fixes#7393
If it wasn't a kaltura media comment (youtube, etc) it would fail trying
to do a nil.gsub
test plan:
* create an assignment and embed a youtube video in the description
* submit the assignment, make a comment on the submission
* go to conversations and view your submisison comment, verify there
is no error
Change-Id: Ic5e36076d59da45776e8a5f279927bdb3ce2fb16
Reviewed-on: https://gerrit.instructure.com/8975
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
params[:download_frd] now accepted to force download of
even inline file types.
affects: files_controller
test plan:
* attach html file to a conversation message;
* click the link to the file and ensure that
it is downloaded by the browser and not opened
inline.
Change-Id: I57085e33c87512fc4f8b43bb6ceb7ff047ddcd59
Reviewed-on: https://gerrit.instructure.com/7473
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
affects: api
test plan:
* run specs
Change-Id: I68044ef19fc778f81bb6d61e8d9c66e1cae7d98e
Reviewed-on: https://gerrit.instructure.com/7430
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
the block provided to UserContent::HtmlRewriter#set_handler is stored as
a proc for later execution. calling break in a proc raises a
LocalJumpError. use next instead.
test-plan:
- Create a course, and enroll a student in that course.
- Create an attachment in the course.
- Lock the attachment (so the student can't view it).
- Create an assignment in the course and Refer to the attachment in
the assignment description.
- As the student, grab the assignment through the API.
- Should succeed and include the unmodified (and thus inaccessbile)
attachment URL.
Change-Id: I9e649cb55b31853d62001c799162fa26bb90a712
Reviewed-on: https://gerrit.instructure.com/7164
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
testplan:
* hit the API with a few different calls that use SIS ids (such as
sis_user_id:whatever), and make sure calls still return the correct
data. no calls currently use api_find_all, so nothing yet to test
there.
Change-Id: I2804c29a18342254a94709bac93a1ffb9b0467b8
Reviewed-on: https://gerrit.instructure.com/7026
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: John Harrison <john@instructure.com>
fixes#6248
testplan: create a discussion topic/reply with user content linking to context
files and media comments. when you grab these through the API, the
content links should be properly translated to links that don't require
a logged-in user to view (and media comments should be translated to
html5 video tags).
Change-Id: I27bc5847a1540c9a77f155afa12b52e720755a4d
Reviewed-on: https://gerrit.instructure.com/6837
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: BJ Homer <bj@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Finds by SIS ID in the API were all doing global searches, but SIS IDs
are only unique when scoped to a root account. This was causing the
wrong record to sometimes be found when the same sis id is used on
another root account, causing "status: unauthorized" errors.
testplan: create a second root account, and various SIS items in that
account like sub-accounts, courses, sections, users, etc. Doing API
calls against the default account domain should not find any of those
objects, and objects with the same SIS IDs in the default account should
always be found.
Change-Id: I33334426e5ffc4a9f1929234169b4eb8fa400cdb
Reviewed-on: https://gerrit.instructure.com/6821
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
This shaves about 0.8 seconds off canvas startup time in dev mode on my
MBP. Not a lot, but it's something.
Change-Id: I1e835e5a97a122b2f4a5c5dcd9d86d6a4c0369b0
Reviewed-on: https://gerrit.instructure.com/6472
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
file links get translated to direct file download links, and media
comments into embedded html video tags.
use this to add assignment description to the assignment json response.
closes#5739, closes#4742
Change-Id: Iccfc517014ed2777686c355a382ded290ae4d8b8
Reviewed-on: https://gerrit.instructure.com/6030
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
fixes#5737
There is one situation where a session is still desireable -- if the
attachment data includes links, for instance a html file attachment,
then a session will be needed to view the links from that file. The
limited safefiles session will still be created when downloading the
file, so apps can optionally use the session to support that
functionality.
Change-Id: I48558c4a3217ebea92118f8f08d1254041bd65e5
Reviewed-on: https://gerrit.instructure.com/5860
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
* fix a bug in Api.map_ids that was causing a worthless SELECT for each id given
* pre-load all the assignments and manually set them on the
submissions, to avoid those individual queries
* if sis ids are given, resolve them to AR ids all in one query, rather
than individually
* allow excluding attachments and discussion_entries using the
response_fields/exclude_response_fields functionality
Change-Id: Ib48016f8440959a08637385f0ccaa23d40e7adde
Reviewed-on: https://gerrit.instructure.com/5975
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Finding users is a bit different, since the user's sis information is
actually stored on the pseudonym. Before, we were working around this in
the submissions api. I've generalized it to work everywhere that uses
the Api find functionality, and in the process fixed the page views api
so that it works with sis ids.
This is necessary as we add more user apis, like the upcoming
/users/:user_id profile API.
Also added the /users/self shortcut to query the various user apis for
the user accessing the api.
Also for consistency, deprecate users/activity_stream in favor of
users/self/activity_stream
Change-Id: Icb0776231070b838bb341893d12b1061b90c5d04
Reviewed-on: https://gerrit.instructure.com/5628
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
also streamlined conversations json and made it more consistent
Change-Id: I422d9eaf5e2e8d228c184302cb2e95d2755f50d4
Reviewed-on: https://gerrit.instructure.com/5399
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
periods were being interpreted as the beginning of a file extension,
rather than part of the sis id. fixing this meant completely changing
our routing, unfortunately, since rails resourceful routing is very
oriented on numeric ids, with format extensions.
the .json extension is now optional for api requests, in api v2 we'll
drop it completely. there is the unfortunate edge case that a sis id
ending in ".json" can't be send through the v1 api -- except...
we also now support hex encoding sis ids in the api calls. this allows
arbitrary strings to be used. in theory this could just use uri
encoding, which is also "supported", but there are bugs in various
releases of apache and the rack/rails stack that make this impossible to
use with some characters, such as "." and "/".
the api documentation has been updated as well
Change-Id: Ifa4b529dffee0f30ef5384f94c64aa6e8f8f2542
Reviewed-on: https://gerrit.instructure.com/4940
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
users have both a SIS user_id and login_id, return both in the API and
allow both as ids when specifying a user in API calls using the syntax
sis_user_id:someid and sis_login_id:someid
These columns in the db aren't well named, unfortunately, but we'll try
to at least be consistent in the API.
This is technically a breaking change for the API. We've decided to go
ahead with it, as this API functionality was only recently added.
Change-Id: I8eabe4226580aa3b1aec7e5b7082b045f786e605
Reviewed-on: https://gerrit.instructure.com/4556
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
Brian Palmer