Add outcome proficiency permissions

closes OUT-3944 flag=none test plan: - confirm that these account permissions are enabled for account admins (account roles) and disabled but available for teachers and designers (course roles) - create a custom account role - enable the "Learning Outcomes - add / edit / delete" permission - either run the data fixup code again or perform the two steps above before running the migrations from this patch set - confirm the proficiency permissions are now enabled on the custom role (reload Canvas permissions page before confirming) Change-Id: I6fb52c4f9eb0d5146453b55dba1fd14912818b7b Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/247047 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Michael Brewer-Davis <mbd@instructure.com> Reviewed-by: Rob Orton <rob@instructure.com> QA-Review: Brian Watson <bwatson@instructure.com> Product-Review: Jody Sailor
2020-09-04 09:41:26 -10:00 · 2020-09-04 09:41:26 -10:00 · edfd81521e
parent f106c87a68
commit edfd81521e
6 changed files with 137 additions and 2 deletions
--- a/app/controllers/role_overrides_controller.rb
+++ b/app/controllers/role_overrides_controller.rb
@ -281,6 +281,8 @@ class RoleOverridesController < ApplicationController
  #     manage_groups                    -- [ TAD ] Groups - add / edit / delete
  #     manage_interaction_alerts        -- [ Ta  ] Alerts - add / edit / delete
  #     manage_outcomes                  -- [sTaDo] Learning Outcomes - add / edit / delete
+  #     manage_proficiency_calculations  -- [ t d ] Outcome Proficiency Calculations - add / edit / delete
+  #     manage_proficiency_scales        -- [ t d ] Outcome Proficiency Scales - add / edit / delete
  #     manage_sections                  -- [ TaD ] Course Sections - add / edit / delete
  #     manage_students                  -- [ TAD ] Users - add / remove students in courses
  #     manage_user_notes                -- [ TA  ] Faculty Journal - manage entries
--- a/app/jsx/permissions/templates.js
+++ b/app/jsx/permissions/templates.js
@ -2504,6 +2504,48 @@ const ltiAddEditPermissions = generateActionTemplates(
  ]
 )

+const outcomeProficiencyCalculationsAddEditDeletePermissions = generateActionTemplates(
+  'manage_proficiency_calculations',
+  [
+    {
+      title: I18n.t('Outcome Proficiency Calculations'),
+      description: I18n.t(
+        `Allows user to set outcome proficiency calculations at the account and course levels.`
+      )
+    }
+  ],
+  [],
+  [
+    {
+      title: I18n.t('Outcome Proficiency Calculations'),
+      description: I18n.t(
+        `Allows user to set outcome proficiency calculations at the course level.`
+      )
+    }
+  ],
+  []
+)
+
+const outcomeProficiencyScalesAddEditDeletePermissions = generateActionTemplates(
+  'manage_proficiency_scales',
+  [
+    {
+      title: I18n.t('Outcome Proficiency Scales'),
+      description: I18n.t(
+        `Allows user to set outcome proficiency scales at the account and course levels.`
+      )
+    }
+  ],
+  [],
+  [
+    {
+      title: I18n.t('Outcome Proficiency Scales'),
+      description: I18n.t(`Allows user to set outcome proficiency scales at the course level.`)
+    }
+  ],
+  []
+)
+
 const learningOutcomesAddEditDeletePermissions = generateActionTemplates(
  'manage_outcomes',
  [
@ -3251,6 +3293,8 @@ export const PERMISSION_DETAILS_ACCOUNT_TEMPLATES = {
    messagesSentPermissions.ACCOUNT,
    messagesSentEntireClassPermissions.ACCOUNT,
    notificationsPermissions.ACCOUNT,
+    outcomeProficiencyCalculationsAddEditDeletePermissions.ACCOUNT,
+    outcomeProficiencyScalesAddEditDeletePermissions.ACCOUNT,
    pagesAddRemovePermissions.ACCOUNT,
    pairingCodePermissions.ACCOUNT,
    managePermissions.ACCOUNT,
@ -3322,6 +3366,8 @@ export const PERMISSION_DETAILS_COURSE_TEMPLATES = {
    pagesAddRemovePermissions.COURSE,
    pairingCodePermissions.COURSE,
    managePermissions.COURSE,
+    outcomeProficiencyCalculationsAddEditDeletePermissions.COURSE,
+    outcomeProficiencyScalesAddEditDeletePermissions.COURSE,
    questionBankPermissions.COURSE,
    rubricsAddPermissions.COURSE,
    sisDataImportPermissions.COURSE,
--- a/app/models/role_override.rb
+++ b/app/models/role_override.rb
@ -615,6 +615,34 @@ class RoleOverride < ActiveRecord::Base
         'AccountAdmin'
       ]
    },
+    :manage_proficiency_calculations => {
+       :label => lambda { t('permissions.manage_proficiency_calculations', "Manage outcome proficiency calculations") },
+       :label_v2 => lambda { t("Outcome Proficiency Calculations - add / edit") },
+       :available_to => [
+         'DesignerEnrollment',
+         'TeacherEnrollment',
+         'TeacherlessStudentEnrollment',
+         'AccountAdmin',
+         'AccountMembership'
+       ],
+       :true_for => [
+         'AccountAdmin'
+       ]
+    },
+    :manage_proficiency_scales => {
+       :label => lambda { t('permissions.manage_proficiency_scales', "Manage outcome proficiency scales") },
+       :label_v2 => lambda { t("Outcome Proficiency Scales - add / edit") },
+       :available_to => [
+         'DesignerEnrollment',
+         'TeacherEnrollment',
+         'TeacherlessStudentEnrollment',
+         'AccountAdmin',
+         'AccountMembership'
+       ],
+       :true_for => [
+         'AccountAdmin'
+       ]
+    },
    :manage_sections => {
        :label => lambda { t('permissions.manage_sections', "Manage (create / edit / delete) course sections") },
        :label_v2 => lambda { t("Course Sections - add / edit / delete") },
--- a/db/migrate/20200908195559_populate_proficiency_permissions.rb
+++ b/db/migrate/20200908195559_populate_proficiency_permissions.rb
@ -0,0 +1,33 @@
+#
+# Copyright (C) 2020 - present Instructure, Inc.
+#
+# This file is part of Canvas.
+#
+# Canvas is free software: you can redistribute it and/or modify it under
+# the terms of the GNU Affero General Public License as published by the Free
+# Software Foundation, version 3 of the License.
+#
+# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
+# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+# details.
+#
+# You should have received a copy of the GNU Affero General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+
+class PopulateProficiencyPermissions < ActiveRecord::Migration[5.2]
+  tag :postdeploy
+
+  def up
+    DataFixup::AddRoleOverridesForNewPermission.run(
+      :manage_outcomes,
+      :manage_proficiency_calculations,
+      base_role_type: 'AccountMembership'
+    )
+    DataFixup::AddRoleOverridesForNewPermission.run(
+      :manage_outcomes,
+      :manage_proficiency_scales,
+      base_role_type: 'AccountMembership'
+    )
+  end
+end
--- a/lib/data_fixup/add_role_overrides_for_new_permission.rb
+++ b/lib/data_fixup/add_role_overrides_for_new_permission.rb
@ -21,14 +21,16 @@ module DataFixup::AddRoleOverridesForNewPermission
  # (for instance if a custom account admin has :manage_admin_users, they will
  # suddenly no longer be able to add account admins anymore until this is run)

-  def self.run(base_permission, new_permission, skip_validation: false)
+  def self.run(base_permission, new_permission, skip_validation: false, base_role_type: nil)
    unless skip_validation
      [base_permission, new_permission].each do |perm|
        raise "#{perm} is not a valid permission" unless RoleOverride.permissions.keys.include?(perm.to_sym)
      end
    end

-    RoleOverride.where(:permission => base_permission).find_in_batches do |base_overrides|
+    rel = RoleOverride.where(:permission => base_permission)
+    rel = rel.joins(:role).where(roles: {base_role_type: base_role_type}) if base_role_type
+    rel.find_in_batches do |base_overrides|
      # just in case
      new_overrides = RoleOverride.where(:permission => new_permission, :context_id => base_overrides.map(&:context_id))

--- a/spec/models/role_override_spec.rb
+++ b/spec/models/role_override_spec.rb
@ -567,6 +567,30 @@ describe RoleOverride do
      account_model
    end

+    describe 'manage_proficiency_calculations' do
+      let(:permission) { RoleOverride.permissions[:manage_proficiency_calculations] }
+
+      it 'is enabled by default for account admins' do
+        expect(permission[:true_for]).to match_array %w(AccountAdmin)
+      end
+
+      it 'is available to account admins, account memberships, teachers, and designers' do
+        expect(permission[:available_to]).to match_array %w(AccountAdmin AccountMembership DesignerEnrollment TeacherEnrollment TeacherlessStudentEnrollment)
+      end
+    end
+
+    describe 'manage_proficiency_scales' do
+      let(:permission) { RoleOverride.permissions[:manage_proficiency_scales] }
+
+      it 'is enabled by default for account admins' do
+        expect(permission[:true_for]).to match_array %w(AccountAdmin)
+      end
+
+      it 'is available to account admins, account memberships, teachers, and designers' do
+        expect(permission[:available_to]).to match_array %w(AccountAdmin AccountMembership DesignerEnrollment TeacherEnrollment TeacherlessStudentEnrollment)
+      end
+    end
+
    describe 'select_final_grade' do
      let(:permission) { RoleOverride.permissions[:select_final_grade] }