master courses: don't show edit buttons for locked pages

test plan: * have a wiki page in a blueprint course that allows "teachers and students" to edit the page, but then lock the page (with content locked) * in the associated course, students (or anyone) shouldn't be able to visit the page's edit page and try to save changes to the page closes #CNVS-38060 Change-Id: I3c09ca42baa6735c183b686310e225ff035d367e Reviewed-on: https://gerrit.instructure.com/127351 Reviewed-by: Dan Minkevitch <dan@instructure.com> Tested-by: Jenkins QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com> Product-Review: James Williams <jamesw@instructure.com>
2017-09-26 08:29:38 -06:00 · 2017-09-26 08:29:38 -06:00 · bc1536dce5
parent efd4bc145b
commit bc1536dce5
8 changed files with 22 additions and 15 deletions
--- a/app/coffeescripts/views/wiki/WikiPageIndexItemView.coffee
+++ b/app/coffeescripts/views/wiki/WikiPageIndexItemView.coffee
@ -62,7 +62,9 @@ define [
        # TODO: Consider allowing duplicating pages in other contexts
        DUPLICATE: !!@WIKI_RIGHTS.manage && @contextName == 'courses'

-      json.cannot_edit_by_master_course = json.is_master_course_child_content && json.restricted_by_master_course
+      if json.is_master_course_child_content && json.restricted_by_master_course
+        json.cannot_delete_by_master_course = true
+        json.cannot_edit_by_master_course = json.master_course_restrictions.content

      json.wiki_page_menu_tools = ENV.wiki_page_menu_tools || []
      json.wiki_page_menu_tools.forEach (tool) =>
--- a/app/coffeescripts/views/wiki/WikiPageView.coffee
+++ b/app/coffeescripts/views/wiki/WikiPageView.coffee
@ -166,7 +166,9 @@ define [
        else
          $.datetimeString(json.lock_info.unlock_at)

-      json.cannot_edit_by_master_course = json.is_master_course_child_content && json.restricted_by_master_course
+      if json.is_master_course_child_content && json.restricted_by_master_course
+        json.cannot_delete_by_master_course = true
+        json.cannot_edit_by_master_course = json.master_course_restrictions.content

      json.wiki_page_menu_tools = ENV.wiki_page_menu_tools
      _.each json.wiki_page_menu_tools, (tool) =>
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -247,8 +247,8 @@ class ApplicationController < ActionController::Base
  end
  helper_method :master_courses?

-  def setup_master_course_restrictions(objects, course)
-    return unless master_courses? && course.is_a?(Course) && course.grants_right?(@current_user, session, :read_as_admin)
+  def setup_master_course_restrictions(objects, course, user_can_edit: false)
+    return unless master_courses? && course.is_a?(Course) && (user_can_edit || course.grants_right?(@current_user, session, :read_as_admin))

    if MasterCourses::MasterTemplate.is_master_course?(course)
      MasterCourses::Restrictor.preload_default_template_restrictions(objects, course)
@ -2108,8 +2108,8 @@ class ApplicationController < ActionController::Base
    end

    if @page
-      if @context.wiki.grants_right?(@current_user, :manage)
-        mc_status = setup_master_course_restrictions(@page, @context)
+      if @page.grants_any_right?(@current_user, session, :update, :update_content)
+        mc_status = setup_master_course_restrictions(@page, @context, user_can_edit: true)
      end

      hash[:WIKI_PAGE] = wiki_page_json(@page, @current_user, session, true, :deep_check_if_needed => true, :master_course_status => mc_status)
--- a/app/controllers/wiki_pages_controller.rb
+++ b/app/controllers/wiki_pages_controller.rb
@ -114,7 +114,7 @@ class WikiPagesController < ApplicationController
  end

  def edit
-    if @page.grants_any_right?(@current_user, session, :update, :update_content)
+    if @page.grants_any_right?(@current_user, session, :update, :update_content) && !@page.editing_restricted?(:content)
      set_master_course_js_env_data(@page, @context)

      js_env ConditionalRelease::Service.env_for @context
--- a/app/views/jst/wiki/WikiPage.handlebars
+++ b/app/views/jst/wiki/WikiPage.handlebars
@ -32,9 +32,11 @@
            {{/if}}
          {{/if}}
        {{/unless}}
-        {{#if CAN.UPDATE_CONTENT}}
-          <a href="{{wiki_page_edit_path}}" class="btn edit-wiki"><i class="icon-edit"></i> {{#t 'buttons.edit'}}Edit{{/t}}</a>
-        {{/if}}
+        {{#unless cannot_edit_by_master_course}}
+          {{#if CAN.UPDATE_CONTENT}}
+            <a href="{{wiki_page_edit_path}}" class="btn edit-wiki"><i class="icon-edit"></i> {{#t 'buttons.edit'}}Edit{{/t}}</a>
+          {{/if}}
+        {{/unless}}
        {{#if CAN.ACCESS_GEAR_MENU}}
          <div class="inline-block">
            <a class="btn al-trigger" tabindex="0" role="button" href="#">
@ -42,7 +44,7 @@
              <span class="screenreader-only">{{#t 'toolbar_menu.settings'}}Settings{{/t}}</span>
            </a>
            <ul class="al-options">
-              {{#unless cannot_edit_by_master_course}}
+              {{#unless cannot_delete_by_master_course}}
                {{#if CAN.DELETE}}
                  <li><a href="#" class="icon-trash delete_page{{#unless deletable}} disabled{{/unless}}" {{#unless deletable}}aria-disabled="true"{{/unless}}>{{#t "delete_wiki"}}Delete{{/t}}</a></li>
                {{/if}}
--- a/app/views/jst/wiki/WikiPageIndexItem.handlebars
+++ b/app/views/jst/wiki/WikiPageIndexItem.handlebars
@ -20,6 +20,8 @@
      <ul class="al-options">
        {{#unless cannot_edit_by_master_course}}
          <li><a href="#" class="icon-edit edit-menu-item" title="{{#t}}Edit{{/t}}">{{#t}}Edit{{/t}}</a></li>
+        {{/unless}}
+        {{#unless cannot_delete_by_master_course}}
          <li>
            <a href="#" class="icon-trash delete-menu-item{{#unless deletable}} disabled{{/unless}}"
               title="{{#t}}Delete {{title}}{{/t}}" {{#unless deletable}}aria-disabled="true"{{/unless}}>
--- a/spec/selenium/master_courses/blueprint_banner_spec.rb
+++ b/spec/selenium/master_courses/blueprint_banner_spec.rb
@ -52,8 +52,7 @@ describe "master courses banner" do
        expect(f('#blueprint-lock-banner')).to include_text('Content')
        run_master_course_migration(@master)
        get "/courses/#{@minion.id}/pages/#{@copy_page.id}/edit"
-        expect(f('.edit-content')).not_to contain_css('#tinymce')
-        expect(f('#blueprint-lock-banner')).to include_text('Content')
+        assert_flash_warning_message("You are not allowed to edit the page")
      end

      it "shows locked banner when locking", priority:"2", test_id: 3248173 do
--- a/spec/selenium/master_courses/child_course_pages_spec.rb
+++ b/spec/selenium/master_courses/child_course_pages_spec.rb
@ -43,7 +43,7 @@ describe "master courses - child courses - wiki page locking" do
  end

  it "should not show the edit/delete cog-menu options on the index when locked" do
-    @tag.update(restrictions: {:all => true})
+    @tag.update(restrictions: {:content => true})

    get "/courses/#{@copy_to.id}/pages"

@ -65,7 +65,7 @@ describe "master courses - child courses - wiki page locking" do
  end

  it "should not show the delete option on the show page when locked" do
-    @tag.update(restrictions: {:all => true})
+    @tag.update(restrictions: {:points => true})

    get "/courses/#{@copy_to.id}/pages/#{@page_copy.url}"