closes CNVS-3417
test plan:
* after the migrations are run, ensure that every section has at
least one entry in CourseAccountAssociations in the database
* smoke test SIS imports
Change-Id: I261cad633788efbf4b0c64db34436ef695856fee
Reviewed-on: https://gerrit.instructure.com/17256
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Useful things the commit brings:
1. Source documentation can now include images and out-of-source examples
2. Source documentation can now be supplemented by "appendixes" for
documenting advanced or uncommon usage, auxiliary examples, or any
supplementary content
3. An implementation of the YARD @see tag that utilizes the canvas
YARD linkify helper
Necessary changes for integration were:
* Gemfile now includes 'yard-appendix'
* Rake task for generating API docs (doc:api) made more readable and
now supports asset migration (images and examples)
* Canvas YARD 'api' template now handles :appendix sections provided
by the plugin
* Canvas YARD 'linkify' helper modified:
* uses a shared linker to look up a topic and controller
* overrides default handling of 'Appendix: ' links
* defaults to using the @object title as the link body when no title
was explicitly passed instead of the path.to.object
* Canvas YARD 'fulldoc' handler respects a
DOC_OPTIONS[:all_resource_appendixes] that when turned on would
generate appendix entries in the All Resources section[1]
[1] I've already implemented this functionality because I misread the
requirement (as seen in PB 6) so I thought we could keep it around and
toggle it if need be. The options are inside lib/tasks/docs.rake
---
Testing:
To verify that the changes do not alter or affect the current API docs,
fire up a terminal and do the following (inline comments for directions):
```bash
cd /path/to/canvas;
# generate the original docs before pulling these changes
bundle exec rake doc:api
mv public/doc public/doc_original
# checkout these changes into a branch... after that:
bundle install
bundle exec rake doc:api
diff -r -y -q public/doc_original/api public/doc/api
```
The output of the last command should look like this:
Only in doc/api: examples
Only in doc/api: images
To test the actual @!appendix functionality:
* see https://github.com/amireh/yard-appendix for directions on how to
define Appendix entries
* write an Appendix in any controller, optionally reference it in some
method (using @see or {link})
* Appendix entry should be shown at the bottom of the controller's doc
page
* reference to the appendix entry should take you to it
Alternatively, you can check-out the gerrit change 17454 at
https://gerrit.instructure.com/#/c/17454/ which utilizes this
functionality.
Change-Id: Id667b77ff8d36b0f503e0f6752045e3d05bc3649
Reviewed-on: https://gerrit.instructure.com/17453
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
canvas sis imports do not have default values
all date time fields should be in ISO 8601
moved if a field is required to description
Change-Id: Ifead275fb789384a80542ee7a9ac370c38c01194
Reviewed-on: https://gerrit.instructure.com/15973
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Dave Jungst <dave@instructure.com>
closes #CNVS-1078
test plan:
- create custom roles in an account
- sis import:
- put the custom role name in the 'role' column in a SIS
enrollment import, and ensure the role_name is assigned
in the Enrollment
- ensure only valid roles can be assigned this way
(must be defined in the course's account or parent
account, and must not be inactive)
- sis export:
- ensure custom role names are exported in the 'role' column
of the SIS enrollment export and provisioning reports
Change-Id: Ib8b4c129d451023fa51c73747baadd42cb305338
Reviewed-on: https://gerrit.instructure.com/15868
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
There's now a UI for this, no need to use the console.
Change-Id: Iffdb70d41c5b4cca94a6bb442107d3923911e16d
Reviewed-on: https://gerrit.instructure.com/15232
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
only included in docs if INCLUDE_INTERNAL is set in the environment
test plan:
* mark some methods or controllers with @internal
* generate API docs
* they should not be included in API docs
* generate API docs setting INCLUDE_INTERNAL=1 first
* they should be included again
Change-Id: Ie6f3ff982c20beea2b66db4505a7987cadce66ce
Reviewed-on: https://gerrit.instructure.com/14983
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
refs #10541
add counts of how many unread discussions and announcements a user has in
a course or group in the left hand nav bar of the course or group, next to the
appropriate navigation link.
these counts are cached in a context/user/content_type join table.
unfortunately, there are situations that can change whether or not a discussion
or announcement is visible to the user (and thus unread) without triggering any
backend action. for example, a post delayed announcement, a locked discussion
assignment, or a discussion with prereqs in a module. because of these types of
situations, the count has to be re-queried every so often, and the time chosen
for this is if it's been stale for 10 minutes.
test plan:
- as a teacher, create some announcements and discussions
- as a student, you should have unread counts in the left nav
- read the announcements and discussions
- the counts should update appropriately
- (see explanation above for the following)
- try post delayed announcements
- try locked discussion assignments
- try discussions locked in a module
- make sure the count badge looks good in all browsers
Change-Id: Ia6428717e91ed389c63ca97a065232dac7121b7e
Reviewed-on: https://gerrit.instructure.com/13926
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
fixes#10491
test plan:
- make an api call to a paginated endpoint that has a query parameter as part
of the call (courses/<id>/users with enrollment_type=student is a good one)
- the pagination link header links that come back should maintain the query
parameter (in the example above, they would include enrollment_type=student)
- also try one that has an "include[]=" type parameter
- read the api pagination documentation (linked from the api sidebar) and make
sure it makes sense.
Change-Id: I6c1649513553bb2ac9c1cfc137ff16c21e50a6a3
Reviewed-on: https://gerrit.instructure.com/13641
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
This creates an LTI extension to pass text or urls along
with the score when doing an LTI 1.1 outcome request.
Test Plan:
* use a tool that supports this extension on an assignment
* After doing the tool activity the submission should have the expected value
refs #mebipenny
Change-Id: I296df1e7c7d99af61724a904511f9bf63d5d2613
Reviewed-on: https://gerrit.instructure.com/12878
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#9995
also validates_as_url the redirect_uri, sometimes people were leaving
off the http:// part when setting up the key
test plan: set up a developer key with a given domain. kick off an oauth
request flow with redirect_uri equal to that domain, it should be
accepted. use a sub-domain of that domain, it should also be accepted.
use a higher-level domain, it should not be accepted.
Change-Id: I55510f463b1faa3339b9908f9941715d93de5a16
Reviewed-on: https://gerrit.instructure.com/12980
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes#9954
test plan:
- create a wiki page
- put in links to pages, assignments, discussion topics,
and files, and also to the index pages for these
- retrieve the page via the API, and check that the
data-api-endpoint and data-api-returntype attributes
are set
Change-Id: Ife67f3119aa73971153f88fe46787d7e1563f0ef
Reviewed-on: https://gerrit.instructure.com/12925
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
This adds an alternative method for uploading files by giving Canvas a
public URL in the first step, rather than uploading the file data directly.
test plan:
- create a course file via the API upload mechanism
- make sure the return values are as documented
- make sure the file was correctly uploaded
- create a course file via the URL approach
- make sure the return values are as documented
- make sure the file status endpoint returns valid responses
- make sure the file was correctly stored in Canvas
- repeat that process with a file that has at least one redirect
- repeat that process but creating a homework submission file
- try to create a course file with a malformed URL
- confirm that the appropriate error message is returned
- try to create a course file with a relative URL
- confirm that the appropriate error message is returned
- try to create a course file with a URL that doesn't return 200
- confirm that the appropriate error message is returned
Change-Id: I2dcf711347ec4ef26d767ae1c1fa0bb056986651
Reviewed-on: https://gerrit.instructure.com/12143
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Explaining when to store access tokens locally, and some basic tips on how to
securely do so.
Change-Id: Ie17843b6c657961c1de358b28d5f737ebc9567db
Reviewed-on: https://gerrit.instructure.com/12723
Reviewed-by: Zach Pendleton <zachp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan:
* generate an access token
* use the logout endpoint
* verify that the access token is no longer accepted
Change-Id: Iaac94e35d81711cff87604b6a996c41fdae3c640
Reviewed-on: https://gerrit.instructure.com/12674
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Course/group/users file uploads must be checked
against the context's storage quota before new
files can be added. This commit adds that check
for API uploads. It also adds a note to the API
documentation since this is an additional type of
response developers will need to anticipate.
test plan:
- preflight a file upload in a course that is not over quota
- ensure everything works correctly
- set a small quota for a course
- preflight a file upload in a course that is over quota
- ensure that an appropriate error message is returned
- set a quota of zero for a course
- preflight a file upload for a homework submission
(a case that isn't quota-enforced)
- ensure everything works correctly, even though the
course is at quota
Change-Id: I28cc02d91799b1ff27501c3ff919c54834597d74
Reviewed-on: https://gerrit.instructure.com/12142
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
the current code doesn't work because of the attr_accessible on
DeveloperKey
Change-Id: Id6cf7a3eab5808c05c22c43e6095ab6011ec0f76
Reviewed-on: https://gerrit.instructure.com/12275
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
API documentation and examples for Calendar Events and Appointment Groups.
Clean up some value_as_boolean usage, and fix a couple little issues in
the calendar APIs
test plan:
* build documentation
* it should generate and be correct
* run API specs
* they should pass
Change-Id: I4c57ac91a99e4eb04f5ba1741bb4f5968d0a0b14
Reviewed-on: https://gerrit.instructure.com/12209
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
A complete api for folder and file management
Also updates the alphabetical sorting features to escape
a backslash caused errors when casting a string to a
bytea in postgres
Test Plan:
* CRUD yourself some files
* CRUD yourself some folder
closes#9163
Change-Id: I0b937f9273077b66ab9d6c37171bec1fcc5380dd
Reviewed-on: https://gerrit.instructure.com/12085
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
External Tool extension previously needed their own urls,
custom fields, and text. Now they use the settings from
the main tool config as the defaults. So an extension
only needs a hash to be enabled.
Test Plan:
* Add a tool by xml that has custom parameters and that only has the enabled property in the course_navigation settings
* Launch that tool and verify that it used the main tools launch url and custom parameters
closes#8786
Change-Id: If760bbfe5c1dc10814d2a4b900a53abceab08e2e
Reviewed-on: https://gerrit.instructure.com/11700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
For example to link to the collection item description:
Each collection contains many {api:collections:Collection+Item Collection Items}.
Change-Id: I633645be9e12481aa21e6c03d876ee159ec6437d
Reviewed-on: https://gerrit.instructure.com/11775
Reviewed-by: Ryan Florence <ryanf@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
adds support for flagging individual endpoints, not just resources, as
beta.
test plan: generate the api docs and verify that the tagged endpoints
have a beta message.
Change-Id: Iba815db309ee71482e1f471eaf613527cd7114ec
Reviewed-on: https://gerrit.instructure.com/11585
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
This standardizes the "user display" sub-object returned by the
discussions api, and returns that same data for each collection item.
test plan: make api calls to return collection items, verify the user
sub-object is present and contains the expected user data.
Change-Id: Ie5b1468816ffbf27a005044effbc49082bdf679b
Reviewed-on: https://gerrit.instructure.com/11276
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
Create a discussion topic with support for most of the options -- the
only thing missing is the ability to create an assignment discussion,
that will be added to the assignment create api.
You can also create an assignment linked to the discussion at the same
time you create the discussion. I refactored the assignment api
functionality to support this.
Added a topic delete API as well.
Also fix a bug where we weren't properly validating discussion_type
test plan: hit the api and exercise the various options, such as delayed
posting and require first posting.
Change-Id: I4afdd20313b5cea3ab7b05bf1c005c9f55debe7b
Reviewed-on: https://gerrit.instructure.com/10912
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
This already worked and was used by the Canvas front-end internally, but
wasn't officially supported.
test plan: make an API POST or PUT, and send an application/json body
rather than an application/x-www-form-urlencoded request body.
Change-Id: I2ecf2dce8ed8a592a101b6566c0b483737a68702
Reviewed-on: https://gerrit.instructure.com/10930
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
test plan: generate the api documentation, the collections api should
have a beta warning (but none of the other pages)
Change-Id: I0d7401566cbb3ec9ef76bad79094dad1628ef11c
Reviewed-on: https://gerrit.instructure.com/10720
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
* Allow linking to individual endpoints on the page.
* Give each endpoint a summary string, and list the summaries at the top
of the page, with links to the endpoint details.
* Make an omnibus "all resources reference" page, which has been a
common request. This only includes the endpoint details, not the
summary descriptions of the resources.
* Syntax highlighting for JSON
test plan: visit /doc/api/index.html and see the changes (run rake
doc:api first if on a dev box)
Change-Id: Ib126805825d40770c36b3688668c62938348412d
Reviewed-on: https://gerrit.instructure.com/10516
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
This explicit confirmation step is an improvement on our
login-and-implicitly-accept workflow from before. And it allows us to do
the oauth workflow without forcing a logout, which is much more ideal
especially for embedded LTI tools that want to use oauth.
Eventually this dialog will contain more information on the app and the
permissions requested.
test plan:
As a client application, kick off the oauth workflow for a logged-in
user, verify the user goes straight to the confirmation screen. Verify
you only get a code back if they accept, and an error if they deny. Do
the same without a web session, verify you go to the confirmation screen
straight after logging in.
Change-Id: Idf9905b795979339aec0cb5e4e058f4507a81bac
Reviewed-on: https://gerrit.instructure.com/9804
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
count can be slow if there are a lot. also remove the "last" link
from api responses that skipped the count
test plan:
* go to a user's page with less than 50 page views; they should show
and it should not try to load more
* go to a user's page with hundreds to thousands of page views; they
should load on demand, and when you reach the bottom, it should
stop trying to load more
Change-Id: I934cd7260232b78c33ae5fc1be5e49b2ea686614
Reviewed-on: https://gerrit.instructure.com/10135
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
closes#7775
Allows specifying the folder to upload to as a slash-separated string,
as well.
test plan:
upload to both the current user, and an allowed course, verify the
workflow for s3 and local files. verify you can't upload to course you
don't have permissions to, or another user.
verify that you can specify a folder, and the folder will be created if
it doesn't exist.
Change-Id: Ib9082f047c1c93824fe65decf4789606d82450c6
Reviewed-on: https://gerrit.instructure.com/9603
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
This API abstracts away the difference between S3 uploads and local
storage uploads, while still allowing direct-to-S3 functionality to
avoid typing up Rails processes during S3 uploads.
The only concrete starting endpoint I've implemented in this changeset
is for submission file uploads. Uploads to course and user files is
coming in a subsequent changeset.
test plan:
see the api doc (generate with rake doc:api). repeat this test for both
s3 and local storage configurations.
first, post to the submission file upload endpoint, get your
upload_params back. use that to post the actual file data to the url
returned. then follow the redirect back to canvas, and verify you can
download the file from the url given in the json response. verify you
can attach the new file as part of an assignment submission.
edge cases to test:
* in local files, verify that attempts to modify the policy will fail
the request. in s3, amazon handles this.
* verify that if you do step 2 without step 3, the file isn't available.
* if you do step 1 but wait more than 30 min to do step 3, the upload
will be rejected.
* make sure you can't upload twice in the 2nd step
* make sure you can't verify twice in the 3rd step
Change-Id: I9b16b6e75defe9da551b965d9401f2cad8801f1d
Reviewed-on: https://gerrit.instructure.com/9552
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Change all curl examples to use an oauth access token with the
Authorization header. Also cleanup of the pages discussing authorization
and oauth, and some general sprucing up of the documentation front pages.
test plan: n/a
Change-Id: I64dfe89932c4e98b6ea0f67b3ef09ba10a315444
Reviewed-on: https://gerrit.instructure.com/7764
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
test plan: run the doc:api rake task, verify the docs are still
generated
Change-Id: I9f372a8e68de1019619b452c14f1ebbb1895cecf
Reviewed-on: https://gerrit.instructure.com/7745
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
Cody Cutrer