Add BP course status to file API

refs LF-887 flag=none Test plan - Test with g/330353 and g/330025 - Set up a BP course with a child course linked to it - Create a file in the parent course and lock the BP content for that file - View the child file in the api with include=blueprint_course_status as a query param - Verify you can see the restricted_ by_master course stuff Change-Id: I81f61fd7c37aa1f65aea1c4e80591310c29f24aa Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/330028 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Juan Chavez <juan.chavez@instructure.com> Reviewed-by: Luis Oliveira <luis.oliveira@instructure.com> QA-Review: Luis Oliveira <luis.oliveira@instructure.com> Product-Review: Mysti Lilla <mysti@instructure.com>
2023-10-02 20:07:32 -06:00 · 2023-10-02 20:07:32 -06:00 · ba455ac06f
parent 2890a936e7
commit ba455ac06f
4 changed files with 37 additions and 9 deletions
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -596,6 +596,7 @@ class ApplicationController < ActionController::Base
        canAutoPublishCourses: can_manage
      )
    end
+
    js_env BLUEPRINT_COURSES_DATA: bc_data
    if is_master && js_env.key?(:NEW_USER_TUTORIALS)
      js_env[:NEW_USER_TUTORIALS][:is_enabled] = false
--- a/app/controllers/files_controller.rb
+++ b/app/controllers/files_controller.rb
@ -551,7 +551,12 @@ class FilesController < ApplicationController

    params[:include] = Array(params[:include])
    if access_allowed(@attachment, @current_user, :read)
-      json = attachment_json(@attachment, @current_user, {}, { include: params[:include], verifier: params[:verifier], omit_verifier_in_app: !value_to_boolean(params[:use_verifiers]) })
+      options = { include: params[:include], verifier: params[:verifier], omit_verifier_in_app: !value_to_boolean(params[:use_verifiers]) }
+      if options[:include].include?("blueprint_course_status")
+        options[:context] = @context || @folder&.context || @attachment.context
+        options[:can_view_hidden_files] = can_view_hidden_files?(options[:context], @current_user, session)
+      end
+      json = attachment_json(@attachment, @current_user, {}, options)

      # Add canvadoc session URL if the file is unlocked
      json.merge!(
--- a/lib/api/v1/attachment.rb
+++ b/lib/api/v1/attachment.rb
@ -45,14 +45,12 @@ module Api::V1::Attachment
  end

  def attachment_json(attachment, user, url_options = {}, options = {})
-    hash = {
-      "id" => attachment.id,
-      "uuid" => attachment.uuid,
-      "folder_id" => attachment.folder_id,
-      "display_name" => attachment.display_name,
-      "filename" => attachment.filename,
-      "upload_status" => AttachmentUploadStatus.upload_status(attachment)
-    }
+    hash = attachment.slice("id", "uuid", "folder_id", "display_name", "filename")
+    hash["upload_status"] = AttachmentUploadStatus.upload_status(attachment)
+
+    if options[:can_view_hidden_files] && options[:context] && options[:include].include?("blueprint_course_status") && !options[:master_course_status]
+      options[:master_course_status] = setup_master_course_restrictions([attachment], options[:context])
+    end

    if options[:master_course_status]
      hash.merge!(attachment.master_course_api_restriction_data(options[:master_course_status]))
--- a/spec/apis/v1/files_controller_api_spec.rb
+++ b/spec/apis/v1/files_controller_api_spec.rb
@ -1151,6 +1151,30 @@ describe "Files API", type: :request do
      expect(json["lock_at"]).to eq one_month_from_now.as_json
    end

+    it "returns blueprint course restriction information when requested" do
+      copy_from = course_factory(active_all: true)
+      template = MasterCourses::MasterTemplate.set_as_master_course(copy_from)
+      original_file = copy_from.attachments.create!(
+        display_name: "cat_hugs.mp4", filename: "cat_hugs.mp4", content_type: "video/mp4", media_entry_id: "m-123456"
+      )
+      tag = template.create_content_tag_for!(original_file)
+      tag.update(restrictions: { content: true })
+
+      course_with_teacher(active_all: true)
+      copy_to = @course
+      template.add_child_course!(copy_to)
+
+      # just create a copy directly instead of doing a real migration
+      file_copy = copy_to.attachments.new(
+        display_name: "cat_hugs.mp4", filename: "cat_hugs.mp4", content_type: "video/mp4", media_entry_id: "m-123456"
+      )
+      file_copy.migration_id = tag.migration_id
+      file_copy.save!
+
+      json = api_call(:get, "/api/v1/files/#{file_copy.id}", { controller: "files", action: "api_show", format: "json", id: file_copy.id.to_param }, { include: ["blueprint_course_status"] })
+      expect(json["restricted_by_master_course"]).to be true
+    end
+
    it "is not locked/hidden for a teacher" do
      att2 = Attachment.create!(filename: "test.txt", display_name: "test.txt", uploaded_data: StringIO.new("file"), folder: @root, context: @course, locked: true)
      att2.hidden = true