From a5825e3a59a8bff62f541679c59034588a4fc055 Mon Sep 17 00:00:00 2001
From: Jeremy Stanley <jeremy@instructure.com>
Date: Thu, 5 Apr 2018 18:22:35 -0600
Subject: [PATCH] sections: check :manage_sis on the root account

test plan:
 - create an account role that grants "manage SIS"
 - set up account admins in this role in both a root account
   and a subaccount
 - create a course in the subaccount, and create a section
   in the course
 - ensure that:
   1. the root account admin has a field to edit the SIS ID
      when editing the section
   2. the subaccount admin does not have this field

fixes ADMIN-915

Change-Id: I19866204852fb4416a16669f277c39bbfac95379
Reviewed-on: https://gerrit.instructure.com/146121
Tested-by: Jenkins
Reviewed-by: James Williams  <jamesw@instructure.com>
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
---
 app/views/sections/show.html.erb      |  4 ++--
 spec/selenium/course_sections_spec.rb | 29 +++++++++++++++++++++++++++
 2 files changed, 31 insertions(+), 2 deletions(-)

diff --git a/app/views/sections/show.html.erb b/app/views/sections/show.html.erb
index 4cf7d003272..4c20f9016b3 100644
--- a/app/views/sections/show.html.erb
+++ b/app/views/sections/show.html.erb
@@ -127,12 +127,12 @@ h3 .tally {
     <td><%= f.blabel :name, :en => "Section Name" %></td>
     <td><%= f.text_field :name %></td>
   </tr>
-  <% if @section.sis_source_id && can_do(@context, @current_user, :read_sis) || can_do(@context, @current_user, :manage_sis) %>
+  <% if @section.sis_source_id && can_do(@context, @current_user, :read_sis) || can_do(@context.root_account, @current_user, :manage_sis) %>
     <tr>
       <td><%= f.blabel :sis_source_id, :en => "SIS ID" %></td>
       <td>
         <span class="course_form">
-          <% if can_do(@context, @current_user, :manage_sis) %>
+          <% if can_do(@context.root_account, @current_user, :manage_sis) %>
             <%= f.text_field :sis_source_id, :style => "width: 50px;", :title => "SIS ID", :value => @section.sis_source_id %>
           <% else %>
             <%= @section.sis_source_id %>
diff --git a/spec/selenium/course_sections_spec.rb b/spec/selenium/course_sections_spec.rb
index 382ee684bbf..1f0763c3e50 100644
--- a/spec/selenium/course_sections_spec.rb
+++ b/spec/selenium/course_sections_spec.rb
@@ -97,6 +97,35 @@ describe "course sections" do
     expect(@section.end_at).to eq(Date.new(2015, 3, 4))
   end
 
+  context "account admin" do
+    before do
+      Account.default.role_overrides.create! role: Role.get_built_in_role('AccountAdmin'), permission: 'manage_sis', enabled: true
+      @subaccount = Account.default.sub_accounts.create! name: 'sub'
+      course_factory account: @subaccount
+      @section = @course.course_sections.create! name: 'sec'
+    end
+
+    it "lets a root account admin modify the sis ID" do
+      account_admin_user account: Account.default
+      user_session @admin
+      get "/courses/#{@course.id}/sections/#{@section.id}"
+
+      f('.edit_section_link').click
+      edit_form = f('#edit_section_form')
+      expect(edit_form).to contain_css('input#course_section_sis_source_id')
+    end
+
+    it "does not let a subaccount admin modify the sis ID" do
+      account_admin_user account: @subaccount
+      user_session @admin
+      get "/courses/#{@course.id}/sections/#{@section.id}"
+
+      f('.edit_section_link').click
+      edit_form = f('#edit_section_form')
+      expect(edit_form).not_to contain_css('input#course_section_sis_source_id')
+    end
+  end
+
   context "student tray" do
 
     before(:each) do