fix discussion topic permissions for draft state

when draft state is enabled, it shouldn't grant reply rights when a topic is closed for comments test plan: * create and publish a discussion topic * close it for comments * as a student, should not be able to add a reply through the api refs #CNVS-15563 Change-Id: I238f2e8956c9bd3136dfd69db5bb4d63c07102c0 Reviewed-on: https://gerrit.instructure.com/42282 Tested-by: Jenkins <jenkins@instructure.com> QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com> Reviewed-by: Jeremy Stanley <jeremy@instructure.com> Product-Review: James Williams <jamesw@instructure.com>
2014-10-06 09:45:48 -06:00 · 2014-10-06 09:45:48 -06:00 · 9570095541
parent 96ab142d6c
commit 9570095541
4 changed files with 22 additions and 6 deletions
--- a/app/models/discussion_entry.rb
+++ b/app/models/discussion_entry.rb
@ -278,7 +278,7 @@ class DiscussionEntry < ActiveRecord::Base
    given { |user, session| self.context.grants_right?(user, session, :read_forum) }
    can :read

-    given { |user, session| self.context.grants_right?(user, session, :post_to_forum) && self.discussion_topic.available_for?(user) }
+    given { |user, session| self.context.grants_right?(user, session, :post_to_forum) && !self.discussion_topic.closed_for_comment_for?(user) }
    can :reply and can :create and can :read

    given { |user, session| self.context.grants_right?(user, session, :post_to_forum) }
@ -287,13 +287,13 @@ class DiscussionEntry < ActiveRecord::Base
    given { |user, session| context.respond_to?(:allow_student_forum_attachments) && context.allow_student_forum_attachments && context.grants_right?(user, session, :post_to_forum) && discussion_topic.available_for?(user) }
    can :attach

-    given { |user, session| !self.discussion_topic.root_topic_id && self.context.grants_right?(user, session, :moderate_forum) && self.discussion_topic.available_for?(user) }
+    given { |user, session| !self.discussion_topic.root_topic_id && self.context.grants_right?(user, session, :moderate_forum) && !self.discussion_topic.closed_for_comment_for?(user) }
    can :update and can :delete and can :reply and can :create and can :read and can :attach

    given { |user, session| !self.discussion_topic.root_topic_id && self.context.grants_right?(user, session, :moderate_forum) }
    can :update and can :delete and can :read

-    given { |user, session| self.discussion_topic.root_topic && self.discussion_topic.root_topic.context.grants_right?(user, session, :moderate_forum) && self.discussion_topic.available_for?(user) }
+    given { |user, session| self.discussion_topic.root_topic && self.discussion_topic.root_topic.context.grants_right?(user, session, :moderate_forum) && !self.discussion_topic.closed_for_comment_for?(user) }
    can :update and can :delete and can :reply and can :create and can :read and can :attach

    given { |user, session| self.discussion_topic.root_topic && self.discussion_topic.root_topic.context.grants_right?(user, session, :moderate_forum) }
--- a/app/models/discussion_topic.rb
+++ b/app/models/discussion_topic.rb
@ -727,7 +727,7 @@ class DiscussionTopic < ActiveRecord::Base
    given { |user| self.user && self.user == user }
    can :read

-    given { |user| self.user && self.user == user && self.available_for?(user) && self.visible_for?(user) }
+    given { |user| self.user && self.user == user && self.visible_for?(user) && !self.closed_for_comment_for?(user) }
    can :reply

    given { |user| self.user && self.user == user && self.available_for?(user) && context.user_can_manage_own_discussion_posts?(user) }
@ -739,10 +739,11 @@ class DiscussionTopic < ActiveRecord::Base
    given { |user, session| self.active? && self.context.grants_right?(user, session, :read_forum) }
    can :read

-    given { |user, session| self.active? && self.available_for?(user) && self.context.grants_right?(user, session, :post_to_forum) && self.visible_for?(user) }#students.include?(user) }
+    given { |user, session| self.active? && !self.closed_for_comment_for?(user) &&
+        self.context.grants_right?(user, session, :post_to_forum) && self.visible_for?(user)}
    can :reply and can :read

-    given { |user, session| self.active? && self.context.grants_right?(user, session, :post_to_forum) }#students.include?(user) }
+    given { |user, session| self.active? && self.context.grants_right?(user, session, :post_to_forum) && self.visible_for?(user)}
    can :read

    given { |user, session|
@ -957,6 +958,7 @@ class DiscussionTopic < ActiveRecord::Base
  end

  def closed_for_comment_for?(user, opts={})
+    return true if self.locked?
    lock = self.locked_for?(user, opts)
    return false unless lock
    return false if self.draft_state_enabled? && lock.include?(:unlock_at)
--- a/spec/apis/v1/discussion_topics_api_spec.rb
+++ b/spec/apis/v1/discussion_topics_api_spec.rb
@ -1211,6 +1211,16 @@ describe DiscussionTopicsController, type: :request do
      @entry.message.should == @message
    end

+    it "should not allow creating an entry under a topic that is closed for comments" do
+      @course.enable_feature!(:draft_state)
+      @topic.lock!
+      api_call(
+          :post, "/api/v1/courses/#{@course.id}/discussion_topics/#{@topic.id}/entries.json",
+          { :controller => 'discussion_topics_api', :action => 'add_entry', :format => 'json',
+            :course_id => @course.id.to_s, :topic_id => @topic.id.to_s },
+          { :message => @message }, {}, :expected_status => 401)
+    end
+
    it "should return json representation of the new entry" do
      json = api_call(
        :post, "/api/v1/courses/#{@course.id}/discussion_topics/#{@topic.id}/entries.json",
--- a/spec/models/discussion_topic_spec.rb
+++ b/spec/models/discussion_topic_spec.rb
@ -826,6 +826,8 @@ describe DiscussionTopic do
      @entry = @topic.reply_from(:user => @teacher, :text => "entry")
      @student = student_in_course(:active_all => true).user
      @entry.reply_from(:user => @student, :html => "reply")
+
+      @topic.reload
      @topic.posters.should include(@student)
    end

@ -834,6 +836,8 @@ describe DiscussionTopic do
      @student = student_in_course(:active_all => true).user
      @entry.reply_from(:user => @student, :html => "reply 1")
      @entry.reply_from(:user => @student, :html => "reply 2")
+
+      @topic.reload
      @topic.posters.should include(@teacher)
      @topic.posters.should include(@student)
      @topic.posters.size.should == 2