add root account setting for custom terms/privacy

fixes CNVS-6888 testing steps: * from a console, set a custom privacy and terms url Setting.set('privacy_policy_url', 'http://custom.example.com/privacy') Setting.set('terms_of_use_url', 'http://custom.example.com/terms') * verify the following location all display the new links: * <canvas>/enroll/<join_code> - with self_enrollments enabled for the course and currently logged out * when self registration is disabled at the root account, will be prompted to authenticate, "View Privacy Policy" * when self registration is enabled at the root account, will be prompted to authenticate or register, "View Privacy Policy" * when logged in as a teacher, prompted to confirm enrollment "View Privacy Policy" * <canvas>/register_from_website - when logged out * page footer links for "Terms of Use" and "Privacy Policy" * "I'm a teacher", both links at bottom of dialog * "I'm a student", both links at bottom of dialog * "Parents sign up here", both links at bottom of dialog * <canvas>/accounts/<id>/users - click "Add a New User" from the right sidebar. "View Privacy Policy" in modal dialog. Change-Id: Ic80c369dcea8483c93fb8adfcd9a80c1d6d3ad6a Reviewed-on: https://gerrit.instructure.com/22712 Reviewed-by: Jon Jensen <jon@instructure.com> Tested-by: Jenkins <jenkins@instructure.com> QA-Review: Marc LeGendre <marc@instructure.com> Product-Review: Marc LeGendre <marc@instructure.com>
2013-07-29 11:50:51 -06:00 · 2013-07-29 11:50:51 -06:00 · c8414e19ee
parent a861300693
commit c8414e19ee
11 changed files with 59 additions and 38 deletions
--- a/app/coffeescripts/registration/signupDialog.coffee
+++ b/app/coffeescripts/registration/signupDialog.coffee
@ -19,8 +19,8 @@ define [
    $node = $nodes[id] ?= $('<div />')
    $node.html templates[id](
      account: ENV.ACCOUNT.registration_settings
-      terms_url: "http://www.instructure.com/terms-of-use"
-      privacy_url: "http://www.instructure.com/privacy-policy"
+      terms_url: ENV.ACCOUNT.terms_of_use_url
+      privacy_url: ENV.ACCOUNT.privacy_policy_url
    )
    $node.find('.date-field').datetime_field()

--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@ -205,6 +205,7 @@ class UsersController < ApplicationController
    if authorized_action(@context, @current_user, :read_roster)
      @root_account = @context.root_account
      @query = (params[:user] && params[:user][:name]) || params[:term]
+      js_env :ACCOUNT => account_json(@domain_root_account, nil, session, ['registration_settings'])
      Shackles.activate(:slave) do
        if @context && @context.is_a?(Account) && @query
          @users = @context.users_name_like(@query)
--- a/app/helpers/self_enrollments_helper.rb
+++ b/app/helpers/self_enrollments_helper.rb
@ -23,12 +23,4 @@ module SelfEnrollmentsHelper
      markdown(@registration_summary, :never) rescue nil
    end
  end
-
-  def privacy_link
-    if @privacy_link
-      @privacy_link
-    else
-      "http://www.instructure.com/privacy-policy"
-    end
-  end
 end
--- a/app/models/account.rb
+++ b/app/models/account.rb
@ -159,6 +159,8 @@ class Account < ActiveRecord::Base
  add_setting :admins_can_view_notifications, :boolean => true, :root_only => true, :default => false
  add_setting :outgoing_email_default_name
  add_setting :external_notification_warning, :boolean => true, :default => false
+  # Terms of Use and Privacy Policy settings for the root account
+  add_setting :terms_changed_at, :root_only => true
  # When a user is invited to a course, do we let them see a preview of the
  # course even without registering?  This is part of the free-for-teacher
  # account perks, since anyone can invite anyone to join any course, and it'd
@ -227,6 +229,18 @@ class Account < ActiveRecord::Base
    !!settings[:self_registration] && canvas_authentication?
  end

+  def terms_of_use_url
+    Setting.get('terms_of_use_url', 'http://www.instructure.com/terms-of-use')
+  end
+
+  def privacy_policy_url
+    Setting.get('privacy_policy_url', 'http://www.instructure.com/privacy-policy')
+  end
+
+  def terms_required?
+    Setting.get('terms_required', false)
+  end
+
  def ip_filters=(params)
    filters = {}
    require 'ipaddr'
--- a/app/views/self_enrollments/_authenticate.html.erb
+++ b/app/views/self_enrollments/_authenticate.html.erb
@ -15,7 +15,7 @@
    </div>
  </div>
  <div class="control-group embedded-footer">
-    <a href="http://www.instructure.com/privacy-policy" target="_blank" class="footer-info"><%= t '#site.view_privacy_policy', 'View Privacy Policy' %></a>
+    <a href="<%= @domain_root_account.privacy_policy_url %>" target="_blank" class="footer-info"><%= t '#site.view_privacy_policy', 'View Privacy Policy' %></a>
    <div class="controls">
      <button class="btn btn-primary" type="submit"><%= @confirm_enrollment_url ? t("buttons.next", "Next") : t("buttons.enroll_in_course", "Enroll in Course") %></button>
    </div>
--- a/app/views/self_enrollments/_authenticate_or_register.html.erb
+++ b/app/views/self_enrollments/_authenticate_or_register.html.erb
@ -45,7 +45,7 @@
    </div>
  </div>
  <div class="control-group embedded-footer">
-    <a href="<%= privacy_link %>" target="_blank" class="footer-info"><%= t '#site.view_privacy_policy', 'View Privacy Policy' %></a>
+    <a href="<%= @domain_root_account.privacy_policy_url %>" target="_blank" class="footer-info"><%= t '#site.view_privacy_policy', 'View Privacy Policy' %></a>
    <div class="controls">
      <button class="btn btn-primary" style="visibility: hidden" id="submit_button" type="submit"><%= @confirm_enrollment_url ? t("buttons.next", "Next") : t("buttons.enroll_in_course", "Enroll in Course") %></button>
    </div>
--- a/app/views/self_enrollments/_confirm_enrollments.html.erb
+++ b/app/views/self_enrollments/_confirm_enrollments.html.erb
@ -5,7 +5,7 @@
    <p><%= t :switch_users, "You are currently signed in as *%{user}*. **Sign in as another user**.", :user => @current_user.name, :wrapper => {'*' => '<b>\1</b>', '**' => link_to('\1', "/logout", :id => 'logout_link')} %></p>
  <% end %>
  <div class="control-group embedded-footer">
-    <a href="http://www.instructure.com/privacy-policy" target="_blank" class="footer-info"><%= t '#site.view_privacy_policy', 'View Privacy Policy' %></a>
+    <a href="<%= @domain_root_account.privacy_policy_url %>" target="_blank" class="footer-info"><%= t '#site.view_privacy_policy', 'View Privacy Policy' %></a>
    <div class="controls">
      <button class="btn btn-primary" type="submit"><%= @confirm_enrollment_url ? t("buttons.next", "Next") : t("buttons.enroll_in_course", "Enroll in Course") %></button>
    </div>
--- a/app/views/users/new.html.erb
+++ b/app/views/users/new.html.erb
@ -28,8 +28,8 @@
  <div class="registration-content">
    <div class="left">&copy; <%= Time.now.year %> <a href="http://www.instructure.com">Instructure</a></div>
    <div class="right">
-      <a href="http://www.instructure.com/terms-of-use">Terms of Use</a>
-      <a href="http://www.instructure.com/privacy-policy">Privacy Policy</a>
+      <%= link_to t(:terms_of_use, 'Terms of Use'), @domain_root_account.terms_of_use_url %>
+      <%= link_to t(:privacy_policy, 'Privacy Policy'), @domain_root_account.privacy_policy_url %>
    </div>
  </div>
 </div>
--- a/lib/api/v1/account.rb
+++ b/lib/api/v1/account.rb
@ -44,6 +44,8 @@ module Api::V1::Account
      hash['sis_account_id'] = account.sis_source_id if !account.root_account? && account.root_account.grants_rights?(user, :read_sis, :manage_sis).values.any?
      if includes.include?('registration_settings')
        hash['registration_settings'] = {:login_handle_name => account.login_handle_name}
+        hash['terms_of_use_url'] = account.terms_of_use_url if account.root_account?
+        hash['privacy_policy_url'] = account.privacy_policy_url if account.root_account?
      end
      @@extensions.each do |extension|
        hash = extension.extend_account_json(hash, account, user, session, includes)
--- a/public/javascripts/account_add_user.js
+++ b/public/javascripts/account_add_user.js
@ -12,7 +12,7 @@ require([
    event.preventDefault();
    $("#add_user_form :text").val("");
    var $dialog = $("#add_user_dialog"),
-        $privacy = $('<a>', {href: "http://www.instructure.com/privacy-policy", style: "padding-left: 1em; line-height: 3em", 'class': 'privacy_policy_link', target: "_blank"}),
+        $privacy = $('<a>', {href: ENV.ACCOUNT.privacy_policy_url, style: "padding-left: 1em; line-height: 3em", 'class': 'privacy_policy_link', target: "_blank"}),
        $buttonPane;
    $dialog.dialog({
      title: I18n.t('add_user_dialog_title', "Add a New User"),
--- a/spec/controllers/users_controller_spec.rb
+++ b/spec/controllers/users_controller_spec.rb
@ -20,33 +20,45 @@ require File.expand_path(File.dirname(__FILE__) + '/../sharding_spec_helper')

 describe UsersController do

-  it "should filter account users by term" do
-    a = Account.default
-    u = user(:active_all => true)
-    a.add_user(u)
-    user_session(@user)
-    t1 = a.default_enrollment_term
-    t2 = a.enrollment_terms.create!(:name => 'Term 2')
+  describe "index" do
+    before :each do
+      @a = Account.default
+      @u = user(:active_all => true)
+      @a.add_user(@u)
+      user_session(@user)
+      @t1 = @a.default_enrollment_term
+      @t2 = @a.enrollment_terms.create!(:name => 'Term 2')

-    e1 = course_with_student(:active_all => true)
-    c1 = e1.course
-    c1.update_attributes!(:enrollment_term => t1)
-    e2 = course_with_student(:active_all => true)
-    c2 = e2.course
-    c2.update_attributes!(:enrollment_term => t2)
-    c3 = course_with_student(:active_all => true, :user => e1.user).course
-    c3.update_attributes!(:enrollment_term => t1)
+      @e1 = course_with_student(:active_all => true)
+      @c1 = @e1.course
+      @c1.update_attributes!(:enrollment_term => @t1)
+      @e2 = course_with_student(:active_all => true)
+      @c2 = @e2.course
+      @c2.update_attributes!(:enrollment_term => @t2)
+      @c3 = course_with_student(:active_all => true, :user => @e1.user).course
+      @c3.update_attributes!(:enrollment_term => @t1)

-    User.update_account_associations(User.all.map(&:id))
+      User.update_account_associations(User.all.map(&:id))
+      # NOTE: A controller test should only call the action 1 time per test.
+      # this breaks use a js_env as it attempts to set a frozen hash multiple times.
+      # This was refactored out to 3 tests to keep it from breaking but should
+      # probably be refactored as integration test.
+    end

-    get 'index', :account_id => a.id
-    assigns[:users].map(&:id).sort.should == [u, e1.user, c1.teachers.first, e2.user, c2.teachers.first, c3.teachers.first].map(&:id).sort
+    it "should filter account users by term - default" do
+      get 'index', :account_id => @a.id
+      assigns[:users].map(&:id).sort.should == [@u, @e1.user, @c1.teachers.first, @e2.user, @c2.teachers.first, @c3.teachers.first].map(&:id).sort
+    end

-    get 'index', :account_id => a.id, :enrollment_term_id => t1.id
-    assigns[:users].map(&:id).sort.should == [e1.user, c1.teachers.first, c3.teachers.first].map(&:id).sort # 1 student, enrolled twice, and 2 teachers
+    it "should filter account users by term - term 1" do
+      get 'index', :account_id => @a.id, :enrollment_term_id => @t1.id
+      assigns[:users].map(&:id).sort.should == [@e1.user, @c1.teachers.first, @c3.teachers.first].map(&:id).sort # 1 student, enrolled twice, and 2 teachers
+    end

-    get 'index', :account_id => a.id, :enrollment_term_id => t2.id
-    assigns[:users].map(&:id).sort.should == [e2.user, c2.teachers.first].map(&:id).sort
+    it "should filter account users by term - term 2" do
+      get 'index', :account_id => @a.id, :enrollment_term_id => @t2.id
+      assigns[:users].map(&:id).sort.should == [@e2.user, @c2.teachers.first].map(&:id).sort
+    end
  end

  it "should not include deleted courses in manageable courses" do