fixes#6142
test plan: Create a course and enroll some students. Move the course to
another root account. The following SQL query should return 0:
SELECT COUNT(e.id) FROM enrollments e
INNER JOIN courses c ON e.course_id = c.id
WHERE e.root_account_id != c.root_account_id
To test the migration, mess up some of the enrollment
root_account_ids:
UPDATE enrollments SET root_account_id = 99
Before migrating, the SELECT COUNT snippet above should return
false, after migrating, it should return true.
Change-Id: I9b18dded8a763a8a05f5e631907f77b4e9a1bd49
Reviewed-on: https://gerrit.instructure.com/7081
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
testplan: try to set an sis id via the UI, a raw request, or the console
Change-Id: I9749031729bf7d94070f4fd67c0a2f595ce337ed
Reviewed-on: https://gerrit.instructure.com/7007
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
that's only true for Instructure, and not for hosted or open source
installations
test plan: n/a
Change-Id: I63c3c163fba410da758c4b0fe132332c0460abbc
Reviewed-on: https://gerrit.instructure.com/7009
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
refs #6177, #6199
test plan: (only relevant with a plugin that changes the behavior of
Pseudonym#works_for_account?; otherwise behavior should be unchanged)
enable open registration, invite a user that already exists, but
doesn't have a pseudonym in the account you're inviting them to. accept
as the existing user. they should now have a pseudonym in the target
account, copied from another account (preferentially the default account)
Change-Id: Ia86888524a5132387bb120df3262d7205d8e04d1
Reviewed-on: https://gerrit.instructure.com/6983
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
find links in quiz questions from courses other than the course the
question's quiz is in; find related assessment question and pull the
corresponding link from there to use instead.
Change-Id: I4dd2f0c279a6263f753ec898dc17e91e62997923
Reviewed-on: https://gerrit.instructure.com/6910
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
closes#6382
Previously, the "stay logged in" cookie just used the authlogic default
implementation, which is the pseudonym persistence_token. This is a
problem, because that persistence_token only ever changes when the
pseudonym password changes, so it's the same everywhere; so if that
cookie is stolen, it's valid for a very long time.
This switches us to one-time-use tokens that expire as soon as the token
logs the user in once. Each user agent also gets a different
one-time-use token.
Change-Id: I4f20cd7759fd74590e82ed55797552e342243d49
testplan:
* Check that no token is set at all when "stay logged in" isn't
selected.
* Check "stay logged in", and verify:
* That you don't have to login again after restarting your browser,
but your _normandy_session got reset.
* That if you save and try to replay using the same
pseudonym_credentials, they don't work the second time.
* That a second browser will get a different pseudonym_credentials
value, and using one token doesn't affect the other.
* That once the token is used, a new one is generated and set in
your cookies. Verify this new token works as well.
* That logging out removes the pseudonym_credentials cookie in your
browser. And also that manually restoring this cookie still
doesn't log you in, since it was removed server-side as well.
* Change your password, and verify that the existing "stay logged in"
tokens no longer work.
* Delete your pseudonym, and verify the same.
Reviewed-on: https://gerrit.instructure.com/7093
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
refs #6382
testplan:
* Login without selecting "stay logged in", and verify that no
pseudonym_credentials cookie is set, not even a session cookie.
* Verify the same when logging in via SSO.
Change-Id: I3bbb4f1057d2876541772b868f03f13df947c96a
Reviewed-on: https://gerrit.instructure.com/7092
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
fixes the behavior such that we only toggle ungraded assignment counts
related to a particular user when his active enrollments in a given
course go from zero to one and vice versa.
also fixes performance issues in mysql. this required a custom trigger
body. see https://github.com/jenseng/hair_trigger/commit/326a10c for
the related hairtrigger commit to support this
Change-Id: Ie36b3d33ced69321f3a87468ab56480b1378d235
Reviewed-on: https://gerrit.instructure.com/6808
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
refs #5833
testplan: enable open registration, invite a user, have that user accept
and create a new account. Then invite with the same e-mail again,
login as the old user, and the invitation should be visible in the UI.
Accept the invitation, using the existing account, and the enrollment
should not be duplicated in the UI.
Change-Id: I64c886617f87f64bad35593229ee18434163ca7b
Reviewed-on: https://gerrit.instructure.com/6778
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
In current BLTI there are two options for adding links:
- know the URL beforehand
- know a "naked" URL that can be associated with a resource
but not until after embed
Neither of these are great for the end-user. This commit
adds a third option, as discussed with some other users of
BLTI, where instead the user can click a link in the UI
to load an iframe where they can then find the specific
resource they want to embed. They never need to know
any URLs to make this happen.
to configure an external tool:
tool.settings = {
:resource_selection => {
:url => "http://<canvas_domain>/selection_test",
:text => <label>,
:selection_width => <iframe_width>,
:selection_height => <iframe_height>
}
}
test plan:
- configure an external tool on the course
- click to add an item to a course module
- select "external tools"
- pick the tool from the list
- select a link from the dialog
- make sure the link was inserted correctly
- try clicking the first "bad" link in the tool and confirm error is caught
- try clicking the second "bad" link in the tool and confirm error is caught
- try clicking the this "bad" link in the tool and confirm no errors occur
- make sure an account-level tool also appears
Change-Id: I47fd8461f1050c332e5cae32d9a3141a8de5b38d
Reviewed-on: https://gerrit.instructure.com/6326
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
closes#6114
test plan:
* disable "Students can opt-in to receiving scores in email
notifications", then try to update your notification preferences
Change-Id: I47df45da741fbbc349b746c590b5d5a25feab7f5
Reviewed-on: https://gerrit.instructure.com/7040
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Test plan:
* use the /api/v1/courses/:course_id/course_copy endpoint to start a course copy
* use the returned status url to make sure the status works
* when the copy is complete make sure the course has all expected data
closes#6250
Change-Id: I95c2567d0a566d97836579dd3b7b0a224328ec38
Reviewed-on: https://gerrit.instructure.com/7032
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
also add a checkbox for admins to only search for existing users
(i.e. ignore open registration)
Change-Id: I84d2ba7992339b37506e41a50c336325af0ac73b
testplan:
* add a student to a course as a TA
* add a user to an account or a course as an admin, with and without
open registration, with and without manage_user_logins permission,
with and without checking "search only existing users" (not all
combinations applicable, each underlying condition is checked in
specs)
Reviewed-on: https://gerrit.instructure.com/6969
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
testplan: delete all logins for an account from a user, and check
their associations
Change-Id: I13939947e38525d4fe821cc991f622f5e117804c
Reviewed-on: https://gerrit.instructure.com/7001
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
External tools weren't copied when copying a course
so that is implemented here as well
test plan:
Export/Import:
* Create an external tool assignment
* export the course
* import the course into a new course
* set the secrets on the external tool
* make sure the assignment works in the new course
Copy:
* Copy a course into a new course
* make sure the assignment works
refs #5892
Change-Id: I4aab8966b53ca2d144fddd71eefd0acbdb7c0bff
Reviewed-on: https://gerrit.instructure.com/6958
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
refs #6199, #6177
makes it easier for a plugin to modify the logic. also removed dummy
method in Account that is never hooked into.
Change-Id: I87e2cad5172f6dece4448d61dc4681a94c44cecb
testplan: login
Reviewed-on: https://gerrit.instructure.com/6982
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes#5824
testplan: for each sort criteria, make a number of assignments that
differ in every field but the already matched sort criteria, and
make sure the sort order is right in the csv.
sort criteria are whether or not there is a due date, due date,
assignment group, position, and title
Change-Id: Ia18f32de5ab2f44e3e64b582cca3df1bedd9553a
Reviewed-on: https://gerrit.instructure.com/6791
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Test plan:
* create assignment worth 5 points
* add a rubric for grading worth 10 points
* save the rubric and choose to change or not change assignment points
* make sure the assignment points were adjusted or not
closes#5788
Change-Id: I13668261010480ccd0c239d73eb01417d889da62
Reviewed-on: https://gerrit.instructure.com/6844
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
if a discussion goes from ungraded to graded create any missing
submissions in the newly associated assignment for existing entries.
also, find any situations where this should have already happened and
rectify them.
test-plan:
* using old code, create two ungraded discussions
* have a student contribute to each discussion
* switch the discussion to being graded
* note there are no submissions for the student in the speedgrader
* apply migration
* note there are submissions for the student in the speedgrader
* using new code, create a third ungraded discussion
* have the student contribute to the third discussion
* switch the third discussion to being graded
* note there is a submission for the student in the speedgrader
fixes#5748
Change-Id: I30b90ba36c5d688cd9512bdb2d9d2df2cee06a08
Reviewed-on: https://gerrit.instructure.com/6822
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
teachers and TAs can be limited to a specific section, in which case we
need to enforce those limitations in the submissions api.
testplan: set up a course with 2+ sections, and a teacher who is only
allowed to access 1 of those sections. then verify:
* GET /submissions should not list users in other sections
* GET /submissions/:id for a user in another section should 404
* PUT /submissions/:id for a user in another section should 404
* GET for_students with user ids in other sections should not return those users
* all of the above should return no submissions if the user attempts to access the api via /sections/:section_id of the other section
close#5859
Change-Id: I102b13d1462f588277ca559f418785452e58e816
Reviewed-on: https://gerrit.instructure.com/6796
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
testplan: check to make sure:
* nil urls are allowed
* surrounding whitespace is stripped
* empty urls are not allowed
* it parses a wide variety of urls
* it adds missing schemes
* it ensures a host exists
* invalid schemes are rejected
Change-Id: I93e89f8e67d847d488693f7dd4f95e52c898054d
Reviewed-on: https://gerrit.instructure.com/6659
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Test plan:
* create an assignment
* grade a student on that assignment
* download grade csv and make sure the final/current grades are same as web UI
* delete the assignment
* download/check grade csv again
* undelete the assignment
* download/check grade csv again
refs #5395
Change-Id: Ice1c2882f75e734758346243d8ff1a283633067a
Reviewed-on: https://gerrit.instructure.com/6755
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
closes#4692
This email was sent as soon as the record was created, which wasn't at
all helpful since at that point it has no content. It also caused issues
with teachers who wanted to create hidden wiki pages, since it is sent
before the teacher has a chance to hide the page.
updated wiki page notifications will still be sent out.
Change-Id: Ie6762eafd67d683dbf942a5fb5c443dd1b2288e6
Reviewed-on: https://gerrit.instructure.com/6786
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
test plan:
create a user with a sortable name other than what is automatically
inferred; make sure it displays correctly in the users list for the
account
Change-Id: I12528436571ffdd211d6d2719eb1789d9afffdd2
Reviewed-on: https://gerrit.instructure.com/6732
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
* Don't show merge opportunities for confirmation or transfer enrollment flows
* Combine current user and other user sections into a single section
* Use simplified wording for single merge opportunity
* Use "add e-mail address" for logged in, non-matching single e-mail opportunity
* Hide the registration form behind an additional click if there are merge
opportunities
* When a login is required to complete the action, automatically do the action
after login, assuming they logged in as the correct user
Change-Id: If07b38702c15509af6798fc00bc062f286789438
Reviewed-on: https://gerrit.instructure.com/6649
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
By properly configuring external tools (see
/spec/models/course_spec/rb:898 for examples) they can
be added as left-side navigation links to a course,
an account, or to the user profile section of Canvas.
testing notes:
- you have to manually set options on the external tool:
- for user navigation the tool needs to be created on the root account
with the following settings:
{:user_navigation => {:url => <url>, :text => <tab label>} }
(there are also some optional language options you can set using
the :labels attribute)
- for account navigation it's the same
- for course navigation it's the same, except with :course_navigation
there's also some additional options:
:visibility => <value> // public, members, admins
:default => <value> // disabled, enabled
test plan:
- configure a user navigation tool at the root account level,
make sure it shows up in the user's profile section
- configure a course navigation tool at the account level,
make sure it shows up in the course's navigation
- configure a course navigation tool at the course level,
make sure it shows up in the course's navigation
- make sure :default => 'disabled' course navigation tools don't
appear by default in the navigation, but can be enabled on
the course settings page
- make sure :visibility => 'members' only shows up for course members
- make sure :visibility => 'admins' only shows up for course admins
- configure an account navigation tool at the account level,
make sure it shows up in the account's navigation, and
any sub-account's navigation
Change-Id: I977da3c6b89a9e32b4cff4c2b6b221f8162782ff
Reviewed-on: https://gerrit.instructure.com/5427
Reviewed-by: Brian Whitmer <brian@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Test Plan:
Create a quiz with a FIMB question. As a student, take the quiz and enter '<'
in one of the blanks for that question. Submit the quiz. See the results and
verify that '<' was not changed to '<'.
Change-Id: I83df931bb0b3fa28d6a03d6d715d9ad27ddf8881
Reviewed-on: https://gerrit.instructure.com/6691
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Discussions have an option to not allow users to see replies
until they've posted themselves. This worked correctly on the
discussion page itself, but the user would still see the
replies in their stream
This also removes that option, and the delayed posting option
from group discussion topics. These settings are useless in
that context because all users are admins and can see the
topics anyway.
Test Plan:
* create a topic in a course and check the box "Replies are not visible until after users post"
* post a reply to that topic as the teacher
* log in as a student in that course and go to your dashboard
* you should see the topic in the stream but not the response you created as a teacher
closes#4706
Change-Id: I0c50a3adb8e18ea74d209f4c9a5ac429b7faaf0e
Reviewed-on: https://gerrit.instructure.com/6684
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
also, make the random assignment happen on the server via an ajax call.
before, it would make one ajax call per student assigned, which is
rather inefficient when there are many students to assign.
fixes#6099
Change-Id: I89e5059fa1bd42b1a25e5cb88d552841c426530a
Reviewed-on: https://gerrit.instructure.com/6576
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
supports creating and listing top-level entries in a discussion topic,
and creating and listing replies to a discussion entry. listing
discussion topics was already supported. includes support for
attachments on top-level entries.
test-plan:
creating an entry under a topic
should allow creating an entry under a topic and create it correctly
should return json representation of the new entry
should allow creating a reply to an existing top-level entry
should not allow reply-to-reply
should allow including attachments on top-level entries
should silently ignore attachments on replies to top-level entries
should include attachment info in the json response
listing top-level discussion entries
should return top level entries for a topic
should return attachments on top level entries
should include replies on top level entries
should sort top-level entries by descending created_at
should sort replies included on top-level entries by descending
created_at
should paginate top-level entries
should only include the first 10 replies for each top-level entry
listing replies
should return replies for an entry
should sort replies by descending created_at
should paginate replies
require initial post
should allow admins to see posts without posting
shouldn't allow student who hasn't posted to see
shouldn't allow student's observer who hasn't posted to see
should allow student who has posted to see
should allow student's observer who has posted to see
fixes#4752
Change-Id: I0da83e6c301be74f1ac5d2d957ebb6338a98179c
Reviewed-on: https://gerrit.instructure.com/6690
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
testplan: you can set up an assignment as an external_tool type
manually, and then hit the IMS certification test tool to verify that
replaceResult and readResult are now fully supported.
Change-Id: Id193ba1943f51b3cb4b6a2d078d8a2262c26659e
Reviewed-on: https://gerrit.instructure.com/6678
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
There isn't current any way to create this assignment type in the UI.
This just gets us far enough that we can test out the API functionality
against the IMS tests and some other tools that use grade passback.
refs #5892
Change-Id: I6f806a53bca0708702ff9e64e8e520be26234430
Reviewed-on: https://gerrit.instructure.com/6661
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
imported matching answers were missing the required 'left' field
import the package attached to the ticket to test
closes#6146
Change-Id: I97e4af7070cb2068e677af91d3f23cde8e077987
Reviewed-on: https://gerrit.instructure.com/6615
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Also versioned the URI and removed the tool_id param. As part of the
processing it pulls the tool from the assignment and verifies that it's
the same tool as was used to launch, by looking at the sourcedid.
Assignments now have an external_tool type and link to a
ContextExternalTool.
testplan: there isn't a way in the UI to configure an assignment as an
external tool yet, so it'll need to be manually configured in the
console.
Change-Id: I0cf5ec85d450409d6ea1ec71ce1d5d4c19622d4c
Reviewed-on: https://gerrit.instructure.com/6652
Reviewed-by: Brian Whitmer <brian@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Other asset types (like assignments, wiki pages and files)
have a required linking between the name of the asset and
the name of the tag. This is for consistency's sake.
However, it doesn't make sense to enforce this kind of
policy for external tools, since tools can be configured
at the account level, and instructors shouldn't have the
ability to rename tools somewhere up the chain. This
change disconnects external tools from tags linking to
those external tools.
fixed#6170
testplan:
- configure an external tool
- add an external tool to a course module
- rename the link to something other than the tool's name
- check to make sure the tool's name didn't also change
- configure an external tool
- add an external tool to a course module
- rename the tool
- check to make sure the link's name didn't also change
- add an assignment to a course module
- rename the link in the module
- check to make sure the assignment's name also changed
- add an assignment to a course module
- rename the assignment
- check to make sure the module link's name also changed
Change-Id: I2291b4ca0ee2c83da1dd9a81bc46eb05d1925982
Reviewed-on: https://gerrit.instructure.com/6641
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
when a student is viewing the list of groups they are in and that they
may join, enable viewing the roster of each group. :read_roster
permission is given to students that are eligible to join the group or
request an invitation to the group. fix pageless so that if the
container is hidden when a load completes, the loader is still properly
hidden. fixes#5931
Change-Id: I50aee8c19e927ce25afa17d9b1533df0aa7239e9
Reviewed-on: https://gerrit.instructure.com/6184
Reviewed-by: Brian Whitmer <brian@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
also made general purpose methods for ranking (in ruby and sql) and
distinct on.
Change-Id: I4052472eb700cbdfe6b586ed6d12f61fd51bf08f
Reviewed-on: https://gerrit.instructure.com/6593
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
This makes the access report actually show the right names for things, and it
also displays icons next to them to indicate the type.
Change-Id: I0241bc9546555a0796dee35786cdfcddb930ef1a
Reviewed-on: https://gerrit.instructure.com/3869
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
A group membership could have been deleted before this pre-processing
so if the membership isn't found don't try to delete it
closes#6145
Change-Id: I7bac508f52de0e3b07a83d2eb5c87b22886ce5cc
Reviewed-on: https://gerrit.instructure.com/6606
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Cameron Matheson