refs FOO-2226
flag = granular_permissions_manage_assignments
I originally intended to keep the original manage_assignments permission
and use it when the flag was on for edit/manage specific permissions,
but this made labeling and documentation difficult, especially since our
rollout strategy for this flag is gradual rather than all at once. So
this commit shifts gears to create a separete granular edit flag and
only use the old permission when the flag is off.
test plan:
- labeling and documentation on the account permissions page should be
clearer and make more sense
- everything should continue to work as before
Change-Id: I93e4cbe0daa319217e17007e3391f905f1a9d77d
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/273020
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: August Thornton <august@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
closes FOO-2226
flag = granular_permissions_manage_assignments
Split manage_assignments_add and manage_assignments_delete off from the
main manage_assignments permission.
These permissions control more granularity for adding and deleting the
following types of content:
- Assignments
- Assignment Groups
- Quizzes
- Question Banks
- Questions within Question Banks
- Live Assessments
test plan:
[ with the flag off ]
- Smoke test creating, editing and deleting assignments, assignment
groups, quizzes, and question banks.
- It should all work as before.
[ with the flag on ]
- Create roles that have only the add permission, only the manage
permission, and only the delete permission.
- With those three roles, as well as with a role with all permission,
try creating, editing, and deleting assignments, assignment groups,
quizzes, and quesiton banks.
- It should make sense with the role.
Change-Id: I06505509e55e7ac6c3b5ef1c688ef1353e2045d8
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/271290
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: August Thornton <august@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: August Thornton <august@instructure.com>
fixes LS-2307, LS-2308, LS-2309
flag=important_dates
test plan:
- Enable important dates site admin flag
- Create or find a C4E subject course
- Create an assignment
- Verify there is a checkbox for important dates under due date form
- Verify the checkbox is disabled if no due dates are set
- Verify the checkbox is enabled if a due date is set on any date
- Save the assignment and verify the checkbox is still checked
- Verify this behavior works in the other places this component is used.
For example, quizzes, graded discussions, etc.
Change-Id: If2e806a8de764f467bf9ca086740260f2df015d1
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/268061
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Jackson Howe <jackson.howe@instructure.com>
QA-Review: Jackson Howe <jackson.howe@instructure.com>
Product-Review: Eric Saupe <eric.saupe@instructure.com>
This is part 3 of changing the datatype from varchar to UUID of
lookup_id and resource_link_id from lti_resource_links.
We start to read from the new columns created lookup_uuid and
resource_link_uuid.
Adding a migration to remove the not-null constraint of lookup_id and
resource_link_id columns. As part 3.1 we'll stop writing into these
columns, we need to execute this postdeploy migration at this point.
refs INTEROP-6488
flag=none
test-plan:
* specs should pass;
* you should check if LTI is launching as expected, and if the custom
params was expanded as expected in all records that were created in the
part 1 and 2;
* you should be able to new persist custom params, for example you can
use the RCE editor placement;
* you can follow the test-plan:
* https://gerrit.instructure.com/c/canvas-lms/+/256029
* https://gerrit.instructure.com/c/canvas-lms/+/254453
[fsc-timeout=30]
Change-Id: I401f53a82f4dbef66c45932eb2eed8727488313d
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/258246
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Tucker Mcknight <tmcknight@instructure.com>
Reviewed-by: Xander Moffatt <xmoffatt@instructure.com>
Product-Review: Wagner Goncalves <wagner.goncalves@instructure.com>
Test plan:
1. Ensure that the new migration has run.
1. Because of 2 existing migrations with future dates, you may need
to rollback 3 steps before you can run the new migration.
2. Run `rake db:rollback STEP=3` followed by `rake db:migrate` in
the web container.
2. Create a new Quiz in the Canvas UI.
3. In the Rails console, verify that the `disable_timer_autosubmission`
value for this quiz is equal to false:
`Assignment.last.quiz.disable_timer_autosubmission`
4. Update the value to true:
`Assignment.last.quiz.update_attribute(:disable_timer_autosubmission,
true)`
5. Verify that the value is now equal to `true` using the command in
step 3.
6. A new Quiz attribute `timer_autosubmit_disabled?` is exposed that
factors in the feature flag as well. Verify that this value returns
as expected with different combinations of the feature flag and
`disable_timer_autosubmission`.
1. Read this flag in the Rails console with:
`Assignment.last.quiz.timer_autosubmit_disabled?`
Refs PFS-15510
Refs PFS-15511
flag=timer_without_autosubmission
Change-Id: I4749bdd46dd06a425141636c41e0f30c0dfc88a9
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/233860
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: James Williams <jamesw@instructure.com>
Reviewed-by: Stephen Kacsmark <skacsmark@instructure.com>
Product-Review: Chad McGuire <cmcguire@instructure.com>
QA-Review: Petra Ashment <pashment@instructure.com>
Change-Id: Ie137c1040260b363979160e1f0558883577ebebd
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/222510
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
(for N.Q mobile and N.Q Respondus)
closes QUIZ-6788
test plan:
- create old quizzes and new quizzes in Canvas
- /api/v1/course/:course_id/all_quizzes will return json for both
old quizzes and new quizzes
Change-Id: I98c9a40b4075566a1945e3c46ef7b5dcb1c7dcac
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/218090
Tested-by: Jenkins
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
QA-Review: Mark McDermott <mmcdermott@instructure.com>
Product-Review: Kevin Dougherty <jdougherty@instructure.com>
Reviewed-by: Stephen Kacsmark <skacsmark@instructure.com>
closes QUIZ-6791
test plan:
- test the ps with quiz_lti patch
- make sure quiz migration works
- quiz shell is created
- quiz shell status is updated when quiz migration is done
Change-Id: Ia002ceb48ded582849301e3efd8631396d9ffe95
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/210548
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Reviewed-by: Stephen Kacsmark <skacsmark@instructure.com>
QA-Review: Robin Kuss <rkuss@instructure.com>
Product-Review: Kevin Dougherty <jdougherty@instructure.com>
(flag=newquizzes_on_quiz_page)
- populate N.Q quizzes to assignment quizzes list
- display kebab menu based on quiz types (old quizze and new quizzes)
- items in kebab menu are functional
closes QUIZ-6790, QUIZ-6792, QUIZ-6789, QUIZ-6786
test plan:
- With the newquizzes_on_quiz_page flag disabled
everything should behave like in production
- With the newquizzes_on_quiz_page flag enabled
1) N.Q quizzes show up on Quizzes Page
2) N.Q quiz shells have correct kebab menu
3) each menu items (delete, duplicate) should work
Change-Id: Ie4a78bb0f0a69f4d6e248135d1c486f1ca0ffe7f
Reviewed-on: https://gerrit.instructure.com/209993
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Reviewed-by: Stephen Kacsmark <skacsmark@instructure.com>
Reviewed-by: Jon Willesen <jonw+gerrit@instructure.com>
QA-Review: Robin Kuss <rkuss@instructure.com>
Product-Review: Kevin Dougherty III <jdougherty@instructure.com>
Fixes PLAT-4718
Test Plan:
-create an event
-verify asset_name is in body of event
-create a context external tool
-verify asset name is not in body of event
Change-Id: I96d38dfc74b1888aae962e62ee06d025f83ff35b
Reviewed-on: https://gerrit.instructure.com/204268
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Oxana Jurosevic
Closes PLAT-3849
Test Plan:
- Trigger a live event by download a file from 1 of a few places including:
1. Your account > Files
2. Course > Files
- Verify an asset_accessed event is created and includes 2 new fields:
(filename & display_name)
Change-Id: I9c0ca7c21b373250ed69c025da59d6057a598c87
Reviewed-on: https://gerrit.instructure.com/197857
Tested-by: Jenkins
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Oxana Jurosevic
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
Closes PLAT-4442
Test Plan:
- Launch an external tool that has a url, domain, and name
- Verify these fields are included in the asset accessed
event that is sent
- Verify other asset accessed event bodies remain unchanged
Change-Id: Ia728a784b01cc640a8619fa05ca01acae2e918b7
Reviewed-on: https://gerrit.instructure.com/197694
Tested-by: Jenkins
Reviewed-by: Drake Harper <dharper@instructure.com>
Reviewed-by: Clint Furse <cfurse@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Brent Burgoyne <bburgoyne@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
fixes PLAT-4481
Test Plan:
-Create 3 courses
-Create 2 users
-Enroll user 1 in courses 1 and 2
-Merge users
-Enroll user 2 in course 3
-Check to see user ids are different
Change-Id: I9da709285f8fdbaab238f1f1c8ceb127a748de11
Reviewed-on: https://gerrit.instructure.com/193535
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Jesse Poulos <jpoulos@instructure.com>
Closes PLAT-4158
Test Plan:
Use the index and show endpoint of the result service to
verify the result contains the lti_id of the user rather
than the Canvas id.
Change-Id: I0ab8fc2d8b3923a6a11d2a88f3a6cea127a94f0b
Reviewed-on: https://gerrit.instructure.com/178486
Tested-by: Jenkins
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
refs PLAT-4082
Test Plan:
- Run through creation of lineitems, retrieving them, making
scores, and retrieving results. They should all work now.
Change-Id: I2b045ddcfd11092509a51af2cd2b0d43819e709f
Reviewed-on: https://gerrit.instructure.com/177115
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Marc Phillips <mphillips@instructure.com>
closes PLAT-4030
Test Plan:
- AGS should work with test tool
- install the test tool and make an assignment
out of it
- use the tool to return a line item and scores
and results and such
- also, from teh tool, create a new line item
and do the results and scores and such
Change-Id: I4f1a6bab561e10d38158748626cf94ec61d8916f
Reviewed-on: https://gerrit.instructure.com/174095
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Weston Dransfield <wdransfield@instructure.com>
Tested-by: Jenkins
Product-Review: Marc Phillips <mphillips@instructure.com>
Fixes PLAT-3924
Test Plan:
- Create a new LTI key
- Without refreshing the page verify the following:
* toggling the "on/off" switch works
* the global id of the key is displayed
* the key's secret is available
Change-Id: I1cde9db31ecf8315a7814633d398364acea0a45f
Reviewed-on: https://gerrit.instructure.com/170184
Tested-by: Jenkins
QA-Review: Marc Phillips <mphillips@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
- Previously custom param rules were in `MembershipsProvider`
and claim group rules were in `NamesAndRolesSerializer`. Now
they're all in the latter.
- Also moved `privacy_level` enforcement into
`NamesAndRolesSerializer` since that involves rendering of
one special custom param and all custom param config had
been moved into that class. This obviated the need for
`UserDecorator`, which is now completely removed.
- Simplified LTI message matchers significantly by accepting
an `opts` hash. So now we're back to just two top-level
code paths through those matchers... one for groups and one
for courses. Previously each of those had an alternate path
for `rlid` matching rules.
References LTIA-41
Test Plan:
- This is purely a technical refactoring. No behavioral difference
should be observable.
- To guard against regressions, repeat selections from:
- LTIA-41 tests to verify correct rendering of custom params when
the `rlid` query param is present
- LTIA-13/19 tests to verify correct enforcement of tool
`privacy_level`
- LTIA-24/34 tests to verify correct rendering of the
`lis_person_sourcedid` field.
Change-Id: If07e3886eeb069379b01282686133517446f9f4b
Reviewed-on: https://gerrit.instructure.com/169495
Tested-by: Jenkins
Product-Review: Karl Lloyd <karl@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Bill Smith <bsmith@instructure.com>
- Output a smaller version of a LTI 1.3 launch payload for
each NRPS v2 member when the NRPS request includes a `rlid`
query parameter.
- Most claims and custom params from the launch payload are
excluded either because:
- They describe the context and would thus be redundant, or
- They pose performance problems (N+1 queries, usually), or
- They are absent from the spec example, e.g.
`https://purl.imsglobal.org/spec/lti/claim/version`, or
- They require additional development and thus need to be
handled as a separate task.
- See `memberships_provider.rb` ~line 68 for list of
custom params supported in this commit. (More coming later.)
- Vast majority of the patch has to do with tests against
`JwtMessage`, which was modified to allow claims to be turned
on/off via a new white/blacklist mechanism in `AppUtil`.
- Custom param white/blacklisting is handled directly in
`VariableExpander` to satisfy the LTI rule that unsupported
params should just be echoed as-is. This (instead of keeping
all the white/blacklist support in `JwtMessage` ensures
consistent behavior w/r/t `VariableExpander`'s more sophisticated
features, specifically its suport for expanding variables embedded
into larger strings.
Closes LTIA-40
Test Plan
- Configure a LTI 1.3/Advantage tool with the supported set of
custom params listed in `memberships_provider.rb` starting ~line 68.
If using the POST
`/api/lti/accounts/:account_id/developer_keys/tool_configuration`
API, this is done by setting
`tool_configuration.settings.custom_fields` to a JSON object where
keys are the param name to be rendered into LTI payloads and values
are the $-prefixed custom param names themselves. Include several
nonsense entries as well as unsupported entries e.g.:
```
// ... snip ...
"tool_configuration": {
"settings": {
// ... snip ...
"custom_fields": {
"person_name_full": "$Person.name.full",
"person_name_display": "$Person.name.display",
"person_name_family": "$Person.name.family",
"person_name_given": "$Person.name.given",
"canvas_user_isrootaccountadmin": "$Canvas.user.isRootAccountAdmin"
"unsupported_param_1": "$unsupported.param.1",
"unsupported_param_2": "$unsupported.param.2"
}
// ... snip ...
}
// ... snip ...
}
// ... snip ...
```
- Place this tool into a course, ensure the course has several active
members.
- Launch the tool in order to observe the course context's LTI
identifier. Use that identifier as the value of the NRPS `rlid`
parameter, e.g. a GET to:
`/api/lti/courses/1/names_and_roles?rlid=4dde05e8ca1973bcca9bffc13e1548820eee93a3`
- Each `members` array element in the response should have a
`message` array with a single element being the simplified
representation of a LTI 1.3 launch payload, were that user to launch
the context referenced by `rlid`.
- The `message` entry should have two top level claims:
- `"https://purl.imsglobal.org/spec/lti/claim/message_type": "LtiResourceLinkRequest"`
- `"https://purl.imsglobal.org/spec/lti/claim/custom": <object>`
- The `custom` claim should include an entry for each `custom_fields`
key/value pair configured above, with supported entries being
correctly expanded and nonsense and unsupported entries being echoed
as-is.
- Repeat for a group context in the same course (still using the
course's LTI ID as the `rlid` value). Results should be the same,
though scoped to group membership.
Change-Id: If2591c62c494756d65774e3115abeca19935c988
Reviewed-on: https://gerrit.instructure.com/169090
Tested-by: Jenkins
Product-Review: Karl Lloyd <karl@instructure.com>
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Bill Smith <bsmith@instructure.com>
- Effectively adds rendering of the `$Person.sourcedId` custom param
to NRPS v2 responses.
- Required changes to user preloading logic to allow preloading of
pseudonyms even if the current user is not an admin.
- Now memoizes context, enrollment, and user 'decorator' instances,
as well as per-member mapped LTI roles.
- Copy/paste in serialization tests and matchers caused problems
during implementation so those have been DRYed out.
- Some example groups also renamed to remove single quotes which made
them difficult to run in isolation.
Closes LTIA-34
Test Plan:
- Assign a SIS ID to one or more users actively enrolled in a
Course and Group visible to a LTI 1.3 Tool.
- Verify, for both Course and Group contexts, that the NRPS
memberships describing those SIS ID'd users include those SIS
IDs in the `lis_person_sourcedid` field.
Change-Id: I6316f45fe7aa476c5ccd884fa0236dc684241e3b
Reviewed-on: https://gerrit.instructure.com/167720
Tested-by: Jenkins
QA-Review: Samuel Barney <sbarney@instructure.com>
Product-Review: Karl Lloyd <karl@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
- Two changes to NRPS response generation to match latest spec:
1. Content-Type changed to
`application/vnd.ims.lti-nrps.v2.membershipcontainer+json`
2. `context` fields moved out of `members` elemens and up
to top-level fields.
Closes LTIA-33
Test Plan:
- Set up Tool, Course, and Group as usual for NRPS testing.
- Verify NRPS responses for both Course and Group reflect the
new Content-Type
- Verify NRPS responses for both Course and Group describe the
LTI context with a top-level `context` field rather than per-
member fields.
Change-Id: I198501708a1ec044f2e422cf58d034f51cb685a4
Reviewed-on: https://gerrit.instructure.com/167710
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
QA-Review: Samuel Barney <sbarney@instructure.com>
Tested-by: Jenkins
Tested-by: Marc Phillips <mphillips@instructure.com>
Product-Review: Karl Lloyd <karl@instructure.com>
- Mimic LTI 1.3 'launch' user attribute release policies in NRPS v2
responses.
- Here are the NRPS `member` fields allowed by each Tool privacy
level (exclusive of `status`, `roles`, and `user_id`, which are always
included):
- 'public': `name`, `picture`, `given_name`, `family_name`, `email`
- 'name_only': `name`, `given_name`, `family_name`
- 'email_only': `email`
- 'anonymous': <none>
Closes LTIA-29
Test Plan:
- Place a 1.3-enabled LTI tool into a `Course` with at least one
active enrollment. Point the LTI tool at the IMS LTI 1.3/Advantage
Reference Implementation (RI)
- Using the Rails console, direct db query, or External Tools API,
verify that the tool's privacy level is 'public'.
- Launch the RI and click the 'Request Names and Roles' button.
- Verify that user attribute fields listed above for the 'public'
privacy level appear in the NRPS v2 response.
- For each of the remaining privacy levels, using the Rails console,
direct db query, or External Tools API, modify the tool's privacy
level to that value, relaunch the RI, re-request NRPS v2 memberships
and verify the user attributes are correctly limited.
- Repeat the above for a `Group` in the same `Course`. NB the RI
cannot be used for this. Instead use direct API invocation. Because
this involves signing a request with a RSA private key, this is
easiest to accomplish via the Postman collection provided out of band
for LTIA-27.
Change-Id: I103b8529c592da050fa2fa91018bec125ab8739f
Reviewed-on: https://gerrit.instructure.com/167343
Tested-by: Jenkins
QA-Review: Samuel Barney <sbarney@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
Product-Review: Karl Lloyd <karl@instructure.com>
- Also renames containing namespace
- Also renames containing directory from `helpers` to `providers`
Closes LTIA-30
Test Plan:
- Purely technical change, so tests just need to check for
regressions:
1. All automated specs still pass
2. Round-trip smoke tests still pass:
2.1. Launch IMS RI from a `Course` with a LTI 1.3/Advantage-
enabled tool. Verify NRPS v2 callback still returns memberships.
2.2. Same for a `Group` in that course, except that the
NRPS v2 callback needs to be performed manually. See Postman-
based approach in commit log for LTIA-27
Change-Id: Ic4d899cbeaa077d1fa4ee65e0267468c9776d340
Reviewed-on: https://gerrit.instructure.com/167251
Tested-by: Jenkins
QA-Review: Samuel Barney <sbarney@instructure.com>
Product-Review: Karl Lloyd <karl@instructure.com>
Reviewed-by: Marc Phillips <mphillips@instructure.com>
- Previously a User with multiple active Enrollments in the
requested Course would be represented with a NRPS v2 `member`
array element per _Enrollment_. That diverged from legacy
NRPS ('membership service') behavior, which emitted a NRPS
member per _User_. The legacy behavior is probably what a Tool
expects. So now Course Enrollments are grouped by User for
purposes of NRPS v2 response modeling.
- Resulted in a rather large patch since we could no longer
filter and page directly on Enrollments. Need to hit
Users instead. This is much closer to the legacy NRPS approach,
but this new implementation avoids the N+1 query patterns
in the original.
- And since Course and Group handling are no so much different,
the utility of the shared base `MembershipsFinder` class is
greatly reduced, as is its size.
Closes LTIA-9
Test Plan:
* Add a given User to a Course in multiple roles.
* Accept at least two such Enrollments for that User.
* Verify that each of the User's active Enrollments in that Course
are represented by a single NRPS v2 `members` array element, with the
`roles` array containing a canonical LTI/LIS role URN for each
Course enrollment.
* Verify no regressions to NRPS v2 Course Context membership
pagination behavior.
* Verify no regressions to NRPS v2 Group Context membership listing
and/or pagination behavior.
Change-Id: Id0639302672e67189c83a5586e369d87385b5015
Reviewed-on: https://gerrit.instructure.com/166004
Product-Review: Karl Lloyd <karl@instructure.com>
Reviewed-by: Marc Alan Phillips <mphillips@instructure.com>
Tested-by: Jenkins
QA-Review: Pedro Fajardo <pfajardo@instructure.com>
- No-frills support for LTI Advantage Names and Roles Provisioning
Service version 2. I.e. no query param support, no pagination.
- Similar to other LTI Adv services, this API is disabled in prod
env due to incompleteness, esp lack of authN/authZ.
- URL scheme: `/api/lti/[courses|groups]/:context_id/names_and_roles`
Closes LTIA-11
Test Plan
* Create course with several participating (i.e. invite-accepted)
and pending enrollments. Add several of those enrolled users to
one or more groups in that course.
* Ensure participating enrollments are spread across all base roles
and several custom roles.
* GET `/api/lti/[courses|groups]/:context_id/names_and_roles` for
the course and group, respectively.
* Verify all participating users returned with correct attribute
mappings, all non-participating users not returned.
* See LTIA-11 for additional attribute mapping details, esp
role mappings.
* Create another course with no enrollments and an empty group.
* Verify GET `/api/lti/[courses|groups]/:context_id/names_and_roles`
returns 200 with an empty `members` array for the course and group,
respectively.
* Verify GET `/api/lti/[courses|groups]/:context_id/names_and_roles`
for non-existent contexts returns 404.
Change-Id: Ib8d174a3d583435423ce41f2488c80ae6d66cb72
Reviewed-on: https://gerrit.instructure.com/165275
Reviewed-by: Marc Alan Phillips <mphillips@instructure.com>
Product-Review: Karl Lloyd <karl@instructure.com>
Tested-by: Jenkins
QA-Review: Pedro Fajardo <pfajardo@instructure.com>
Change-Id: I73cfb0bc9201a4089914ca2b8f0070c78d6ee641
Reviewed-on: https://gerrit.instructure.com/162174
Tested-by: Jenkins
Reviewed-by: Mysti Sadler <mysti@instructure.com>
Reviewed-by: Dan Minkevitch <dan@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
refs QUIZ-4415
test plan:
- cr
- Quiz.Next CC import is not ready for test with only this patch
- regression on `Import Content`, to make sure:
1) `Qti .zip file` import works
2) `Common Catridge 1.x Package` import works
Change-Id: Iba2818a2b864020b6c59ef55e02f122b996e4c40
Reviewed-on: https://gerrit.instructure.com/149978
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: David Tan <dtan@instructure.com>
Product-Review: Han Yan <hyan@instructure.com>
fixes GRADE-1060
test plan:
* Create a course in an account with AMM on
* Add one student
* Add 3 teachers to the course
* Create a moderated assignment with a grader count of 1 and make
teacher 3 the final grader
* Masquerade as teacher 1 and grade the student in SpeedGrader
* Masquerade as teacher 2 and try to access speed grader for the
moderated assignment. You should not be able to access SpeedGrader
* Masquerade as teacher 3 and grade the student in SpeedGrader.
It should work
Change-Id: I1db39700d9ebe59c21129061caddae31d29606c9
Reviewed-on: https://gerrit.instructure.com/150485
Reviewed-by: Jeremy Neander <jneander@instructure.com>
Tested-by: Jenkins
Reviewed-by: Keith T. Garner <kgarner@instructure.com>
QA-Review: Keith T. Garner <kgarner@instructure.com>
Product-Review: Sidharth Oberoi <soberoi@instructure.com>
The Quiz#question_types method is expensive for large quizzes. It's
currently called every time a quiz is serialized, even though we only
need the question_types attribute in API responses (I believe it's used
by the mobile app).
This commit moves the question_types attribute to a separate
QuizApiSerializer that is only used in API responses.
Fixes QO-356
Fixes QO-357
Test plan:
- Create several huge quizzes (tens of thousands of questions across
multiple question groups)
- Open the quizzes list page
- Check that the page loads reasonably quickly
Change-Id: Id18a32fc47f20cd24cb178e972f49e8984bfe53e
Reviewed-on: https://gerrit.instructure.com/149829
Reviewed-by: James Williams <jamesw@instructure.com>
Tested-by: Jenkins
QA-Review: David Tan <dtan@instructure.com>
Product-Review: Omar Khan <okhan@instructure.com>
closes QO-311
Test Plan:
- Create a quiz with an available date in the future.
- Attempt to access the quiz as a student via the API
- Verify the description key is an empty string in the returned JSON
- Attempt to access the quiz as a teacher via the API
- Verify the description key has the correct value in the returned JSON
Change-Id: I2c3fc840b1319f4f504c9e878357d3f501916e03
Reviewed-on: https://gerrit.instructure.com/142098
Tested-by: Jenkins
Reviewed-by: Mark Grant <mgrant@instructure.com>
QA-Review: David Tan <dtan@instructure.com>
Product-Review: Kevin Dougherty <jdougherty@instructure.com>
Create endpoints for the results service, using new api
namespace for controllers and serializers. Also introduce
the services directory in the root of the app folder.
closes PLAT-3007
Test Plan:
- Create a line item and add some scores
- Query for the results using the result endpoint
- Should return a paginated list
- Query for a result with a user_id in mind
- Use both lti_user_id and user_id
- Should return a single result object
of the user
- Find a result by the id of the result
Change-Id: I5af4b679bcecfc0deef2876a897bc93d739057b6
Reviewed-on: https://gerrit.instructure.com/138870
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Marc Alan Phillips <mphillips@instructure.com>
QA-Review: Marc Alan Phillips <mphillips@instructure.com>
closes PLAT-3008
Test Plan:
- Create a line item (both assignment and nonassignment)
- Create a user
- For the assignment lineitem, the submission should be
updated when FullyGraded or PendingManual is passed
with a score. This should show in the gradebook
- The nonassignment lineitem should not update the
submission even if there are scores. These
should only be found in the console
Change-Id: Ie8b65b475f00f364fb78f1d5fe4c1cdd84548472
Reviewed-on: https://gerrit.instructure.com/139469
Tested-by: Jenkins
Reviewed-by: Weston Dransfield <wdransfield@instructure.com>
Product-Review: Marc Alan Phillips <mphillips@instructure.com>
QA-Review: Marc Alan Phillips <mphillips@instructure.com>
Closes PLAT-3004
Test Plan:
CREATE
- Attempt to create a new Line Item using the create
endpont. Verify the following params are required:
- scoreMaximum
- label
- Verify a new line item is returned and properly serialized.
example:
{
"id" : <line item show/update endpoint>
"scoreMaximum" : 60,
"label" : "Chapter 5 Test",
"resourceId" : "quiz-231",
"tag" : "grade"
}
- Verify the create endpoint allows setting the
following optional params:
- resourceId
- tag
- ltiLinkId (Must be the `resource_link_id` of
an Lti::ResourceLink. This resource link must
already have one line item associated with it.)
- Verify a Line Item cannot be created for an Lti::ResourceLink
that does not already have at least one Line Item associated
with it already.
- Verify a Line Item may be created for an Lti::ResourceLink if
it already has at least one Line Item associated with it.
- Verify that creating a Line Item _without_ specifying an
`ltiLinkId` creates a line item and a new assignment specified
with the line item. The new assignment should have the following:
- context: context of the new line item
- name: label of the new line item
- point_possible: the score maximum of the new line item
- submission_types: none
UPDATE
- Verify the following attributes may be updated:
- scoreMaximum
- label
- resourceId
- tag
- Verify that the ltiLinkId may not be updated
- Verify that updating the Line Item label also
updates the assignment title in the following cases:
- when the line item has no associate Lti::ResourceLink
- when the Lti::ResourceLink associated with the Line Item
only has one line item (the one being updated)
- Verify the update response is properly serialized (see
example in CREATE).
SHOW
- Verify the show endpoint allows retrieving the Line Item.
- Verify the endpoint responds with 404 if the Line Item
does not exist.
- Verify the endpoint responds with a 404 if the Line Item
exists but is in a different course than the one specified
as a parameter.
DESTROY
- Verify the endpoint responds with 404s in the same instances
as the show endpoint.
- Verify the endpoint does not allow destroying a Line Item
when it is the first line item created chronologically
for its associate Lti::ResourceLink
- Verify the endpoint allows destroying line items.
Change-Id: Iaf26e6addd1e3fe38c5fb76db33fed41a069e7c9
Reviewed-on: https://gerrit.instructure.com/138831
Tested-by: Jenkins
Reviewed-by: Marc Alan Phillips <mphillips@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Weston Dransfield <wdransfield@instructure.com>
test plan:
* set up a survey quiz with
"Keep submissions anonymous" checked
* the quizzes API (/api/v1/courses/X/quizzes/Y)
should return a "anonymous_submissions" attribute
closes #CNVS-39992
Change-Id: Ia9ca4f64120f2c38d74a759f88b58c660ec13cff
Reviewed-on: https://gerrit.instructure.com/129842
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
Fixes: CNVS-36218
Test-Plan:
- As a teacher
- You should be able to create a quiz
- You should be able to update a quiz
- You should be able to publish a quiz
- As a student
- You should be able to take a quiz
Change-Id: Ia43094399fffabf01e15c1f06cde3433f2ba2f45
Reviewed-on: https://gerrit.instructure.com/125835
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins
QA-Review: Michael Hargiss <mhargiss@instructure.com>
Product-Review: Jayce Higgins <jhiggins@instructure.com>
closes CNVS-36146
test plan:
- hit the following api endpoint (id is the course id):
- /api/v1/courses/:id/late_policy
with the following verbs:
- GET (show)
- POST (create)
- PATCH (update)
the following valid params for LatePolicy are available:
- missing_submission_deduction_enabled
- missing_submission_deduction
- late_submission_deduction_enabled
- late_submisison_deduction
- late_submission_interval
- late_submission_minimum_percent_enabled
- late_submission_minimum_percent
example set of valid params:
- missing_submission_deduction_enabled: false
- late_submission_deduction_enabled: true
- late_submisison_deduction: '1'
- late_submission_interval: 'hour'
- late_submission_minimum_percent_enabled: true
- late_submission_minimum_percent: '10'
example set of invalid params:
- late_submisison_deduction: '-1'
the user must be a user with manage_grades permissions such as a
teacher enrolled in the course, otherwise the json response will have
an unauthorized message
- refer to the api docs for late_policy for more details
Change-Id: I9e3b2704680cf4b1f9b789deb1dccb2a1ccaa5d5
Reviewed-on: https://gerrit.instructure.com/108989
Reviewed-by: Shahbaz Javeed <sjaveed@instructure.com>
Tested-by: Jenkins
Reviewed-by: Keith T. Garner <kgarner@instructure.com>
Product-Review: Keith T. Garner <kgarner@instructure.com>
QA-Review: Keith T. Garner <kgarner@instructure.com>
the thread_safe gem has deprecations too, but they'll require Rails 5.1
until they're fixed (when both activesupport and tzinfo no longer
depend on it)
Change-Id: Ic53839d911ba8ed4d463d17f9dd7207673510f3a
Reviewed-on: https://gerrit.instructure.com/100499
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
also prevent session stubbing in before(:once) blocks and remove lots
of unnecessary stubbing
note that while session stubbing is also unnecessary in controller/api
specs (just need @user to be set), delaying removal of thay to another
commit (we might want tweak it to actually use session stubbing or
something otherwise explicit and less magical than @user)
Change-Id: Iea1792c960ad32090bc4644febc87e1d3651f550
Reviewed-on: https://gerrit.instructure.com/96791
Reviewed-by: Landon Wilkins <lwilkins@instructure.com>
Tested-by: Jenkins
Product-Review: Jon Jensen <jon@instructure.com>
QA-Review: Jon Jensen <jon@instructure.com>
test plan:
* create a custom teacher role with "Manage assignments/quizzes"
disabled
* a teacher with that role should be able to see and preview
a quiz
closes #CNVS-30574
Change-Id: Ib036b2f352c63c63fc4454e08d80d21f34415ce0
Reviewed-on: https://gerrit.instructure.com/86119
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
fixes CNVS-29728
test plan:
- create a user in a role that has permission to manage,
but not edit grades
- create a quiz with an access code
- as the user, observe the access code can be seen in the ui
- as the user, observe the access code is included in the api
response
- as a student (or any other user that lacks either grading
or management permissions), the access code should still
not appear in either the ui or the api response
Change-Id: I70e87d2f5ad975fc7776f54388c8339d7cbf521a
Reviewed-on: https://gerrit.instructure.com/82916
Reviewed-by: Ryan Taylor <rtaylor@instructure.com>
Tested-by: Jenkins
QA-Review: Michael Hargiss <mhargiss@instructure.com>
Product-Review: Jason Sparks <jsparks@instructure.com>
test plan:
* basic regression test of assignment overrides
closes #CNVS-27549
Change-Id: Ie463848b3831087efb3f9ec762dca6264055ee76
Reviewed-on: https://gerrit.instructure.com/73139
Tested-by: Jenkins
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Reviewed-by: Mike Nomitch <mnomitch@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
instead of assuming [self, Account.site_admin]
refs CNVS-26291, CNVS-26292
Change-Id: I8c20a3e29f5af91d04e380794f21705706fd96a8
Reviewed-on: https://gerrit.instructure.com/69841
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
closes PFS-2226
Tests:
1. Create a course with two or more sections
2. Create a Quiz with submissions.
3. with student A submit a submission to the quiz in the first section
4. With Student B submit a submittion to the quiz in the second section
5. As a teacher navigate to the quiz statistics section and view the
results
6. By default all submission will show, once you select a section only
that sections results will show.
Change-Id: Ifd32bbfb67068008f008b8323a10b9ea18a67468
Reviewed-on: https://gerrit.instructure.com/58962
Tested-by: Jenkins
Reviewed-by: Ryan Taylor <rtaylor@instructure.com>
QA-Review: Michael Hargiss <mhargiss@instructure.com>
Product-Review: Jason Sparks <jsparks@instructure.com>
test plan:
* selecting files as module items should still work
as before (but loading from API should be more performant
on back-end)
refs #CNVS-20049
Change-Id: Icb4114651c1fc614192217aabcd699d20988f537
Reviewed-on: https://gerrit.instructure.com/56705
Tested-by: Jenkins
Reviewed-by: Clay Diffrient <cdiffrient@instructure.com>
Reviewed-by: Dan Minkevitch <dan@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
Simon Williams