fixes CNVS-10527
the include[] parameter on the outcome result endpoint can now
include 'outcomes', 'users', and 'courses'
test plan
- fetch outcome results using the api
- verify that the 'linked' section is not present
- ensure that outcomes are included when requested
- with the aggregate parameter not set...
- ensure that users are included when requested
- ensure that requesting course inclusion results in an error
- with the aggregate parameter is set to 'course'...
- ensure that courses are included when requested
- ensure that requesting user inclusion results in an error
Change-Id: I80714c0c8c9534d5853bc1c0e9258919913afa60
Reviewed-on: https://gerrit.instructure.com/28826
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Matt Fairbourn <mfairbourn@instructure.com>
Reviewed-by: Braden Anderson <banderson@instructure.com>
Product-Review: Joel Hough <joel@instructure.com>
fixes CNVS-10679
this commit refactors quiz into a quizzes namespace. it contains various
shims to facilitate the data migration of polymorphic relationships
('Quiz' -> 'Quizzes::Quiz'). JIRA contains several tickets linked to
the above tickets in regards to removing these shims after the data
migration, as well as the strategies on reverting the shims once the
data migration is complete.
Change-Id: I30c566d60a87af6ee83e9d0041fdcb909ead6a89
Reviewed-on: https://gerrit.instructure.com/28573
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Derek DeVries <ddevries@instructure.com>
QA-Review: Myller de Araujo <myller@instructure.com>
Product-Review: Josh Simpson <jsimpson@instructure.com>
fixes CNVS-10341
test plan:
* before applying this commit, if possible:
* create a discussion
* add a reply as a student
* after applying this commit:
* open the discussion as the student
* verify that you can edit the reply you added before, but not
those from other users
* add a new reply
* without refreshing, verify that you can edit your new reply
* refresh the page
* verify that you can still edit your reply
* test basic canvas functionality (sorry)
Change-Id: Ifa654f7d853fd167d5bfbaee6184657209d58272
Reviewed-on: https://gerrit.instructure.com/28413
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
Reviewed-by: Jon Willesen <jonw@instructure.com>
QA-Review: Steven Shepherd <sshepherd@instructure.com>
Product-Review: Braden Anderson <banderson@instructure.com>
fixes: CNVS-8996
Added a grade change audit UI for searching grade change events. This allows the
user to search based off of the grader, student, course id, and assignment id.
In addition to each parameter a date range can be selected.
Currently assignment and course can only be searched if the ID is known. This
is because there is no way to query for courses based on a name with the api.
Note: The submission after_save :grade_change_audit needed to be after the
simply_versioned call because the grade change audit uses that to grab the
previous grade. This was a bug in the grade change audit log api. This
fixes that issue also.
Test Case:
- Create a course with an assignment and student.
- Grade the assignment for the student.
- Change the grade for the student a few times.
- Open the admin tools. Select the Logging tab and then pick the grade change
activity option in the drop down.
- Search for the grader. The results from the grade changes should show
accordingly.
- Search for the student. The results from the grade changes should show
accordingly.
- Search for the course id. The results from the grade changes should show
accordingly.
- Search for the assignment id. The results from the grade changes should
show accordingly.
- Perform each search type again, testing the date range capabilities.
- Make sure you cannot search with an invalid date range, grader, and student.
- Enter an invalid course id, no results should be returned.
- Enter an invalid assignment id, no results should be returned.
Change-Id: Ie5a4d34dbb60627374035071c68ec4d404e80135
Reviewed-on: https://gerrit.instructure.com/26868
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Nick Cloward <ncloward@instructure.com>
Product-Review: Nick Cloward <ncloward@instructure.com>
QA-Review: Nick Cloward <ncloward@instructure.com>
Tested-by: Nick Cloward <ncloward@instructure.com>
fixes CNVS-10040
test plan
- fetch outcome results using api, specifying some users from the
context in the user_ids parameter
- ensure that only the specified users are returned, even if they
don't have an outcome result
- fetch course aggregate results, specifying some users
- ensure that only the specified users' scores are used in the
resulting average
- try to fetch outcome results using the api, specifying some users
who are not in the context
- ensure that an error is returned
- fetch some outcomes using the api without the user_ids param
- ensure that results for all users are returned
Change-Id: I9e0e3fa37a7087a9808f3ab7c1859410620eab3d
Reviewed-on: https://gerrit.instructure.com/28149
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Matt Fairbourn <mfairbourn@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
Product-Review: Joel Hough <joel@instructure.com>
test plan:
- The quiz api should work like it normally does when you don't pass
an 'Accept: application/vnd.api+json' header.
- The quizzes index page and quiz edit page should work like they
always do.
- Testing the Quizzes API for "jsonapi" style:
- For all requests, you MUST have the "Accept" header set to
"application/vnd.api+json"
- Test all the endpoints (PUT, POST, GET, INDEX, DELETE) like you
normally would, except you'll need to format the data according to
the next few steps:
- For "POST" and "PUT" (create and update) requests, you should send
the data like: { "quizzes": [ { id: 1, title: "blah" } ]
- For all requests (except DELETE), you should get back a response
that looks like: { "quizzes": [ { quiz you requested } ]
- For the "delete" action, you should get a "no content" response
and the request should be successful
Change-Id: Ie91deaeb6772cbe52a0fc46a28ab93a4e3036061
Reviewed-on: https://gerrit.instructure.com/25997
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
existing API users need API endpoints to return [] when given a page
past the end of the collection, rather than returning a 404. hopefully
this workaround is temporary...
test-plan:
- request /api/v1/courses/:course_id/users
- note the page number in the rel=last url of the Link header in the
response
- request /api/v1/courses/:course_id/users?page=<1 more than that>
- should return an empty array of results
- should not respond with a 404
Change-Id: Ic8639c7acd2bd07835e8216dd74c1cff0ed51c10
Reviewed-on: https://gerrit.instructure.com/27650
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
Allows users to start a "quiz-taking session" via the API by creating
a QuizSubmission and later on completing it.
Note that this patch isn't concerned with actually using the QS to
answer questions. That task will be the concern of a new API controller,
QuizSubmissionQuestions.
closes CNVS-8980
TEST PLAN
---- ----
- Create a quiz
- Keep a tab open on the Moderate Quiz (MQ from now) page
Create the quiz submission (ie, start a quiz-taking session):
- Via the API, as a student:
- POST to /courses/:course_id/quizzes/:quiz_id/submissions
- Verify that you receive a 200 response with the newly created
QuizSubmission in the JSON response.
- Copy the "validation_token" field down, you will need this later
- Go to the MQ tab and verify that it says the student has started a
quiz attempt
Complete the quiz submission (ie, finish a quiz-taking session):
- Via the API, as a student, prepare a request with:
- Method: POST
- URI: /courses/:course_id/quizzes/:quiz_id/submissions/:id/complete
- Parameter "validation_token" to what you copied earlier
- Parameter "attempt" to the current attempt number (starts at 1)
- Now perform the request, and:
- Verify that you receive a 200 response
- Go to the MQ tab and verify that it says the submission has been
completed (ie, Time column reads "finished in X seconds/minutes")
Other stuff to test (failure scenarios):
The first endpoint (one for starting a quiz attempt) should reject your
request in any of the following cases:
- The quiz has been locked
- You are not enrolled in the quiz course
- The Quiz has an Access Code that you either didn't pass, or passed
incorrectly
- The Quiz has an IP filter and you're not in the address range
- You are already taking the quiz (you've created the submission and
did not call /complete yet)
- You are not currently taking the quiz, but you already took it
earlier and the Quiz does not allow for multiple attempts
The second endpoint (one for completing the quiz attempt) should reject
your request in any of the following cases:
- You pass in an invalid "validation_token"
- You already completed that quiz submission (e.g, you called that
endpoint earlier)
Change-Id: Iff8a47859d7477c210de46ea034544d5e2527fb2
Reviewed-on: https://gerrit.instructure.com/27015
Reviewed-by: Derek DeVries <ddevries@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Myller de Araujo <myller@instructure.com>
Product-Review: Ahmad Amireh <ahmad@instructure.com>
The api_user_content function was returning absolute urls when
adding the verifier parameter, but HtmlRewriter only works
properly with relative urls (doing a regex gsub). This was
causing corruption of existing absolute urls (which were
probably introduced by a prior bug).
Fortunately, the api_user_content function translates relative
urls into absolute urls in a later step, so this just fixes a
bug and doesn't change the interface of api_user_content
function.
fixes CNVS-9882
test plan:
- put a link to an image in the course's files a discussion
topic and save.
- inspect the image element; the src attribute should be a
relative link
- edit the discussion topic and click "switch views." Change
the relative url for the src attribute to an absolute url
and save.
- inspect the image element again; the src attribute should be
an absolute link.
- edit the discussion topic. The image should display normally. make a text edit and save.
- the image should still display normally in the discussion
topic.
Change-Id: Ifc056b5507d70ef63bbe07a2245e08cad7bbd605
Reviewed-on: https://gerrit.instructure.com/27472
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Braden Anderson <banderson@instructure.com>
QA-Review: Steven Shepherd <sshepherd@instructure.com>
Product-Review: Jon Willesen <jonw@instructure.com>
fixes CNVS-8791
fixes CNVS-8795
* "without_count: true" -> "total_entries: nil"
* move order clauses to the pagination target, rather than being in the
pagination call
* clean up implementation of first/last page links in Api.paginate
test-plan:
- have an account report with at least two instances
- fetch /api/v1/accounts/:account_id/reports/:report
- response should have most recent report instance first
- have two subaccounts under an account
- fetch /api/v1/accounts/:id/sub_accounts?recursive=true&per_page=1
- Links response header should not have a link with rel=last
- fetch /api/v1/accounts/:id/sub_accounts?recursive=false&per_page=1
- Links response header should have a link with rel=last embedding
page=2
- load /error_reports
- should have most recent reports first
- fetch /api/v1/conversations/batches
- should have oldest batch first
Change-Id: Ifef79b193720a09ad7fe059ed23e930c97d10f59
Reviewed-on: https://gerrit.instructure.com/26535
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
refs CNVS-5305
with folio pages, we can just trust and use page.first_page and
page.last_page
test-plan:
* /api/v1/courses
- should have "first" link regardless of page (first, last, in
between)
- should have "last" link regardless of page (first, last, in
between)
* /api/v1/search/recipients?context=course_123
- should have "first" link regardless of page (first, last, in
between)
- should not have "last" link when there's a next page
- should have "last" link on last page (no next page)
* exercise the conversation receipient search when the search results
have just one hit
- should not throw an error
* load gradebook2 when there's only one page of enrollments
- should not throw an error
Change-Id: If6dfa972db22a91350ee820ccbfe25008f6b0e90
Reviewed-on: https://gerrit.instructure.com/26538
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
fixes CNVS-9321, CNVS-9322
test plan:
* regression test current behavior for
/api/v1/courses/X/students/submissions
* as a student, teacher, and observer (and combinations of the two)
check submissions?student_ids[]=all. Ensure the expected data is
returned
* BEHAVIOR CHANGE: if you pass an id for student_ids[]= that cannot
be returned (not enrolled, or you don't have access to), it should
401 in all cases, instead of sometimes 401 and sometimes returning
no results
* BEHAVIOR CHANGE: if you pass more (valid) ids than api_max_per_page
(defaults to 50, you can change it lower for testing purposes), it
should return a 400 with explanation, rather than silently not
returning submissions for users later in the list than the max
Change-Id: I5c9a4a84101f3787770d0d425df1deab37e32e6a
Reviewed-on: https://gerrit.instructure.com/26051
QA-Review: Cody Cutrer <cody@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
if the response is json and paginated, make sure it honors the per_page
parameter. also, make sure we don't accidentally allow arbitrarily large
per_page values.
test-plan:
[check this per endpoint]
- have more than <max> entries (e.g. apps in the app center)
- fetch <endpoint>
- should get a page with <default> results
- link with rel="next" should embed per_page=<default>
- fetch <endpoint>?per_page=<max+1>
- should get a page with <max> results
- Link header should have a link with rel="next". that link should
embed per_page=<max>
- fetch <endpoint>?per_page=1
- should get a page with 1 result
- link with rel="next" should embed per_page=1
[endpoints]
/api/v1/courses/:course_id/app_center/apps
default: 72
max: 72
/api/v1/courses/:course_id/app_center/apps/:app_id/reviews
default: 15
max: 50
/conversations/discussion_replies.json
default: 15
max: 50
/courses/:course_id/users/:user_id/usage.json
default: 50
max: 50
/courses/:course_id/group_unassigned_members.json
default: 15
max: 100
/courses/:course_id/outcomes/:outcome_id/results
default: 10
max: 50
/courses/:course_id/question_banks/:question_bank_id/questions
default: 50
max: 50
/courses/:course_id/quizzes/:quiz_id/moderate.json
default: 50
max: 50
/api/v1/courses/:course_id/activity_stream
default: 21
max: 50
Change-Id: Iacb0b413de1175fb70d9b073fccef3e70082e60e
Reviewed-on: https://gerrit.instructure.com/26095
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
closes CNVS-9074
In rails2, we explicitly override `render :json` to use Oj and the
ParamsParser middleware to parse with Oj.
In rails3, we enable the oj backend for ActiveSupport::JSON. However,
sadly that's not enough because of the screwy state of JSON in Rails 3
and Rails 4.0.x. So we pull in the rails-patch-json-encode gem to fix
performance. If this ends up causing issues as we continue working
toward Rails 3.2, we'll remove this gem. A good explantion of the issues
is in the README: https://github.com/GoodLife/rails-patch-json-encode
In my local (rails2) benchmarking, json response generation is 12-14x faster
*with stringify ids* enabled. It'll be slightly faster without, but
stringify is becoming the norm. json parsing is a smaller win, 2-3x
faster, but still significant enough to warrant patching ParamsParser
(said patch goes away in rails3).
test plan:
* no behavior changes are expected
* regression testing of the api, both the json responses and sending
json to put/post requests
* regression testing of the web ui in areas that use the api and ajax
calls
Change-Id: I632549baaa4e51dd0ee67dede911941877911102
Reviewed-on: https://gerrit.instructure.com/25458
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
test plan:
- specs pass
Change-Id: I8f504612795352eecd65420f01335edbcb7fd544
Reviewed-on: https://gerrit.instructure.com/25530
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
QA-Review: Stanley Stuart <stanley@instructure.com>
now that we have SIGHUP, we were changing everything to it anyway,
so just let caching in-proc be the default
Change-Id: Id1b44722522ac9693b17695da7107c99a359d5ac
Reviewed-on: https://gerrit.instructure.com/25020
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes CNVS-7597
when given this header, data structures passed to render :json are
pre-processed before serialization to json such that any integer values
in 'id', 'foo_id', or 'foo_ids' fields (also 'ids' fields, but we don't
have any of those currently that I'm aware off), at any level (e.g.
within a nested data structure), are cast to strings.
test-plan:
- full regression testing of both the UI (as it makes API calls) and
the documented API
- no UI behavior should change
- API behavior should change only as described above
Change-Id: I4e0a68957038be063cf488dd9ec2262452dea3cf
Reviewed-on: https://gerrit.instructure.com/23956
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan:
- consult the API documentation for the new Get Module Item Sequence
endpoint, and also the Module Item Sequence return type
- test retrieving the sequence information of a module item
of each type
- the ModuleItems for the prev, current, and next items
in the sequence should be returned
- any Modules referenced should also be returned
(e.g., there should be three of them if you're testing
on an item that is the only item in its module,
and previous and next items in other modules exist)
- verify that no more than 10 item sequences are returned
when an item appears in modules more than 10 times
- test as a student, ensuring that unpublished modules
and unpublished module items are excluded from the results
fixes CNVS-7616
Change-Id: I75365dc3f169d35767525686815f9cd93e595bdb
Reviewed-on: https://gerrit.instructure.com/23578
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
QA-Review: Hannah Bottalla <hannah@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan:
* exercise paginated api endpoints (including the search endpoint)
- ensure the link headers now include current (for the current page)
refs CNVS-7508
Change-Id: Id271c3a05b726de9ce619bd0100af84db199d4f1
Reviewed-on: https://gerrit.instructure.com/23365
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Hannah Bottalla <hannah@instructure.com>
Reviewed-by: James Williams <jamesw@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
in both requests and responses
test plan:
* in all group and group membership apis, it should be able to use
the sis id of the group instead of the canvas id (sis ids are only
supported on account level groups)
* in api responses that return groups, it should include the
sis_group_id if the calling user can read sis data at the root
account level
Change-Id: I439bf2d33661ed128a75c759c304c897fe0fc38b
Reviewed-on: https://gerrit.instructure.com/21612
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
refs CNVS-2500, closes CNVS-6577
Test plan:
* make sure the assignment groups index api action still works
- be sure to include assignments
* test with and without overrides
* make sure gradebook2 still works (focus on anything related to
assignment due dates)
Change-Id: I440a8fdeffdb497884356f08c19b5b7792566a3a
Reviewed-on: https://gerrit.instructure.com/22102
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Cameron Matheson <cameron@instructure.com>
fixes CNVS-6576
Test plan:
* run the SubmissionsApiController#for_students action as a teacher
(it's part of gb2)
* make sure some/all of the submissions have attachments
* you should see a reasonable amount of queries (not hundreds or
thousands)
* make sure gradebook2 correctly displays student submission data
Change-Id: If301a70eb001f7876aa94e476b2c76dfa664ae05
Reviewed-on: https://gerrit.instructure.com/21790
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
Product-Review: Cameron Matheson <cameron@instructure.com>
if a file_id is given to show_relative in addition to a file_path, but
that file_id is invalid, treat is just like as if they'd given an
incorrect-but-valid id (i.e. doesn't match the path).
fixes CNVS-6148
test-plan:
- create a file
- get a link to the file that includes both the file_id and file_path
- change the file id to an invalid string
- should still load the file
- should not generate a page error
Change-Id: Ifed3fbd9ef9fe2c5a4fd951f2de5facdf38e28d0
Reviewed-on: https://gerrit.instructure.com/21556
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
fixes CNVS-6168
test plan:
- as a teacher:
- upload a file to your own files
(/users/self/files)
- use the RCE embed-image button to embed this image in various
places, including but not limited to:
- wiki page
- assignment description
- discussion topic
- discussion reply
- as a student:
- make sure the embedded images are visible
Change-Id: I93b103041f44a385b1652f2bd48aeb4b9dec8147
Reviewed-on: https://gerrit.instructure.com/21549
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
test plan:
- have a course with a quiz
- in rich content (like a wiki page), use the wiki sidebar
to insert a link to the quiz list and a link to the quiz
- retrieve the wiki page via the pages API
- the quiz list link should have added attributes
* data-api-returntype="[Quiz]" (with brackets)
* data-api-endpoint: valid API link to the quiz index
- the quiz link should have added attributes
* data-api-returntype="Quiz"
* data-api-endpoint: valid API link to the quiz
- the API documentation should mention "Quiz" in the list
of supported data-api-returntype values, found in the
"Basics" section under "API Endpoint Attributes"
fixes CNVS-6115
Change-Id: If405f6779f1b3f3719503a9987cceaf29a508ed8
Reviewed-on: https://gerrit.instructure.com/21080
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
test plan:
- in rich text somewhere (wiki page, assignment, etc.),
embed a link to launch an LTI tool.
a suitable test tool can be found at
http://lti-tool-provider.herokuapp.com
- retrieve that text through the appropriate API
(pages, assignments, etc.)
- the link should have added data-api-return-type
(SessionlessLaunchUrl) and data-api-endpoint attributes.
- the data-api-endpoint should contain a link to the
generate-sessionless-launch API. hit this link with
curl or postman or whatever (authenticating with your
token as is normal for API requests)
- the above API should return a URL with a big scary
verifier in it. (you should be able to launch *that*
URL to get into the LTI tool without a Canvas session)
fixes CNVS-5944
Change-Id: I2e51312341b08f87ff2be7bee57370318be72b65
Reviewed-on: https://gerrit.instructure.com/21075
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
Rails 3 doesn't handle them, so just ignore them.
also fix api usage of pluck depending on an include
Change-Id: Ia39b8ef6e5f442f4f7b873ae3bd6839f0422b906
Reviewed-on: https://gerrit.instructure.com/20071
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Mark Ericksen <marke@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
closes CNVS-5218
test plan: insert audio and video comments into rich text that goes
through the api (for instance assignment descriptions, and discussion
entries). modify the content multiple times, the audio and video should
still play correctly. use the api to pull the same content, modify it,
and push it back through the api. the content should still play
correctly.
Change-Id: Id38ef78aaa478c66ae2314b30d33ec3f2199a6bd
Reviewed-on: https://gerrit.instructure.com/19598
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
test plan:
* create an assignment, link an attachment
in the description, and save
* open the assignment editor up again and save it
* delete the attachment and re-upload another
file with the same name
* preview the assignment
* the link should take you to the updated
attachment instead of failing
fixes #CNVS-5216
Change-Id: I7258d4ca35f6d34594bd32bd77e86c2e61262ea4
Reviewed-on: https://gerrit.instructure.com/19594
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
test plan:
* create an object with html user content (such as an
assignment description)
* include a file download link (e.g.
"/courses/:id/files/:file_id/download")
* retrieve the object through the API
* confirm that the translated link (that includes
a verifier param), still has "/courses/:id"
rather than just "/files/:file_id/download"
* include a file preview link (e.g.
"/courses/:id/files/:file_id/preview")
* retrieve the object through the API
* confirm that the translated link has
"/courses/:id" and still has "/preview"
as well as a verifier param
* confirm that following the link in the browser
results in downloading the file
closes #CNVS-5213 #CNVS-5214 #CNVS-5215
Change-Id: Ib2bb6b1857055dbfe2d1b9e0873600beaa70bf75
Reviewed-on: https://gerrit.instructure.com/19512
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
changes the user content html rewriter so links
to files that were deleted and replaced will still
be translated correctly (rather than pointing to
the old deleted file)
test plan:
* upload a file
* create an assignment
* add a link to the file in the assignment description
* delete the file
* edit the file locally and re-upload it
* edit the assignment and save it
* should still be able to click on the link
and receive the updated file
fixes #CNVS-4799
Change-Id: I527756f02d7b38dda36dbcc3cfae32a3980a25b3
Reviewed-on: https://gerrit.instructure.com/18992
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
closes CNVS-4705
* use the fake_arel gem to get a good portion of the way there
* override fake_arel's AR override even more to get proper behavior
of select and group merging
* add even more Rails 3 query methods to Scope (except, reorder,
pluck, uniq)
* fix some spots in our code that break with the new semantics
test plan:
* test all the things!
Change-Id: I4290d00db407f3250570df4e89c8c78283fe5f5f
Reviewed-on: https://gerrit.instructure.com/18427
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
test plan:
- view the API docs
- use the PUT /courses/:course_id/modules endpoint to:
- publish multiple modules
- unpublish multiple modules
- delete multiple modules
- verify the return (the IDs of the modules that were processed)
- modules that were already [un-]published should silently
succeed
- modules that could not be found (invalid IDs) will be
omitted from the return
- a success status (200) will be returned if any modules
are set to (or already in) the requested state
- a not-found status (404) will be returned if no module IDs
provided could be found inside the given course
- verify nothing funny happens if you pass non-numeric IDs
(should just be treated like any nonexistent object)
- and while you're at it, verify ids that start with a number
(e.g., "123abc") don't match that number (123)
fixes #CNVS-3666
Change-Id: I0dd63eed0c270169790fb01f7c134951772895c2
Reviewed-on: https://gerrit.instructure.com/17639
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
introduces a new BookmarkedCollection module with behavior similar to
PaginatedCollection in the simple case.
the primary advantage is that assigning to current_page (e.g. from the
:page parameter to paginate) expects a bookmark token value and
automatically deserializes into current_bookmark. the library client can
then use current_bookmark to skip forward in the collection, rather than
using (current_page - 1) * per_page as the number of items to skip. the
client then calls set_next_bookmark on the pager if there's more
results, and it automatically derives the bookmark for the next page and
serializes it into next_page, for use by Api.paginate, etc.
in addition to the PaginatedCollection.build analog, you can simply wrap
an existing scope to change it from something that will paginate by page
number into something that will paginate by bookmark.
finally, the key reason to use bookmarked pagination is to enable
composition of collections. you can merge multiple collections into one
collection which when paginated will pull results from each
subcollection, in order, to produce the page of results. you can also
concatenate multiple collections into one collection which when
paginated will exhaust the collections in order with seamless transition
from one to the next when a page spans both.
with collection merging available, you can paginate an association where
you'd like to use with_each_shard. one collection is created per shard,
and then they are merged together. this process is automated for you in
the BookmarkedCollection.with_each_shard method.
fixes CNVS-1169
Change-Id: Ib998eee53c33604cb6f7e338153428a157928a6d
Reviewed-on: https://gerrit.instructure.com/16039
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
generates more sane finder options and omits a "OR false" from every
query.
test plan:
* general API regression tests
* self, default, and site_admin are now valid account strings
for places where you need an account id in the api
Change-Id: I00afbee9fa2e3d732db009a4a0c7350e9f845c37
Reviewed-on: https://gerrit.instructure.com/14585
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Adds a new back-end store for page_views, using a Cassandra cluster. All
the current page view queries are supported, many using denormalized
views on the data.
test plan:
first, canvas instances that are currently using AR page views
should function as before.
by Setting.set('enable_page_views', 'cassandra') and restarting, you will
switch to cassandra page views. a script to migrate the AR page views to
Cassandra is coming. all page view functionality should work as before.
note that the format of the pagination headers in the
/api/v1/users/X/page_views endpoint has changed.
Change-Id: I2d1feb4d83b06a0c852e49508e85e8dce87507b4
Reviewed-on: https://gerrit.instructure.com/14258
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#10693
Also added a test to api_call spec helper to catch these in the future.
test plan: for all available api endpoints that use pagination, the Link
header returned should use absolute urls (http://<canvas>/api/v1/...
rather than just /api/v1/...).
Change-Id: Ia53d32e6902430bd554d322461a36323d5f2d3c3
Reviewed-on: https://gerrit.instructure.com/14502
Reviewed-by: Simon Williams <simon@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#10491
test plan:
- make an api call to a paginated endpoint that has a query parameter as part
of the call (courses/<id>/users with enrollment_type=student is a good one)
- the pagination link header links that come back should maintain the query
parameter (in the example above, they would include enrollment_type=student)
- also try one that has an "include[]=" type parameter
- read the api pagination documentation (linked from the api sidebar) and make
sure it makes sense.
Change-Id: I6c1649513553bb2ac9c1cfc137ff16c21e50a6a3
Reviewed-on: https://gerrit.instructure.com/13641
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
also modifies the discussion topic and assignment API
controllers to make sure "must_view" requirements are
fulfilled
test plan:
* check the API documentation; ensure it looks okay
* create a course with module items of each supported type
* set completion criteria of each supported type
* create another module, so you can set prerequisites
* use the list modules API and verify its output matches
the course and the documentation
* as a teacher, "state" should be missing
* as a student, "state" should be "locked", "unlocked",
"started", or "completed"
* use the show module API and verify the correct information
is returned for a single module
* use the list module items API and verify the output
* as a teacher, the "completion_requirement" omits the
"completed" flag
* as a student, "completed" should be true or false,
depending on whether the requirement was met
* use the show module API and verify the correct information
is returned for a single module item
* last but not least, verify "must view" requirements can
be fulfilled through the api_data_endpoints supplied
for files, pages, discussions, and assignments
* files are viewed when downloading their content
* pages are viewed by the show action (where content
is returned)
* discussions are viewed when marked read via the
mark_topic_read or mark_all_read actions
* assignments are viewed by the show action
(where description is returned). they are not viewed
if the assignment is locked and the user does not
have access to the content yet.
Change-Id: I0cbbbc542f69215e7b396a501d4d86ff2f76c149
Reviewed-on: https://gerrit.instructure.com/13626
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
this allows you to pass a user_id to the course users api endpoint and get back
the specific page within the pagination results that contains that user.
test plan:
- hit the course users api endpoint for course with many students in it, and
note the results.
- now hit the endpoint again and pass a user_id of one of the users not
containing in that first page.
- you should get back a different set of results that contains the user you
passed in.
Change-Id: I6df4364b5f9e32c30eb3265b541908ddb950762e
Reviewed-on: https://gerrit.instructure.com/13252
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
URI.parse can raise other errors beside InvalidURIError; catch
these too, so other types of bad URIs don't cause a 500 error
when converting links for API calls.
refs #10075 (that one was resolved by fixing the link in the DB)
test plan:
- reply to a discussion topic
- click the link button
- enter "mailto:something@example,com"
- save the comment; there shouldn't be an error
- reload the discussion page; the reply should appear
Change-Id: Ia7fd35387625a1fb885bf705cfd17c680924c219
Reviewed-on: https://gerrit.instructure.com/13126
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes#9954
test plan:
- create a wiki page
- put in links to pages, assignments, discussion topics,
and files, and also to the index pages for these
- retrieve the page via the API, and check that the
data-api-endpoint and data-api-returntype attributes
are set
Change-Id: Ife67f3119aa73971153f88fe46787d7e1563f0ef
Reviewed-on: https://gerrit.instructure.com/12925
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
sanitize by way of api_user_content/convertApiUserContent
also fix these methods so that link content gets passed through. it's
normally replaced via enhanceUserContent, but this makes in consistent
with non-API user content (and makes it available to API users who want
it)
test plan:
1. create a course calendar event
2. add a media comment to the description
3. it should render/play correctly when you view the event detail
in the calendar
4. the api JSON should have a <video /> tag rather than a
<a class="instructure_inline_media_comment" /> tag
Change-Id: Icfd9e9a41145fb7c6ed0faf36b9706899da84bcc
Reviewed-on: https://gerrit.instructure.com/12389
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
This modifies the API to return information on the required user_content
params for api responses. The javascript then processes the api response
fields and replaces the user content with iframe posts to safefiles,
same as we do server-side in erb currently for user_content in non-api
responses. This is done before the html is inserted on the page.
The current implementation requires the api to respond with these extra
data attributes all the time, not just for in-app requests. This isn't
ideal, but other api users will safely ignore those extra data
attributes.
test plan: in a discussion, post a reply that contains an object or
embed tag. reload the page and verify that the flash or java or whatever
still appears. inspect the html, and check that it is contained inside
an iframe pointing to the safefiles domain, rather than embedded
directly on the main canvas domain.
Change-Id: I5f1c5f4f267f654ec339ee422f0743f33ee2564f
Reviewed-on: https://gerrit.instructure.com/12111
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
This fixes image links to /equation_images/X, among other things.
As part of this, I refactored the attachment.rb secure setting to be a
domain.yml (HostUrl) setting that can be used app-wide to determine
whether to use http or https when the code doesn't have access to a Request.
Fixes#8784
I also started down the road of having notification emails/sms/etc use
https links instead of http, but there is still work to do there, refs #9190
test plan: Use the rich text editor to post to a discussion or any other
rich text field that can be retrieved via the api, and include an
equation using the equation editor. Then retrieve that post through the
api, and verify that the url to the equation image includes the canvas
hostname and protocol (http://canvas.example.com/equation_images/X
instead of just /equation_images/X)
Change-Id: Iac28bf99d2d3b33c17d5b3eb128aa6d8488570fe
Reviewed-on: https://gerrit.instructure.com/11867
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
Create a discussion topic with support for most of the options -- the
only thing missing is the ability to create an assignment discussion,
that will be added to the assignment create api.
You can also create an assignment linked to the discussion at the same
time you create the discussion. I refactored the assignment api
functionality to support this.
Added a topic delete API as well.
Also fix a bug where we weren't properly validating discussion_type
test plan: hit the api and exercise the various options, such as delayed
posting and require first posting.
Change-Id: I4afdd20313b5cea3ab7b05bf1c005c9f55debe7b
Reviewed-on: https://gerrit.instructure.com/10912
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
Cody Cutrer