The steps are necessary because selenium would freeze during the
jenkins build when a dialog would appear when the test was closing
Change-Id: I07a6728457d66859829f84bde2acb8c8ffaddc0b
Reviewed-on: https://gerrit.instructure.com/6712
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Test Plan:
Create a quiz with a FIMB question. As a student, take the quiz and enter '<'
in one of the blanks for that question. Submit the quiz. See the results and
verify that '<' was not changed to '<'.
Change-Id: I83df931bb0b3fa28d6a03d6d715d9ad27ddf8881
Reviewed-on: https://gerrit.instructure.com/6691
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Discussions have an option to not allow users to see replies
until they've posted themselves. This worked correctly on the
discussion page itself, but the user would still see the
replies in their stream
This also removes that option, and the delayed posting option
from group discussion topics. These settings are useless in
that context because all users are admins and can see the
topics anyway.
Test Plan:
* create a topic in a course and check the box "Replies are not visible until after users post"
* post a reply to that topic as the teacher
* log in as a student in that course and go to your dashboard
* you should see the topic in the stream but not the response you created as a teacher
closes#4706
Change-Id: I0c50a3adb8e18ea74d209f4c9a5ac429b7faaf0e
Reviewed-on: https://gerrit.instructure.com/6684
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
also, make the random assignment happen on the server via an ajax call.
before, it would make one ajax call per student assigned, which is
rather inefficient when there are many students to assign.
fixes#6099
Change-Id: I89e5059fa1bd42b1a25e5cb88d552841c426530a
Reviewed-on: https://gerrit.instructure.com/6576
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
supports creating and listing top-level entries in a discussion topic,
and creating and listing replies to a discussion entry. listing
discussion topics was already supported. includes support for
attachments on top-level entries.
test-plan:
creating an entry under a topic
should allow creating an entry under a topic and create it correctly
should return json representation of the new entry
should allow creating a reply to an existing top-level entry
should not allow reply-to-reply
should allow including attachments on top-level entries
should silently ignore attachments on replies to top-level entries
should include attachment info in the json response
listing top-level discussion entries
should return top level entries for a topic
should return attachments on top level entries
should include replies on top level entries
should sort top-level entries by descending created_at
should sort replies included on top-level entries by descending
created_at
should paginate top-level entries
should only include the first 10 replies for each top-level entry
listing replies
should return replies for an entry
should sort replies by descending created_at
should paginate replies
require initial post
should allow admins to see posts without posting
shouldn't allow student who hasn't posted to see
shouldn't allow student's observer who hasn't posted to see
should allow student who has posted to see
should allow student's observer who has posted to see
fixes#4752
Change-Id: I0da83e6c301be74f1ac5d2d957ebb6338a98179c
Reviewed-on: https://gerrit.instructure.com/6690
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
This uses redis to store the nonces as locks that expire after 90
minutes. Timestamps are epoch UTC values, as per the oauth spec.
testplan: send oauth requests to the api endpoint with the same nonce
more than once, or with a too-old timestamp
refs #5892
Change-Id: Id6130c2a07e206dad716673aa6adbe9d36565a7c
Reviewed-on: https://gerrit.instructure.com/6683
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
Canvas' implementation now passes all the certification tests for section 8,
"LTI 1.1: Suport for Basic Outcomes Service"
testplan: manually set up an assignment as an external_tool, then use
the certification app to verify that deleteResult works as expected.
Change-Id: Idf694d9e5a617a08ef11c5d803ed564de6af1250
Reviewed-on: https://gerrit.instructure.com/6679
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
testplan: you can set up an assignment as an external_tool type
manually, and then hit the IMS certification test tool to verify that
replaceResult and readResult are now fully supported.
Change-Id: Id193ba1943f51b3cb4b6a2d078d8a2262c26659e
Reviewed-on: https://gerrit.instructure.com/6678
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
There isn't current any way to create this assignment type in the UI.
This just gets us far enough that we can test out the API functionality
against the IMS tests and some other tools that use grade passback.
refs #5892
Change-Id: I6f806a53bca0708702ff9e64e8e520be26234430
Reviewed-on: https://gerrit.instructure.com/6661
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
we suspect a lot of complaints about "my answers
are changing!" on quizzes is due to window's
mouse wheel behavior where a focused select box
gets its values changed when mousewheeled.
Now when users scroll after answering the question
it won't change on them.
Change-Id: Ia0c1ec095749997d0cf8adcf2853615d9c321c35
Reviewed-on: https://gerrit.instructure.com/6602
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
was throwing an error in the specs
Change-Id: Iace281478759ad4763089b432a2d71d62fd36648
Reviewed-on: https://gerrit.instructure.com/6620
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
imported matching answers were missing the required 'left' field
import the package attached to the ticket to test
closes#6146
Change-Id: I97e4af7070cb2068e677af91d3f23cde8e077987
Reviewed-on: https://gerrit.instructure.com/6615
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
this will track things like
form validation errors:
* name of form (id or classname or page title)
* which fields were invalid
viewing document previews
* doc details
* which service (google or scribd) used
Slow Ajax requests (things that take over 1 sec)
*does not track things less than 1 sec
Change-Id: I569e405089df5acd983472cb834f35d41b1a4bf3
Reviewed-on: https://gerrit.instructure.com/6142
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
previously it did the ajax query on every page load, and always
regardless of whether anything could be customized. this seems like
a reasonable compromise to ensure there is no noticeable wait when
clicking on the customize link.
also fixed a display issue where the custom list editor got clipped
if you had no accounts or groups.
test plan:
1. regression test of menu customization
1. add courses
2. remove courses
3. reset list
2. ensure menu works as expected for users w/ <= 8 courses
3. ensure menu customization ui works for teachers w/ > 8 courses
and who are not account admins (i.e. no managed accounts)
Change-Id: I390806e6a05211fae9a7375490ca2036774edc7c
Reviewed-on: https://gerrit.instructure.com/6607
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
refs #5892
This also rejects values > 1.0, the LTI test suite specifically checks
for this. If we get a use case for a tool that wants to give extra
credit, we can re-evaluate.
Change-Id: I4894d8ae3b2fdcdb5eb3bae902ef934b34a632a3
Reviewed-on: https://gerrit.instructure.com/6658
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
Also versioned the URI and removed the tool_id param. As part of the
processing it pulls the tool from the assignment and verifies that it's
the same tool as was used to launch, by looking at the sourcedid.
Assignments now have an external_tool type and link to a
ContextExternalTool.
testplan: there isn't a way in the UI to configure an assignment as an
external tool yet, so it'll need to be manually configured in the
console.
Change-Id: I0cf5ec85d450409d6ea1ec71ce1d5d4c19622d4c
Reviewed-on: https://gerrit.instructure.com/6652
Reviewed-by: Brian Whitmer <brian@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Other asset types (like assignments, wiki pages and files)
have a required linking between the name of the asset and
the name of the tag. This is for consistency's sake.
However, it doesn't make sense to enforce this kind of
policy for external tools, since tools can be configured
at the account level, and instructors shouldn't have the
ability to rename tools somewhere up the chain. This
change disconnects external tools from tags linking to
those external tools.
fixed#6170
testplan:
- configure an external tool
- add an external tool to a course module
- rename the link to something other than the tool's name
- check to make sure the tool's name didn't also change
- configure an external tool
- add an external tool to a course module
- rename the tool
- check to make sure the link's name didn't also change
- add an assignment to a course module
- rename the link in the module
- check to make sure the assignment's name also changed
- add an assignment to a course module
- rename the assignment
- check to make sure the module link's name also changed
Change-Id: I2291b4ca0ee2c83da1dd9a81bc46eb05d1925982
Reviewed-on: https://gerrit.instructure.com/6641
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
The endpoint is
/api/lti/tools/:tool_id/courses/:course_id/assignments/:assignment_id/submissions/:user_id
This shouldn't ever be hit manually, the URI is passed to the LTI assignment
tool in the lis_outcome_service_url param. The shared secret and the
lis_result_sourcedid parameter will prevent abuse.
Currently the endpoint doesn't support any queries, it responds
unsupported to all valid signed xml requests. Next step is to actually
implement viewing and changing the grade for the course/assignment/user
combination.
testplan: hit the url with a valid signed oauth request with xml body,
get back an "unsupported" api response
Change-Id: I2f938f3d45ec71488dd81ac74131acfe13b6d8cb
Reviewed-on: https://gerrit.instructure.com/6623
Reviewed-by: Brian Whitmer <brian@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
* we no longer have a test environment in domain.yml i guess,
which broke this
* logging users in just by default assumed no forked server
testplan: n/a
Change-Id: I3c57aac6a1a1cf3164f1d9bc2b177a9d91162776
Reviewed-on: https://gerrit.instructure.com/6633
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Overwriting index of on all objectCollections,
where before it checked if the object already had
an indexOf method.
Change-Id: I85deeb066f1cc3b81b0e0436aea4f47d2df2fcd3
Reviewed-on: https://gerrit.instructure.com/6616
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
No String.prototype.trim, regex support is spotty,
and more IE fun.
Change-Id: I983bf9cc32ab049158b0633057c9141efb33e561
Reviewed-on: https://gerrit.instructure.com/6618
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes chrome/safari issue (ie and ff already fire the change event)
test plan:
in each supported browser:
1. test the bugfix
1. start taking a quiz with a numerical and an essay question
2. type in the numerical answer
3. click into the rich text editor
4. confirm that the numerical answer gets marked as answered on the
right hand side
2. check for regressions/side effects, i.e. test the rich text editor
in a few other places (e.g. quiz editor, wiki) and confirm that it
is behaving normally and not generating javascript errors
Change-Id: I0794fe99588652fede2d10a766ad79dcfe8ebcfd
Reviewed-on: https://gerrit.instructure.com/6589
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
except we don't even use jquery in the api docs
testplan: n/a
Change-Id: I6d4be9e25ca68e64f62414a1e81ac40549a5b99f
Reviewed-on: https://gerrit.instructure.com/6617
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
when a student is viewing the list of groups they are in and that they
may join, enable viewing the roster of each group. :read_roster
permission is given to students that are eligible to join the group or
request an invitation to the group. fix pageless so that if the
container is hidden when a load completes, the loader is still properly
hidden. fixes#5931
Change-Id: I50aee8c19e927ce25afa17d9b1533df0aa7239e9
Reviewed-on: https://gerrit.instructure.com/6184
Reviewed-by: Brian Whitmer <brian@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
also made general purpose methods for ranking (in ruby and sql) and
distinct on.
Change-Id: I4052472eb700cbdfe6b586ed6d12f61fd51bf08f
Reviewed-on: https://gerrit.instructure.com/6593
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
This gem update required updating our twitter, linkedin, and gdocs
integrations to correctly provide the redirect uri and use the oauth
verifier on return, which we weren't doing before.
As a consequence, google no longer displays a big scary warning about
Canvas not being secure in its oauth usage.
Facebook uses oauth 2.0, so no changes were needed there.
refs #5892
refs #6127 (this stuff needs refactoring)
Change-Id: I04289638915b84dbe439bd57b36da90151c662b9
Reviewed-on: https://gerrit.instructure.com/6585
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
This makes the access report actually show the right names for things, and it
also displays icons next to them to indicate the type.
Change-Id: I0241bc9546555a0796dee35786cdfcddb930ef1a
Reviewed-on: https://gerrit.instructure.com/3869
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
This was already happening for a couple of the default front
pages, but this fix makes it happen for all of them
closes#5842
Change-Id: If11db2e93cdfe228a3ee9019ff68ffe97e03696f
Reviewed-on: https://gerrit.instructure.com/6601
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
- added AMD support for Template, but it still
exports to window.Template until we convert all
recent stuff into modules
- converted objectCollection, CustomList, and
courseList to modules
- added specs for objectCollection
Change-Id: Ib4ca4e25374c656b7b583ec7284c37672c117d2a
Reviewed-on: https://gerrit.instructure.com/6545
Reviewed-by: Ryan Florence <ryanf@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
A group membership could have been deleted before this pre-processing
so if the membership isn't found don't try to delete it
closes#6145
Change-Id: I7bac508f52de0e3b07a83d2eb5c87b22886ce5cc
Reviewed-on: https://gerrit.instructure.com/6606
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
This doesn't work with our current deploy process, so it'll need to be
in devs' local Gemfile for now
Change-Id: Ia918672fac851b132c2e688a27bf9f20555f65c3
Reviewed-on: https://gerrit.instructure.com/6598
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
We do support flickr searches, but it happens completely in javascript.
I guess originally it was going to go through a controller action and
use the individual user's flickr api credentials as a UserService or
something.
Change-Id: I531777458d0e59ca0f1180aa11e3b31029975f34
Reviewed-on: https://gerrit.instructure.com/6480
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Since SAML/CAS users are unlikely to be using email addresses as logins, we
now show the "Login:" field always in the Add User dialog for them. They can
also specify a login label in their authentication configuration, and it
defaults to Login.
Change-Id: Idcfd876d947eb0ca104a6681a02ac11f993302ce
Reviewed-on: https://gerrit.instructure.com/6566
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Bryan Madsen