fixes#6142
test plan: Create a course and enroll some students. Move the course to
another root account. The following SQL query should return 0:
SELECT COUNT(e.id) FROM enrollments e
INNER JOIN courses c ON e.course_id = c.id
WHERE e.root_account_id != c.root_account_id
To test the migration, mess up some of the enrollment
root_account_ids:
UPDATE enrollments SET root_account_id = 99
Before migrating, the SELECT COUNT snippet above should return
false, after migrating, it should return true.
Change-Id: I9b18dded8a763a8a05f5e631907f77b4e9a1bd49
Reviewed-on: https://gerrit.instructure.com/7081
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
increasing magnifcation 2 or more times in webkit browsers should no
longer cause the Course/Assignments dropdown menus to appear.
Change-Id: I3a5dfbd6cd441c47b408386576cc05ac136418a9
Reviewed-on: https://gerrit.instructure.com/7062
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
fixes#6091
Test plan: After creating a course with student groups and course
sections, click on the link to "Inbox" to create a new conversation.
Clicking the addressbook icon in the "To" field should only show Courses
and Student Groups in the top level (no course sections). You should
still be able to search for Course Sections.
Change-Id: I40b58d8a6255bbd59c58c6e1a64a66897b6c4727
Reviewed-on: https://gerrit.instructure.com/7061
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
refs #5833
test plan: enable open registration on an account, go to add an admin, the
box should not be checked. disable open registration, it should be checked
Change-Id: I60b07deb5cd622e9df84682027e2e4767fafaced
Reviewed-on: https://gerrit.instructure.com/7080
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
testplan: try to set an sis id via the UI, a raw request, or the console
Change-Id: I9749031729bf7d94070f4fd67c0a2f595ce337ed
Reviewed-on: https://gerrit.instructure.com/7007
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
testplan:
* hit the API with a few different calls that use SIS ids (such as
sis_user_id:whatever), and make sure calls still return the correct
data. no calls currently use api_find_all, so nothing yet to test
there.
Change-Id: I2804c29a18342254a94709bac93a1ffb9b0467b8
Reviewed-on: https://gerrit.instructure.com/7026
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: John Harrison <john@instructure.com>
that's only true for Instructure, and not for hosted or open source
installations
test plan: n/a
Change-Id: I63c3c163fba410da758c4b0fe132332c0460abbc
Reviewed-on: https://gerrit.instructure.com/7009
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
refs #6177, #6199
test plan: (only relevant with a plugin that changes the behavior of
Pseudonym#works_for_account?; otherwise behavior should be unchanged)
enable open registration, invite a user that already exists, but
doesn't have a pseudonym in the account you're inviting them to. accept
as the existing user. they should now have a pseudonym in the target
account, copied from another account (preferentially the default account)
Change-Id: Ia86888524a5132387bb120df3262d7205d8e04d1
Reviewed-on: https://gerrit.instructure.com/6983
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
we had to disable the browser's
built in auto-completion for
our fancy inputs on the login
screen because it would force an ugly
yellow background like this:
http://screencast.com/t/jrit5OiiGeuE
this fixes the styling to use some css3 tricks in
webkit browsers so we don't have to disable
the functionality any more
test plan:
go to login screen in chrome or safari
type your username and password
it should prompt if you want it to remember it
say yes
log out and go back to login screen you should
see something like:
http://screencast.com/t/IZL4bfsmQM
go to it in ie8, it should still look like how
it used to.
Change-Id: If724698dfea0860e3929f515b36850624c970a51
Reviewed-on: https://gerrit.instructure.com/7128
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
if RelayState is provided and it's an absolute path, we will redirect to
it upon successful SAML auth (rather than to the dashboard)
test plan:
validate the following SAML success scenarios
1. if no RelayState is given, you should go to the dashboard
1. if RelayState is an absolute path, you should be redirected to it
2. if RelayState is any other sort of URI, you should go to the
dashboard
Change-Id: If92f29b4fa1e6b83449c05125a894887628f59a7
Reviewed-on: https://gerrit.instructure.com/7127
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
adds api endpoint at [POST] /account/:account_id/users.
allows setting of user's name, short name, sorting name,
time zone, and the associated pseudonym's unique_id,
password, and sis_user_id.
test plan:
(1) create an account;
(2) make a post request with an admin user's access token
to /accounts/:account_id/users that includes at least
the following fields:
* user[name]
* pseudonym[unique_id]
* pseudonym[password]
(3) verify that new user is created;
(4) create a user via the api and send
pseudonym[send_confirmation] parameter as "1;"
(5) verify that new user receives an email confirmation of
account creation.
Change-Id: Ibb4f0387019e694af923d8742ad13cacc04e1d6a
Reviewed-on: https://gerrit.instructure.com/7057
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
find links in quiz questions from courses other than the course the
question's quiz is in; find related assessment question and pull the
corresponding link from there to use instead.
Change-Id: I4dd2f0c279a6263f753ec898dc17e91e62997923
Reviewed-on: https://gerrit.instructure.com/6910
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Configured external tools can show up as buttons in the
rich editor. If you click the button then it'll pop up
a dialog that uses basic lti to load a page for the
external tool. The user can pick a resource in that
tool and the tool will then redirect back to a Canvas
url that will fire a callback and embed the content
into the editor.
See spec/selenium/external_tool_buttons_sel.rb for an
example of how to manually configure one of these tools.
Adding configuration to the UI will come in another
commit.
testing notes:
to configure an external tool to show up in the editor:
tool.settings = {
:editor_button => {
:url => "http://<canvas_domain>/selection_test",
:text => <button_label>,
:selection_width => <width_of_iframe>,
:selection_height => <height_of_iframe>,
:icon_url => <url_of_button_icon>
}
}
test plan:
- configure an external tool in the course with an editor button
- check to see if the button shows up in the rich editor in that course
- configure an external tool in the account with an editor button
- check to see if the button shows up for courses in that account
- configure more than 3 external tools
- check to see if the "more tools" dropdown works correctly
Change-Id: I681db0af578df6a9c7a2c840d293703937d81c46
Reviewed-on: https://gerrit.instructure.com/5429
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
It looks better if we clump the select boxes and the checkboxes
rather than breaking up the checkboxes with a new select box.
Change-Id: I34532480a4eb626a9bcd76bcf93d0c57f664088d
Reviewed-on: https://gerrit.instructure.com/7120
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
closes#6382
Previously, the "stay logged in" cookie just used the authlogic default
implementation, which is the pseudonym persistence_token. This is a
problem, because that persistence_token only ever changes when the
pseudonym password changes, so it's the same everywhere; so if that
cookie is stolen, it's valid for a very long time.
This switches us to one-time-use tokens that expire as soon as the token
logs the user in once. Each user agent also gets a different
one-time-use token.
Change-Id: I4f20cd7759fd74590e82ed55797552e342243d49
testplan:
* Check that no token is set at all when "stay logged in" isn't
selected.
* Check "stay logged in", and verify:
* That you don't have to login again after restarting your browser,
but your _normandy_session got reset.
* That if you save and try to replay using the same
pseudonym_credentials, they don't work the second time.
* That a second browser will get a different pseudonym_credentials
value, and using one token doesn't affect the other.
* That once the token is used, a new one is generated and set in
your cookies. Verify this new token works as well.
* That logging out removes the pseudonym_credentials cookie in your
browser. And also that manually restoring this cookie still
doesn't log you in, since it was removed server-side as well.
* Change your password, and verify that the existing "stay logged in"
tokens no longer work.
* Delete your pseudonym, and verify the same.
Reviewed-on: https://gerrit.instructure.com/7093
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
test plan:
1. confirm that you can still take a quiz/survey, i.e.
* create a new quiz and preview it
* create a new quiz, publish it and then take it
* edit an existing quiz and preview it
* take an existing quiz as a teacher
* take an existing quiz as a student
2. confirm that you cannot access a quiz except through the take/resume/
preview links and buttons. i.e. if you haven't started it (or have
already finished it), if you go to /courses/<course>/quizzes/<quiz>/take
it should just show quiz page
Change-Id: I636e3707cabbc9a07725a65fd093a9fad8b7192d
Reviewed-on: https://gerrit.instructure.com/7083
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
refs #6382
testplan:
* Login without selecting "stay logged in", and verify that no
pseudonym_credentials cookie is set, not even a session cookie.
* Verify the same when logging in via SSO.
Change-Id: I3bbb4f1057d2876541772b868f03f13df947c96a
Reviewed-on: https://gerrit.instructure.com/7092
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
…since the app will already have it's
own header
Change-Id: Iae8221adc653e4adbd2866fcb84e8df90df96ed0
Reviewed-on: https://gerrit.instructure.com/7049
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: BJ Homer <bj@instructure.com>
fixes the behavior such that we only toggle ungraded assignment counts
related to a particular user when his active enrollments in a given
course go from zero to one and vice versa.
also fixes performance issues in mysql. this required a custom trigger
body. see https://github.com/jenseng/hair_trigger/commit/326a10c for
the related hairtrigger commit to support this
Change-Id: Ie36b3d33ced69321f3a87468ab56480b1378d235
Reviewed-on: https://gerrit.instructure.com/6808
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
this is helpful for:
* Assisting search engines
* Assisting speech synthesizers (screen readers)
* Browsers like chrome will detect that page is in,
for example, spanish, and that your OS's locale
is english and ask you if you want to translate
the page for you
* Helping a user agent select glyph variants for
high quality typography
* Helping a user agent choose a set of quotation
marks
* Helping a user agent make decisions about
hyphenation, ligatures, and spacing
* Assisting spell checkers and grammar checkers
Change-Id: I993e008a46bc6c545b787756207f073bdc626e8a
Reviewed-on: https://gerrit.instructure.com/7003
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
refs #5833
testplan: enable open registration, invite a user, have that user accept
and create a new account. Then invite with the same e-mail again,
login as the old user, and the invitation should be visible in the UI.
Accept the invitation, using the existing account, and the enrollment
should not be duplicated in the UI.
Change-Id: I64c886617f87f64bad35593229ee18434163ca7b
Reviewed-on: https://gerrit.instructure.com/6778
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
In current BLTI there are two options for adding links:
- know the URL beforehand
- know a "naked" URL that can be associated with a resource
but not until after embed
Neither of these are great for the end-user. This commit
adds a third option, as discussed with some other users of
BLTI, where instead the user can click a link in the UI
to load an iframe where they can then find the specific
resource they want to embed. They never need to know
any URLs to make this happen.
to configure an external tool:
tool.settings = {
:resource_selection => {
:url => "http://<canvas_domain>/selection_test",
:text => <label>,
:selection_width => <iframe_width>,
:selection_height => <iframe_height>
}
}
test plan:
- configure an external tool on the course
- click to add an item to a course module
- select "external tools"
- pick the tool from the list
- select a link from the dialog
- make sure the link was inserted correctly
- try clicking the first "bad" link in the tool and confirm error is caught
- try clicking the second "bad" link in the tool and confirm error is caught
- try clicking the this "bad" link in the tool and confirm no errors occur
- make sure an account-level tool also appears
Change-Id: I47fd8461f1050c332e5cae32d9a3141a8de5b38d
Reviewed-on: https://gerrit.instructure.com/6326
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
also wrapped take_quiz in a require call to be AMD
compatible.
also fixed an issue where the ajax errors weren't
firing properly
Test case:
1. Take a quiz
2. Should say in the right bar "Not saved"
2. Answer a question
3. Should say "Saving…"
4. Wait a sec, should say "Saved at [time]"
Change-Id: Ia99c26a976626674347cc6ce8f3a0c0c2805b128
Reviewed-on: https://gerrit.instructure.com/6797
Reviewed-by: Ryan Florence <ryanf@instructure.com>
Tested-by: Ryan Florence <ryanf@instructure.com>
closes#6114
test plan:
* disable "Students can opt-in to receiving scores in email
notifications", then try to update your notification preferences
Change-Id: I47df45da741fbbc349b746c590b5d5a25feab7f5
Reviewed-on: https://gerrit.instructure.com/7040
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Test plan:
* use the /api/v1/courses/:course_id/course_copy endpoint to start a course copy
* use the returned status url to make sure the status works
* when the copy is complete make sure the course has all expected data
closes#6250
Change-Id: I95c2567d0a566d97836579dd3b7b0a224328ec38
Reviewed-on: https://gerrit.instructure.com/7032
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
test plan: log in as a non-site-admin, but an account-admin,
and it should be visible
Change-Id: I38254c4f3cd2d42f6f43b54958a4ba1ee677a0af
Reviewed-on: https://gerrit.instructure.com/7012
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
testplan: with rails caching enabled, change a user's avatar settings to
(a) a different service or (b) a different image url. verify that the
change is immediately visible, rather than having to wait 30 min.
Change-Id: I03c63a0e5a2cccd59ed8d9f324d2e391b46c4675
Reviewed-on: https://gerrit.instructure.com/5284
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
also add a checkbox for admins to only search for existing users
(i.e. ignore open registration)
Change-Id: I84d2ba7992339b37506e41a50c336325af0ac73b
testplan:
* add a student to a course as a TA
* add a user to an account or a course as an admin, with and without
open registration, with and without manage_user_logins permission,
with and without checking "search only existing users" (not all
combinations applicable, each underlying condition is checked in
specs)
Reviewed-on: https://gerrit.instructure.com/6969
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
testplan: delete all logins for an account from a user, and check
their associations
Change-Id: I13939947e38525d4fe821cc991f622f5e117804c
Reviewed-on: https://gerrit.instructure.com/7001
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
The "Add New Entry" link should not be visible while
a new entry is being added.
test plan:
- go to a discussion topic
- click to add a new entry
- "Add New Entry" link should not be visible
- click "Cancel"
- link should be visible again
Change-Id: Ie1ae6af0250ea060b712fa9354b39ec8ba19a8e7
Reviewed-on: https://gerrit.instructure.com/6977
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Sometimes it said "reply", sometimes it said "add a new
entry". Sometimes there was a title on hover, sometimes
there wasn't.
Change-Id: I02c7636cf59f0d931d7e2fa602fa59b447faea87
Reviewed-on: https://gerrit.instructure.com/6976
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
External tools weren't copied when copying a course
so that is implemented here as well
test plan:
Export/Import:
* Create an external tool assignment
* export the course
* import the course into a new course
* set the secrets on the external tool
* make sure the assignment works in the new course
Copy:
* Copy a course into a new course
* make sure the assignment works
refs #5892
Change-Id: I4aab8966b53ca2d144fddd71eefd0acbdb7c0bff
Reviewed-on: https://gerrit.instructure.com/6958
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
refs #6199, #6177
makes it easier for a plugin to modify the logic. also removed dummy
method in Account that is never hooked into.
Change-Id: I87e2cad5172f6dece4448d61dc4681a94c44cecb
testplan: login
Reviewed-on: https://gerrit.instructure.com/6982
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
test-plan:
* go to inbox and start new conversation
* add multiple recipients (or single 'bulk' recipient)
* note 'group conversations' checkbox appears but is unchecked
* check checkbox
* remove recipients, then re-add
* note 'group conversations' checkbox is back to unchecked
Change-Id: I944f3b35e0356ee99e015e6e983577a56419e3a8
Reviewed-on: https://gerrit.instructure.com/6989
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
test plan:
* create a blti link on a module
* click on the link and make sure it works
refs #5892
Change-Id: Iece9fa4eb06479079a0a1e1ac954d484b894ca48
Reviewed-on: https://gerrit.instructure.com/6959
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes#5824
testplan: for each sort criteria, make a number of assignments that
differ in every field but the already matched sort criteria, and
make sure the sort order is right in the csv.
sort criteria are whether or not there is a due date, due date,
assignment group, position, and title
Change-Id: Ia18f32de5ab2f44e3e64b582cca3df1bedd9553a
Reviewed-on: https://gerrit.instructure.com/6791
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
they changed the way their embed js works
it document.write's an iframe so the script
tag needs to be right were it is going to go
(not at the bottom of the page)
the embed code that I get from their website
still has a <div id="client"></div> so I left that
even though they dot appear to be using it.
Change-Id: Iedd7c405657907a113752c296303fdbdf2b8a324
Reviewed-on: https://gerrit.instructure.com/6872
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Tested-by: Zach Wily <zach@instructure.com>
The conversations API had made up its own submission response format,
rather than using the standard submission formatting already used by
other API calls.
fixes#6289
testplan:
* as a teacher, create a conversation with a student
* create an assignment, and have the teacher and/or student comment on
the assignment submission
* verify those comments still appear in the conversations web ui
verify that the submission and comments now come back in the api
using the same format as the submissions api, with assignment and
comment data included
* make more than 10 comments, verify that only 4 are displayed at
first, then 10 total, and a link provided to view the full submission.
Change-Id: I05a37a1498fa3d6a1ab908c462a04d28f2854eb8
Reviewed-on: https://gerrit.instructure.com/6852
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
also s/alerts/announcements/ that were missed
testplan: create a global announcement; log in as a user with no enrollments.
the announcement should be visible
Change-Id: Ieb698c92a8157dd4be2141e5a48067cb821dd13e
Reviewed-on: https://gerrit.instructure.com/6858
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Test plan:
* create assignment worth 5 points
* add a rubric for grading worth 10 points
* save the rubric and choose to change or not change assignment points
* make sure the assignment points were adjusted or not
closes#5788
Change-Id: I13668261010480ccd0c239d73eb01417d889da62
Reviewed-on: https://gerrit.instructure.com/6844
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
sorting was causing outcomes groups to disappear/throw
a DOM error. fixed by adding a child <div> to hold all
sortable elements.
test plan:
1. visit outcomes page for a course;
2. add two learning outcome groups;
3. while dragging outcome group, move cursor to far
left or right of the page and release mouse;
4. verify that the outcome group does not disappear
from the page.
Change-Id: If109ff891ab8a0fcc9787716556e37f8bef32c80
Reviewed-on: https://gerrit.instructure.com/6688
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
fixes#5979
test-plan:
* create a group or course with a really long name, then select the
"Everyone" (or "Teachers" or some such) from that entity in the
conversations recipient browser.
* the name should be truncated with ellipsis preventing the page from
overflowing.
* resize the page, the max-width of the token should flow with the
page, to use available space but not overflow the page.
* mouse over the truncated token; title tooltip should have the full
name
Change-Id: I1c8ac46f36031ab7d1d53f672102797460ce6511
Reviewed-on: https://gerrit.instructure.com/6835
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Jacob Fugal <jacob@instructure.com>
if a discussion goes from ungraded to graded create any missing
submissions in the newly associated assignment for existing entries.
also, find any situations where this should have already happened and
rectify them.
test-plan:
* using old code, create two ungraded discussions
* have a student contribute to each discussion
* switch the discussion to being graded
* note there are no submissions for the student in the speedgrader
* apply migration
* note there are submissions for the student in the speedgrader
* using new code, create a third ungraded discussion
* have the student contribute to the third discussion
* switch the third discussion to being graded
* note there is a submission for the student in the speedgrader
fixes#5748
Change-Id: I30b90ba36c5d688cd9512bdb2d9d2df2cee06a08
Reviewed-on: https://gerrit.instructure.com/6822
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
but don't allow them to grade :)
test-plan:
* attempt to post entry to discussion through api as student; should
succeed
* attempt to post reply to entry through api as student; should
succeed
* attempt to set graded through api as student; should be unauthorized
* attempt to apply rubric through api as student; should be
unauthorized
* attempt to set grade and/or apply rubric through api as teacher;
should succeed
Change-Id: I4215ef02d1b0e3b68661fd6ab228be203d45526c
Reviewed-on: https://gerrit.instructure.com/6780
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
teachers and TAs can be limited to a specific section, in which case we
need to enforce those limitations in the submissions api.
testplan: set up a course with 2+ sections, and a teacher who is only
allowed to access 1 of those sections. then verify:
* GET /submissions should not list users in other sections
* GET /submissions/:id for a user in another section should 404
* PUT /submissions/:id for a user in another section should 404
* GET for_students with user ids in other sections should not return those users
* all of the above should return no submissions if the user attempts to access the api via /sections/:section_id of the other section
close#5859
Change-Id: I102b13d1462f588277ca559f418785452e58e816
Reviewed-on: https://gerrit.instructure.com/6796
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes#6248
testplan: create a discussion topic/reply with user content linking to context
files and media comments. when you grab these through the API, the
content links should be properly translated to links that don't require
a logged-in user to view (and media comments should be translated to
html5 video tags).
Change-Id: I27bc5847a1540c9a77f155afa12b52e720755a4d
Reviewed-on: https://gerrit.instructure.com/6837
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: BJ Homer <bj@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Cameron Matheson