phased out AssessmentQuestion#context, did some ground work for #5026
and #5027
Change-Id: Ice4567a0f069dd49da8ce57bf0c8325b0b062115
Reviewed-on: https://gerrit.instructure.com/5303
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
Avoid n queries for sub_account counts and course counts; instead do
a single query of each type for all visible accounts (if necessary;
sub_account count might be inferred from loaded sub_accounts)
Change-Id: I46aa607f485eda8e48effefe0c5ae72ee383ac80
Reviewed-on: https://gerrit.instructure.com/5295
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
also tweaked named_context_url to work better with UserProfile
contexts
Change-Id: If16ef16db507c8713436d0d88a1867f206ecdf48
Reviewed-on: https://gerrit.instructure.com/5225
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
* Daily job to evaluate alerts
* Spawns a new job for each root account (for parallelization).
It could be broken down to per-course level if needed (i.e.
if there is a *huge* root account).
* Evaluating criteria at a course level using efficient queries.
* UI for CRUD on alerts
* Render existing alerts
* Delete existing alerts
* Create a new alert
* CRUD for criteria, recipients, repetition
* Validations
* Improve instructure_helper's formErrors to support passing errors
for specific elements
* Improve Rails' :include to be able to :exclude an :include
inherited from a named scope
* Specs!!
* Note that we want to slowly roll this out, so there is a setting on
root accounts to enable it
So I ran an alert with just an interaction criterion on a test
cluster against 50,000 courses, and it took less than 10 minutes
without any parallelization. That seems like acceptable
performance to me (since there are only just over 3000 courses
in production that would even be elligible to have alerts sent
right now). Of course, that's probably skewed because I'm sure
a bunch of those 50,000 courses were essentially empty.
Change-Id: Ie028ef206c9155b9a72fb2a820f3e0e516de562a
Reviewed-on: https://gerrit.instructure.com/4799
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
* Manually cache account chains (query cache gets dumped after every
update or delete)
* Use batch queries and preloads to make the number of queries
constant wrt how many users are getting updated
* Simplify calculation - find the root account ids, and merge the
account chains together
* Fix depth to be defined as the minimum depth to reach that account
(rather than whichever path happened to be processed last)
* Add incremental mode to only add accounts, rather than re-calculate
all associations (only for User)
* Don't auto-create the default section during
update_account_associations; it costs a query and possibly an
insert, causes angst with schools that don't want it, etc.
Instead, always create associations against a 'nil' section so
that a course has the proper associations.
Change-Id: I7d476d45f41d9c3e382fac9b5c0c0aaa5369b956
Reviewed-on: https://gerrit.instructure.com/5135
Tested-by: Hudson <hudson@instructure.com>
Tested-by: Selenium <selenium@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
Basically, change from using recursive calls to a single flattened call.
Interestingly, this change caught a bug in the become user spec, so
apparently the old code wasn't quite working as intended.
Change-Id: I20fce8dbc5ca7c4797a4f8bd929202aaf8a96f9c
Reviewed-on: https://gerrit.instructure.com/5062
Tested-by: Hudson <hudson@instructure.com>
Tested-by: Selenium <selenium@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Refs #4952
* Fix saving role overrides for Site Admin account roles
* Add the following permissions:
* read_course_list (for listing or searching courses)
* view_statistics (for viewing account statistics)
* manage_user_notes (instead of being implied-ish by read_reports)
* Hide UI elements that provide access to features that are not
allowed
* Remove lots of not applicable stuff from Site Admin settings
Change-Id: I7414368b472ba655d04118db30c1bb46542deb37
Reviewed-on: https://gerrit.instructure.com/5054
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
* Remove the show_create_course_button helper, and refactor into
Account's set_policy block
* Don't implicitly give any admin :manage_courses rights (since it
can be revoked)
* Check for the correct permission on the correct account in the
GettingStartedController and CoursesController#copy
Change-Id: I6769d20c299d7e34ea83a79cdb6fab0d588122dc
Reviewed-on: https://gerrit.instructure.com/5027
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
The strategy is that if a term is named "Default Term", that will be a marker
that it's the default term in any language. When displaying the term name, we
check if it == "Default Term" and show the translated version if so. We also
do some special-casing on saving a new term name to make sure the translated
term name doesn't get saved as the new name.
Change-Id: Ic2b6659f75ef5e56bb5aa5fb7b241bba77dee445
Reviewed-on: https://gerrit.instructure.com/4905
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
At this point, nobody should be writing quotas as bytes anymore, so we mass
convert the remainder to bytes and get rid of the backwards-compatible code.
Change-Id: Ic5d6f8c8eaed947aef48dd7b1da348158f4ea2a4
Reviewed-on: https://gerrit.instructure.com/4276
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
This was already a small issue if the job queue was on a different
database driver than the main database, and it'll become more important
as more AR connections are introduced.
Change-Id: I204becadd32bb935df096e8c937a04bb6962f0b2
Reviewed-on: https://gerrit.instructure.com/4601
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Basically, don't call a bazillion procs everytime you check_policy;
just the "given" statement. Everything else is evaluated just once,
and cached on the class. This does lose functionality (the ability
to access the instance inside of set_policy, and set methods), but
none of it was currently in use.
Change-Id: I736879d98beb4115a2e8c492931c755076291d08
Reviewed-on: https://gerrit.instructure.com/4665
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
This is the first step in a 2-step process to change the storage_quota column
to be in bytes instead of MB. After this commit is deployed, we can deploy a
second commit that will do the following:
* Run a migration that multiplies all non-null storage_quota columns by
1024 * 1024 (if they are < 1024 * 1024).
* Removes the code that special cases quotas under 1MB.
Change-Id: I3fbf3fb85fbaae59e65edf86d9e94de1b51c2b6a
Reviewed-on: https://gerrit.instructure.com/4267
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
Adds the ability for admins to configure a second LDAP server that will be
queried after the primary, assuming the user could not be found on the
primary. This is a slight refactor towards a more flexible authorization
configs model. Changes include:
* changed the authorization relationship on Account to has_many
* for backwards compat with all the code that assumes one config, added
a convenience method to Account
* refactored the auth config editing screen to send multiple configs at a
time
* modified the pseudonym to iterate over all the auth configs (when using
ldap), stopping at the first one that succeeds
Change-Id: I6bae474f542e8c7046f07d4ab2c27e7d6f64a1ce
Reviewed-on: https://gerrit.instructure.com/4108
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
LDAP configuration now allows admins to set an
external URL to link to for the "I don't know my
password" link on the login page, instead of relying
on Canvas' default behavior.
fixes#4629
Change-Id: I3be2c810e1d6d773751c1a2f7c85a0059df1bc94
Reviewed-on: https://gerrit.instructure.com/3812
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
So, we have several account level permissions, we just weren't
respecting them. Most notably is :manage_account_settings instead
of :manage, the generic permission.
Account users get all the generic permissions (:create, :read,
:update, :delete, :manage) because there are still lots of course
level things that check those permissions. We still want to keep
those intact until we fix all those other checks, so for account
level things we need to use specific permissions as much as possible.
Things that are either odd or not correctly checked (due to having
to work with courses as a context with the generic permission):
* Listing and searching Courses, and viewing Statistics, is
available to any account admin, because there aren't specific
permissions for them
* Rubrics are not linked to without :manage_outcomes, but are
accesible via direct URI
* External tools is available to any account admin
* Account reports uses the :read_reports permission, which is
described in the UI as "View usage reports for the course"
Change-Id: Ia0f9409659dfc421f1199f7c8ab93b43edcde511
Reviewed-on: https://gerrit.instructure.com/3735
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
- can attach a grading standard to a course
- interface for managing standards at the course
and account level
- added final grade to gradebook page
- added final grade to student grades page
- added final grade to gradebook csv export
fixes#3868
Change-Id: I555b9f66b621d8967e893e50a671748267da9373
Reviewed-on: https://gerrit.instructure.com/3025
Tested-by: Hudson <hudson@instructure.com>
Tested-by: Selenium <selenium@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Students can now opt-in to receiving actual scores
in email/sms/facebook notifications about homework
grades. This ability can be manually disabled at
the root account level if necessary.
fixes#4479
Change-Id: I1b769bef140719578fa345ca519999a2834b00f8
Reviewed-on: https://gerrit.instructure.com/3473
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
this makes it so devices without flash (eg: iThings) can
view documents inline.
Includes a few other changes:
* add UI to account/settings page to enable/disable 3rd
party services (i.e. google docs previews, twitter, linkedIn)
-- you can disable these previews there.
* use DRYer API for embedding scribd docs this also makes
them ready if/when we switch to ssl
* open documents on show_preview page in a modal window
instead of inline in the list (which would grow a
little wider every time you mouse over it) fixes#4004
* use all available screen real-estate on files#show page
(before it would only use 400px of height).
fixes#4007
Change-Id: I0bb4b10c75c2217f35e0361bef61ca0b602533a9
Reviewed-on: https://gerrit.instructure.com/2662
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
Jon Jensen