canvas-lms

Commit Graph

Author	SHA1	Message	Date
Jackson Howe	228f483cbc	Add account calendars api controller This api will be used by students and admins to see what account calendars are available (all available calendars, not the calendars that the user is "subscribed" to). It will also be used by admins to set account calendar visibility. Includes a miration to add an account_calendar_visible column to the accounts table. This is preferable to using a setting on Account since we'll be querying accounts using this valueas a parameter and prefer the performance of a column. closes LS-3253 flag = account_calendar_events Test plan: Part 1: index - Enroll a user in a few courses in different accounts - GET /api/v1/account_calendars as that user - Expect to see an entry for each account where the user has an enrollment, as well as all of those accounts' parents, up the chain - In the rails console, set one of the account's calendars as hidden: account = Account.find(x) account.account_calendar_visible = false account.save - GET /api/v1/account_calendars again, and expect the same result as before, but without the hidden account Part 2: show - GET /api/v1/account_calendars/xyz as the user from before, where xyz is the account id of one of the user's associated accounts - Expect to see the account calendar details - Try to request an account calendar that the user doesn't have access to; expect to see 401 - Attempt to access the hidden account calendar; expect a 401 - As an admin with the manage_account_calendar_visibility permission, attempt to access the same hidden calendar; expect success Part 3: update - As an admin with manage_account_calendar_visibility permission, PUT /api/v1/account_calendars/xyz with param visible=<true/false> - Expect the visibility to be updated accordingly - Try to update visibility as a student (or any user without the permission); expect 401 Part 4: all_calendars - As an admin with manage_account_calendar_visibility permission, GET /api/v1/accounts/xyz/account_calendars, where xyz is the root account id - Expect a list of all account calendars for the entire institution, regardless of visibility status - Expect this request to return 401 for students or admins without the permission Change-Id: I0a3bcd58b509c62326b0a885b87ec3f8779fcd37 Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/296293 Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com> Reviewed-by: Eric Saupe <eric.saupe@instructure.com> QA-Review: Eric Saupe <eric.saupe@instructure.com> Migration-Review: Jeremy Stanley <jeremy@instructure.com> Product-Review: Jackson Howe <jackson.howe@instructure.com>	2022-07-22 21:52:10 +00:00

Author

SHA1

Message

Date

Jackson Howe

228f483cbc

Add account calendars api controller

This api will be used by students and admins to see what account
calendars are available (all available calendars, not the calendars
that the user is "subscribed" to). It will also be used by admins to
set account calendar visibility.

Includes a miration to add an account_calendar_visible column to the
accounts table. This is preferable to using a setting on Account since
we'll be querying accounts using this valueas a parameter and prefer
the performance of a column.

closes LS-3253
flag = account_calendar_events

Test plan:
 Part 1: index
 - Enroll a user in a few courses in different accounts
 - GET /api/v1/account_calendars as that user
 - Expect to see an entry for each account where the user has an
   enrollment, as well as all of those accounts' parents, up the chain
 - In the rails console, set one of the account's calendars as hidden:
   account = Account.find(x)
   account.account_calendar_visible = false
   account.save
 - GET /api/v1/account_calendars again, and expect the same result as
   before, but without the hidden account

 Part 2: show
 - GET /api/v1/account_calendars/xyz as the user from before, where
   xyz is the account id of one of the user's associated accounts
 - Expect to see the account calendar details
 - Try to request an account calendar that the user doesn't have
   access to; expect to see 401
 - Attempt to access the hidden account calendar; expect a 401
 - As an admin with the manage_account_calendar_visibility
   permission, attempt to access the same hidden calendar; expect
   success

 Part 3: update
 - As an admin with manage_account_calendar_visibility permission,
   PUT /api/v1/account_calendars/xyz with param visible=<true/false>
 - Expect the visibility to be updated accordingly
 - Try to update visibility as a student (or any user without the
   permission); expect 401

 Part 4: all_calendars
 - As an admin with manage_account_calendar_visibility permission,
   GET /api/v1/accounts/xyz/account_calendars, where xyz is the
   *root account* id
 - Expect a list of all account calendars for the entire
   institution, regardless of visibility status
 - Expect this request to return 401 for students or admins without
   the permission

Change-Id: I0a3bcd58b509c62326b0a885b87ec3f8779fcd37
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/296293
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Eric Saupe <eric.saupe@instructure.com>
QA-Review: Eric Saupe <eric.saupe@instructure.com>
Migration-Review: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Jackson Howe <jackson.howe@instructure.com>

2022-07-22 21:52:10 +00:00

1 Commits