Fix deleted admin enrollments enabling student to see discussion topics without a post. Fixes #11192

Fixed the DiscussionTopic#user_ids_who_have_posted_and_admins method to only look at active admin enrollments. Was picking up the TA's deleted admin enrollment. Testing Steps: =========== * Create a course as a teacher and add a TA * Create a Discussion Topic that requires a user to post before seeing other user's responses. * As a student, add a response * Verify that the TA can see the other student's response without having created a post themselves. * Remove the TA's enrollment in the course and add the TA as a Student. * As the TA-turned-student, visit the discussion and verify that you cannot see the replies without first making a post. Change-Id: I35ed1a6b05128e8e3636574df3779449a5ee3c69 Reviewed-on: https://gerrit.instructure.com/14617 Reviewed-by: Joel Hough <joel@instructure.com> Reviewed-by: Jon Willesen <jonw@instructure.com> Reviewed-by: Marc LeGendre <marc@instructure.com> Tested-by: Jenkins <jenkins@instructure.com>
2012-10-22 15:45:01 -06:00 · 2012-10-22 15:45:01 -06:00 · ac9182cf56
parent f59d873cea
commit ac9182cf56
2 changed files with 13 additions and 1 deletions
--- a/app/models/discussion_topic.rb
+++ b/app/models/discussion_topic.rb
@ -423,7 +423,7 @@ class DiscussionTopic < ActiveRecord::Base

  def user_ids_who_have_posted_and_admins
    ids = DiscussionEntry.active.scoped(:select => "distinct user_id").find_all_by_discussion_topic_id(self.id).map(&:user_id)
-    ids += self.context.admin_enrollments.scoped(:select => 'user_id').map(&:user_id) if self.context.respond_to?(:admin_enrollments)
+    ids += self.context.admin_enrollments.active.scoped(:select => 'user_id').map(&:user_id) if self.context.respond_to?(:admin_enrollments)
    ids
  end
  memoize :user_ids_who_have_posted_and_admins
--- a/spec/models/discussion_topic_spec.rb
+++ b/spec/models/discussion_topic_spec.rb
@ -414,6 +414,18 @@ describe DiscussionTopic do
      @topic.user_can_see_posts?(@teacher).should == true
    end

+    it "should only allow active admins to see posts without posting" do
+      @ta_enrollment = course_with_ta(:course => @course, :active_enrollment => true)
+      # TA should be able to see
+      @topic.user_can_see_posts?(@ta).should == true
+      # Remove user as TA and enroll as student, should not be able to see
+      @ta_enrollment.destroy
+      # enroll as a student.
+      course_with_student(:course => @course, :user => @ta, :active_enrollment => true)
+      @topic.reload
+      @topic.user_can_see_posts?(@ta).should == false
+    end
+
    it "shouldn't allow student (and observer) who hasn't posted to see" do
      @topic.user_can_see_posts?(@student).should == false
    end