_ANNOUNCEMENTS,
+        Group::TAB_PAGES,
+        Group::TAB_PEOPLE,
+        Group::TAB_DISCUSSIONS,
+        Group::TAB_CHAT,
+        Group::TAB_FILES,
+        Group::TAB_CONFERENCES
+      ]
+    end
+
+    it "should let admins see everything" do
+      @group.tabs_available(@teacher).map{|t|t[:id]}.should eql [
+        Group::TAB_HOME,
+        Group::TAB_ANNOUNCEMENTS,
+        Group::TAB_PAGES,
+        Group::TAB_PEOPLE,
+        Group::TAB_DISCUSSIONS,
+        Group::TAB_CHAT,
+        Group::TAB_FILES,
+        Group::TAB_CONFERENCES
+      ]
+    end
+
+    it "should not let nobodies see conferences" do
+      @group.tabs_available(nil).map{|t|t[:id]}.should_not include Group::TAB_CONFERENCES
+    end
+  end
+  
 end