require at least 1 enrollment or account_user to create eportfolios

closes FOO-1897

test plan:
- create a new user, they should not be able to create an eportfolio
- add them to a course, now they can
- OR add them as an account admin, now they can

Change-Id: Ib18d1ccbfef7c5aff3e977c017ec471312867049
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/263432
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: August Thornton <august@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: August Thornton <august@instructure.com>

app/models/eportfolio.rb

@@ -71,7 +71,9 @@ class Eportfolio < ActiveRecord::Base
 
   set_policy do
     given do |user|
-      user&.eportfolios_enabled? && !user.eportfolios.active.flagged_or_marked_as_spam.exists?
+      user&.eportfolios_enabled? &&
+        !user.eportfolios.active.flagged_or_marked_as_spam.exists? &&
+        (user.enrollments.exists? || user.account_users.exists?)
     end
     can :create
 

db/migrate/20210518154903_flag_eportfolios_on_empty_users.rb

@@ -0,0 +1,27 @@
+# frozen_string_literal: true
+
+#
+# Copyright (C) 2021 - present Instructure, Inc.
+#
+# This file is part of Canvas.
+#
+# Canvas is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Affero General Public License as published by the Free
+# Software Foundation, version 3 of the License.
+#
+# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Affero General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+
+class FlagEportfoliosOnEmptyUsers < ActiveRecord::Migration[6.0]
+  tag :postdeploy
+  disable_ddl_transaction!
+
+  def up
+    DataFixup::FlagEportfoliosOnEmptyUsers.delay_if_production(priority: Delayed::LOW_PRIORITY, n_strand: 'long_datafixups').run
+  end
+end

lib/data_fixup/flag_eportfolios_on_empty_users.rb

@@ -0,0 +1,38 @@
+# frozen_string_literal: true
+
+#
+# Copyright (C) 2021 - present Instructure, Inc.
+#
+# This file is part of Canvas.
+#
+# Canvas is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Affero General Public License as published by the Free
+# Software Foundation, version 3 of the License.
+#
+# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Affero General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+
+module DataFixup
+  class FlagEportfoliosOnEmptyUsers
+    def self.run
+      GuardRail.activate(:secondary) do
+        Eportfolio.select(:user_id).distinct.find_in_batches(batch_size: 5000) do |batch|
+          uid_batch = batch.map(&:user_id)
+          uid_batch -= Enrollment.where(user_id: uid_batch).pluck(:user_id)
+          uid_batch -= AccountUser.where(user_id: uid_batch).pluck(:user_id)
+          if uid_batch.present?
+            GuardRail.activate(:primary) do
+              Eportfolio.where(user_id: uid_batch, spam_status: nil)
+                .update_all(spam_status: 'flagged_as_possible_spam')
+            end
+          end
+        end
+      end
+    end
+  end
+end

spec/lib/data_fixup/flag_eportfolios_on_empty_users_spec.rb

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+
+#
+# Copyright (C) 2018 - present Instructure, Inc.
+#
+# This file is part of Canvas.
+#
+# Canvas is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Affero General Public License as published by the Free
+# Software Foundation, version 3 of the License.
+#
+# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Affero General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+
+require 'spec_helper'
+
+describe DataFixup::FlagEportfoliosOnEmptyUsers do
+  it 'runs' do
+    course_with_teacher
+    account_admin_user
+    @spammer = user_model
+
+    te1 = @teacher.eportfolios.create!(name: 'Teaching is great')
+    te2 = @teacher.eportfolios.create!(name: 'My Best Assignments')
+    te3 = @teacher.eportfolios.create!(name: 'Grading Services', spam_status: 'marked_as_safe')
+
+    aae1 = @admin.eportfolios.create!(name: 'Administering all the Things')
+
+    se1 = @spammer.eportfolios.create!(name: 'MoViEz R cOoL')
+    se2 = @spammer.eportfolios.create!(name: 'Free AmaSoftBook Licenses!!!')
+    se3 = @spammer.eportfolios.create!(name: 'Pills to make you a smartypants', spam_status: 'marked_as_spam')
+
+    DataFixup::FlagEportfoliosOnEmptyUsers.run
+
+    # Don't touch normal user eportfolios
+    expect([te1, te2, aae1].map{|e| e.reload.spam_status}).to eq [nil, nil, nil]
+
+    # Don't touch already flagged eportfolios
+    expect([te3, se3].map{|e| e.reload.spam_status}).to eq ['marked_as_safe', 'marked_as_spam']
+
+    # Flag others
+    expect([se1, se2].map{|e| e.reload.spam_status}).to eq ['flagged_as_possible_spam', 'flagged_as_possible_spam']
+  end
+end

spec/models/eportfolio_spec.rb

@@ -219,6 +219,16 @@ describe Eportfolio do
         @eportfolio.destroy
         expect(Eportfolio.new.grants_right?(@student, :create)).to be true
       end
+
+      it "can create if the user is an admin" do
+        admin = account_admin_user
+        expect(Eportfolio.new.grants_right?(admin, :create)).to be true
+      end
+
+      it "cannot create if the user has no enrollment/account_user" do
+        user = user_factory(active_all: true)
+        expect(Eportfolio.new.grants_right?(user, :create)).to be false
+      end
     end
   end