allow anonymous user take ugraded quiz in public courses
closes QO-685 flag=none test plan: - create a ungraded old quiz in a public course - an anonymous user can take the quiz - it does not affect quizzes for students in a non-public course Change-Id: I0cb72116b55e8feeb2a6467b37d3a484593d4e31 Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/254233 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Jared Crystal <jcrystal@instructure.com> QA-Review: Mark McDermott <mmcdermott@instructure.com> Product-Review: Susan Sorensen <susan.sorensen@instructure.com>
This commit is contained in:
parent
7acd49014f
commit
81dfd08d31
|
@ -43,8 +43,8 @@ class Quizzes::QuizSubmissionEventsApiController < ApplicationController
|
|||
include ::Filters::Quizzes
|
||||
include ::Filters::QuizSubmissions
|
||||
|
||||
before_action :require_user,
|
||||
:require_context,
|
||||
before_action :require_user, only: [:index]
|
||||
before_action :require_context,
|
||||
:require_quiz,
|
||||
:require_active_quiz_submission
|
||||
|
||||
|
|
|
@ -102,10 +102,19 @@ class Quizzes::QuizSubmission < ActiveRecord::Base
|
|||
state :preview
|
||||
end
|
||||
|
||||
def unenrolled_user_can_read?(user, session)
|
||||
course = quiz.course
|
||||
!quiz.graded? && course.available? && course.unenrolled_user_can_read?(user, session)
|
||||
end
|
||||
|
||||
set_policy do
|
||||
given { |user| user && user.id == self.user_id }
|
||||
can :read
|
||||
|
||||
# allow anonymous users take ungraded quizzes from a public course
|
||||
given { |user, session| unenrolled_user_can_read?(user, session) }
|
||||
can :record_events
|
||||
|
||||
given { |user| user && user.id == self.user_id && end_date_is_valid? }
|
||||
can :record_events
|
||||
|
||||
|
|
|
@ -117,6 +117,24 @@ describe Quizzes::QuizSubmissionEventsApiController, type: :request do
|
|||
@quiz_submission = @quiz.quiz_submissions.create!(user: @user, workflow_state: 'settings_only')
|
||||
expect(api_create({raw: true}, {'quiz_submission_events' => events_data})).to eq 404
|
||||
end
|
||||
|
||||
context 'for an ungraded quiz in a public course' do
|
||||
before do
|
||||
@course.is_public = true
|
||||
@course.is_public_to_auth_users = true
|
||||
@course.save!
|
||||
@quiz.quiz_type = 'practice_quiz'
|
||||
@quiz.save!
|
||||
end
|
||||
|
||||
it 'should respond with no_content success' do
|
||||
student_in_course
|
||||
@user = @teacher
|
||||
@quiz_submission = @quiz.quiz_submissions.last
|
||||
api_create({raw: true}, {})
|
||||
assert_status(204)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
describe 'GET /courses/:course_id/quizzes/:quiz_id/submissions/:id/events [index]' do
|
||||
|
|
|
@ -905,6 +905,23 @@ describe Quizzes::QuizSubmission do
|
|||
expect(qs.grants_right?(@teacher, :update_scores)).to eq true
|
||||
expect(qs.grants_right?(@teacher, :add_attempts)).to eq true
|
||||
end
|
||||
|
||||
it "does not take events from an anonymous user" do
|
||||
course_with_student(:active_all => true)
|
||||
@quiz = @course.quizzes.create!
|
||||
qs = @quiz.generate_submission(@user)
|
||||
expect(qs.grants_right?(nil, :record_events)).to be_falsey
|
||||
end
|
||||
|
||||
it "can take events for any users for a ungraded quiz in a public course" do
|
||||
course_with_student(:active_all => true)
|
||||
@course.is_public = true
|
||||
@course.is_public_to_auth_users = true
|
||||
@course.save!
|
||||
@quiz = @course.quizzes.create!(quiz_type: 'practice_quiz')
|
||||
qs = @quiz.generate_submission(@user)
|
||||
expect(qs.grants_right?(nil, { user_id: nil }, :record_events)).to be_truthy
|
||||
end
|
||||
end
|
||||
|
||||
describe "#question" do
|
||||
|
|
Loading…
Reference in New Issue