flag=none
fixes CAS-1765
This reverts commit 9db9e4ecf0.
Reason for revert: This may be causing CAS-1765 bug
Change-Id: Ia4539249f9dd3e0129290693440964ae8e835bc5
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/345398
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Luis Hilario <luis.hilario@instructure.com>
Product-Review: Luis Hilario <luis.hilario@instructure.com>
QA-Review: Luis Hilario <luis.hilario@instructure.com>
flag = none
refs CAS-1507
refs CAS-1508
Test Plan
- Have an assaignment with Submit File type
- Upload a document
- When on speed grader, JWT session token should not have crocodoc_id
Change-Id: I8f0c1167b04447973d9dd75516aacbcc558f4c60
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/330149
Reviewed-by: Jen Smith <jen.smith@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Product-Review: Keith Garner <kgarner@instructure.com>
QA-Review: Cameron Ray <cameron.ray@instructure.com>
If feature flag 'enhanced_docviewer_url_security'
(Enhanced DocViewer URL Security) is on, when requesting
DocViewer to create a token for the view url, pass a
parameter that tells DocViewer to create a single use
launch token with a JTI claim (nonce). This JTI claim is
used by DocViewer to prevent reuse of the launch url.
closes CAS-1510
flag = enhanced_docviewer_url_security
Test Plan:
Tests pass
Change-Id: Idb0d7b0af0ddf457261e000e174449bec028b683
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/329045
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Alex Slaughter <aslaughter@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Juan Leyva <juan.leyva@instructure.com>
Product-Review: Juan Leyva <juan.leyva@instructure.com>
Test plan:
- Have an account with send_usage_metrics as true
- Open course with submission upload file type
- Document should be previewed in SpeedGrader correctly
- Heap metrics are working
closes CAS-1091
flag=none
Change-Id: I689766478bae912d3f36f623d4b7700eda42ffd4
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/307073
Reviewed-by: Keith Garner <kgarner@instructure.com>
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Juan Leyva <juan.leyva@instructure.com>
Product-Review: Juan Leyva <juan.leyva@instructure.com>
closes EVAL-1515
flag=annotated_document_submissions
Test Plan
- Create an Annotated Document.
- As a student, annotate the document.
- Refresh the page and verify that annotating is still possible.
- Submit the assignment.
- View the Submission Details page.
- Verify that the annotations made previously appear.
- Verify that adding more annotations to that attempt is not
possible.
Change-Id: I6dbfdb3f107ef04e2a042d9c50bc719a1357a324
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/261650
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Spencer Olson <solson@instructure.com>
Reviewed-by: Adrian Packel <apackel@instructure.com>
QA-Review: Gary Mei <gmei@instructure.com>
Product-Review: Syed Hussain <shussain@instructure.com>
When a submission is unposted and the assignment posts manually, peer
reviewers' comments are visible to the student, so their DocViewer
annotations should be as well.
fixes EVAL-579
flag=none
Test Plan
- Create a file upload, peer review assignment that posts manually.
- Assign 2 students to peer review each other.
- Submit a file upload to the assignment as each student.
- As the teacher, leave an annotation on Student 1's submission.
- As Student 1, leave an annotation on Student 1's submission.
- As Student 2, leave an annotation on Student 1's submission.
- Verify that Student 1 only sees the Student 1 and Student 2
annotations.
- Verify that Student 2 only sees Student 2's annotations.
- Verify that the teacher sees all annotations.
- Post the submission's grades.
- Verify that Student 1 sees all annotations.
- Verify that Student 2 only sees Student 2's annotations.
- Verify that the teacher sees all annotations.
Change-Id: Id7c4a02ce6d01efb19893fa3b42cbc1057be9218
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/243230
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Adrian Packel <apackel@instructure.com>
Reviewed-by: Spencer Olson <solson@instructure.com>
QA-Review: Gary Mei <gmei@instructure.com>
Product-Review: Syed Hussain <shussain@instructure.com>
fixes GRADE-2307
Test Plan
- Create an assignment of type file upload.
- Submit to the assignment with a document.
- As the teacher, annotate the submission.
- As the student, verify that annotations appear when viewing the
submission.
Change-Id: Iec89ed52b44c9ed2e7db52a8c6df03e52e23ca55
Reviewed-on: https://gerrit.instructure.com/201817
Reviewed-by: Keith Garner <kgarner@instructure.com>
Reviewed-by: Jeremy Neander <jneander@instructure.com>
Reviewed-by: Adrian Packel <apackel@instructure.com>
QA-Review: Gary Mei <gmei@instructure.com>
Product-Review: Keith Garner <kgarner@instructure.com>
Tested-by: Jenkins
When talking to DocViewer, include relevant data for the current user as
well as the filter of users whose comments should be shown. This commit
enables functionality for anonymous annotations.
closes GRADE-1427
closes GRADE-1456
Test Plan 1: Moderated Assignments
1. Create a moderated assignment and allow for at least two provisional
graders in addition to the final grader. Then, leave at least one
annotation and one comment per provisional grader, final grader, and
the student.
2. When "Graders cannot view student names" is checked, verify that
no instructor or admin can see the students identity on annotaions.
Instead, the student's name should show up simply as 'Student'.
3. When "Graders cannot view each other's names" is checked, verify that
non-admin, non-final-grader provisional graders cannot see each
other's names on annotations. Instead, they should see a generic
grader name such as "Grader 1".
4. When "Final grader can view other grader names" is unchecked, verify
the final grader cannot view the other graders' names on annotations.
Instead, they should see a generic grader name such as "Grader 1".
5. Smoke test the settings listed in steps 2, 3, and 4 in various
combinations of being on or off.
6. While the assignment is still in moderation, verify the student can
only see their own annotations.
7. When grades are published for the assignment, verify the assignment
no longer shows any anonymous annotations.
Test Plan 2: Anonymous, Not Moderated Assignments
1. Create an anonymous assignment. Submit to the assignment as a student
and leave some annotations as the student and as an instructor.
2. Verify the student can only see their own annotations while the
assignment is still muted.
3. An instructor *should* be able to see any annotations made by an
instructor, but DocViewer has not implemented this functionality
on their side yet. As a result, just verify that an instructor
can see the student's annotations but they are anonymized while
the assignment is muted.
4. Unmute the assignment and verify the annotations are no longer
anonymized, and the student can now see annotations from instructors.
Test Plan 3: Normal, Not Anonymous Assignments
1. Do a general smoke test of not anonymous, not moderated assignments
to verify annotations still show up as expected.
Change-Id: I181a6ace3c00ca93ab8e6c7608a034b521ed78b7
Reviewed-on: https://gerrit.instructure.com/161486
Reviewed-by: Derek Bender <djbender@instructure.com>
Tested-by: Jenkins
Reviewed-by: Keith T. Garner <kgarner@instructure.com>
QA-Review: Derek Bender <djbender@instructure.com>
Product-Review: Keith T. Garner <kgarner@instructure.com>
Change-Id: I8c079ca5ed232191f957d090d34def3ac617cafa
Reviewed-on: https://gerrit.instructure.com/153034
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
Update: Copyright years now reflect the year that the file was first
committed.
Refs: PLAT-3200
Test Plan: jenkins is still happy and specs pass!!
Change-Id: Ic26463defe41fc52cf4da8020976394c641f51d5
Reviewed-on: https://gerrit.instructure.com/143545
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Stewie aka Nicholas Stewart <nstewart@instructure.com>
refs RD-4399
this is the Canvas-lms part of the fix
the canvadocs part is
https://gerrit.instructure.com/#/c/137484/
TEST PLAN:
- check this commit out
- check https://gerrit.instructure.com/#/c/137484/
out in the canvadocs-server project
- as a student, add canvadocs annotations to document
file upload assignment submission
- verify that you can edit and delete your annotations
- as a teacher view, the student's submission in
speedgrader
- verify that you can edit and delete the student's
annotations
- as an admin who is not enrolled in the course, verify that you can do
what the teacher does
- as a custom role that inherits from a teacher,
verify that you can also do what the teacher does
Change-Id: I3617bd2ed4cd4f2e3093d65ae3f5b837b1b02f09
Reviewed-on: https://gerrit.instructure.com/137492
Product-Review: Caleb Guanzon <cguanzon@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Reviewed-by: Neil Gupta <ngupta@instructure.com>
Tested-by: Jenkins
fixes RECNVS-12
and make public links explicit. note that for non-inst-fs file storage,
the user parameter to the existing authenticated_url method is unused.
so for non-inst-fs, the following sets of methods are equivalent:
* authenticated_url_for_user(*) == public_url == authenticated_url
* download_url_for_user(*) == public_download_url (was download_url)
* inline_url_for_user(*) == public_inline_url (was inline_url)
the choice of `public_...` over `..._for_user` methods in the refactoring
should thus be a no-op except when inst-fs is enabled. with inst-fs enabled,
the `public_...` methods produce URLs usable by any user (including
those not logged in!); this matches non-inst-fs behavior. the
`..._for_user` methods produce URLs usable only by the user for whom
they were generated, and should be preferred where public access is not
necessary.
after this refactor, make public links for google doc previews short
lived and consolidate some code around google doc preview links.
test-plan:
- enable inst-fs
[per-user inst-fs JWTs]
- have a student and a teacher in a course with an assignment
- as the teacher upload an image to the course files, then add the
image to the course syllabus
- as the student, attempt to view the course syllabus. should see the
image in the course syllabus (prior to this commit would fail)
- copy the inst-fs URL the student's browser was redirected to when
viewing the file
- as the teacher attempt to access the image directly using the
student's inst-fs URL; should fail
[public inst-fs JWTs]
- as the teacher, upload a course card image (example of public file)
- as the teacher, view the course card image and copy the inst-fs URL
redirected to
- as the student, attempt to access the course card image directly
using the copied inst-fs URL; should succeed
[google docs preview]
- disable canvadocs on the account if enabled
- as the teacher, upload a PDF to the course files
- find the PDF in the course files and preview it
- preview should be displayed via embedded google docs iframe
- preview should succeed
Change-Id: I8384cbb89f1522022e2f06579e6381de5ed0076c
Reviewed-on: https://gerrit.instructure.com/133889
Tested-by: Jenkins
Reviewed-by: Andrew Huff <ahuff@instructure.com>
QA-Review: Collin Parrish <cparrish@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
fixes RD-4399
this is the Canvas-lms part of the fix
the canvadocs part is
https://gerrit.instructure.com/#/c/128993/
TEST PLAN:
- check this commit out
- check https://gerrit.instructure.com/#/c/128993/
out in the canvadocs-server project
- as a student, add canvadocs annotations to document
file upload assignment submission
- verify that you can edit and delete your annotations
- as a teacher view, the student's submission in
speedgrader
- verify that you can edit and delete the student's
annotations
- as an admin who is not enrolled in the course, verify that you can do
what the teacher does
- as a custom role that inherits from a teacher,
verify that you can also do what the teacher does
Change-Id: I80cb9d41222d347c4a2026480fc4d9698ae23394
Reviewed-on: https://gerrit.instructure.com/129381
Tested-by: Jenkins
Reviewed-by: Neil Gupta <ngupta@instructure.com>
Product-Review: Caleb Guanzon <cguanzon@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Reviewed-by: Josh Orr <jgorr@instructure.com>
When viewing an assignment in DocViewer, this now checks to see if the user
has an Observer enrollment, and if that enrollment matches the assignment
they're viewing. If so, the DocViewer session is launched as read-only.
Fixes RD-4403
Test plan:
- Observe a student in canvas
- Have the student submit an assignment
- Have the observer view the submission details page and "View Feedback"
for the assignment
- In the resulting DocViewer iframe, there should be no annotation tools
- The student should still be able to annotate in their submission details
page
- Speedgrader should still have annotation tools available
Change-Id: I8d427d69151fa5ff9087e7a710a3fcd87e7ef8c9
Reviewed-on: https://gerrit.instructure.com/127724
Tested-by: Jenkins
Reviewed-by: Neil Gupta <ngupta@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Reviewed-by: Josh Orr <jgorr@instructure.com>
Product-Review: Josh Orr <jgorr@instructure.com>
Replace crocodoc_ids with moderated_grading_ids
Both canvadocs and crocodoc can use the ids now
refs RD-4238
Test Plan:
With a course that has one teacher, 2 TAs, and a student
- Create an assignment, check the moderated grading check box
- as the student submit the assignment
- as a TA, pull up the submission in speed grader, annotate and grade it
- as the Other TA, open the submission in speed grader
- make sure you cant see the first TAs comments
Change-Id: I886af3e21f9276866ea4be8d5de6574b32e5f122
Reviewed-on: https://gerrit.instructure.com/117360
Tested-by: Jenkins
Reviewed-by: Shahbaz Javeed <sjaveed@instructure.com>
Product-Review: Caleb Guanzon <cguanzon@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Reviewed-by: Derek Bender <djbender@instructure.com>
We no longer care if the doc was created with annotations required.
The new DocViewer can handle annotating :allthethings:
Fixes RD-4229
Test plan:
Submit a box doc for an assignment
enable new_annotations and supports annotations
load doc in speed grader, you should be able to annotate it
Change-Id: I5dd594d338c7b1e60e8b15ec3021dd19bb4287c1
Reviewed-on: https://gerrit.instructure.com/116846
Tested-by: Jenkins
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Reviewed-by: Shahbaz Javeed <sjaveed@instructure.com>
Reviewed-by: Josh Orr <jgorr@instructure.com>
Product-Review: Brad Horrocks <bhorrocks@instructure.com>
add locale to canvadoc session launcher
refs CNVS-37351
refs RD-4123
Test plan:
Make sure crocodoc sessions can still be hijacked
Not sure of the best way to test TII docs
If you want to see the new locale option being passed in you should be
able to see it when a crocodoc is autocreated you should see a new
locale param in the document created event log area
Change-Id: If65f7319efa3b51db04af994ce0e5183a9e4d1b6
Reviewed-on: https://gerrit.instructure.com/114382
Tested-by: Jenkins
Product-Review: Caleb Guanzon <cguanzon@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
refs: RD-4044
Test plan:
Make sure you can still do annotations in canvadocs
Change-Id: Ifc81de7845b4a8ef00b18922768c30c1286bec1c
Reviewed-on: https://gerrit.instructure.com/113099
Reviewed-by: Brad Humphrey <brad@instructure.com>
Tested-by: Jenkins
Product-Review: Caleb Guanzon <cguanzon@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
refs: RD-4045
Test plan:
ping me for full test plan
Change-Id: I4d29b6341a84b62a100aace51f5fb11bf2f8b10f
Reviewed-on: https://gerrit.instructure.com/112474
Reviewed-by: Matthew Wheeler <mwheeler@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Tested-by: Jenkins
Reviewed-by: Stewie aka Nicholas Stewart <nstewart@instructure.com>
Product-Review: Caleb Guanzon <cguanzon@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Create new Canvadoc plugin setting to enable the hijacking of crocodoc
sessions.
When enabled crocodoc sessions will really go to canvadocs.
Canvadocs still needs to add support for migrating crocodocs from the
raw crocodoc data table.
Test Plan:
Enable the setting.
View an existing crocodoc
You should get an error :D
If you dont want an error I have A PS you can checkout
that returns a fake session id, which you can verify is being used
but it will still result in an error. but on the canvadocs side instead
of the canvas side.
Change-Id: Ie634e3f822ae3f9c453e9fefa70069d43c896d09
Reviewed-on: https://gerrit.instructure.com/108436
Tested-by: Jenkins
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Reviewed-by: Josh Orr <jgorr@instructure.com>
Product-Review: Brad Horrocks <bhorrocks@instructure.com>
Murilo Paiva