sections: check :manage_sis on the root account

test plan: - create an account role that grants "manage SIS" - set up account admins in this role in both a root account and a subaccount - create a course in the subaccount, and create a section in the course - ensure that: 1. the root account admin has a field to edit the SIS ID when editing the section 2. the subaccount admin does not have this field fixes ADMIN-915 Change-Id: I19866204852fb4416a16669f277c39bbfac95379 Reviewed-on: https://gerrit.instructure.com/146121 Tested-by: Jenkins Reviewed-by: James Williams <jamesw@instructure.com> QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com> Product-Review: Jeremy Stanley <jeremy@instructure.com>
2018-04-05 18:22:35 -06:00 · 2018-04-05 18:22:35 -06:00 · a5825e3a59
parent 5c66ad72cb
commit a5825e3a59
2 changed files with 31 additions and 2 deletions
--- a/app/views/sections/show.html.erb
+++ b/app/views/sections/show.html.erb
@ -127,12 +127,12 @@ h3 .tally {
    <td><%= f.blabel :name, :en => "Section Name" %></td>
    <td><%= f.text_field :name %></td>
  </tr>
-  <% if @section.sis_source_id && can_do(@context, @current_user, :read_sis) || can_do(@context, @current_user, :manage_sis) %>
+  <% if @section.sis_source_id && can_do(@context, @current_user, :read_sis) || can_do(@context.root_account, @current_user, :manage_sis) %>
    <tr>
      <td><%= f.blabel :sis_source_id, :en => "SIS ID" %></td>
      <td>
        <span class="course_form">
-          <% if can_do(@context, @current_user, :manage_sis) %>
+          <% if can_do(@context.root_account, @current_user, :manage_sis) %>
            <%= f.text_field :sis_source_id, :style => "width: 50px;", :title => "SIS ID", :value => @section.sis_source_id %>
          <% else %>
            <%= @section.sis_source_id %>
--- a/spec/selenium/course_sections_spec.rb
+++ b/spec/selenium/course_sections_spec.rb
@ -97,6 +97,35 @@ describe "course sections" do
    expect(@section.end_at).to eq(Date.new(2015, 3, 4))
  end

+  context "account admin" do
+    before do
+      Account.default.role_overrides.create! role: Role.get_built_in_role('AccountAdmin'), permission: 'manage_sis', enabled: true
+      @subaccount = Account.default.sub_accounts.create! name: 'sub'
+      course_factory account: @subaccount
+      @section = @course.course_sections.create! name: 'sec'
+    end
+
+    it "lets a root account admin modify the sis ID" do
+      account_admin_user account: Account.default
+      user_session @admin
+      get "/courses/#{@course.id}/sections/#{@section.id}"
+
+      f('.edit_section_link').click
+      edit_form = f('#edit_section_form')
+      expect(edit_form).to contain_css('input#course_section_sis_source_id')
+    end
+
+    it "does not let a subaccount admin modify the sis ID" do
+      account_admin_user account: @subaccount
+      user_session @admin
+      get "/courses/#{@course.id}/sections/#{@section.id}"
+
+      f('.edit_section_link').click
+      edit_form = f('#edit_section_form')
+      expect(edit_form).not_to contain_css('input#course_section_sis_source_id')
+    end
+  end
+
  context "student tray" do

    before(:each) do