fixes#10063
the coures update api required passing at least one course[*something*]
parameter, which meant if all you wanted to do was offer the course, you had to
pass a dummy parameter.
test plan:
- call the course update api an only pass {:offer => 1}
- it should work
Change-Id: I5b89f1f3f474c3b097083f17403e1da20be4ca56
Reviewed-on: https://gerrit.instructure.com/13057
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
This will bypass a lot of extra rails requests on things like discusison
topic pages.
refs #9679
test plan: load a discussion topic with lots of user avatars of
different types, veryify they still display correctly.
Change-Id: I29829806da30410c6b938ff3bcf54329a58698c4
Reviewed-on: https://gerrit.instructure.com/13050
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
fixes#10031
provide a checkbox on all account settings pages, only visible to site admin
users, that allows them to enable/disable the new calendar or new profiles in
that account. this will work similarly to how global includes currently works.
test plan:
- as a site admin user, go to account settings
- you should be able to change the settings above
- as a regular admin user, go to account settings
- you should not be able to see/change these settings
Change-Id: Ia36189f0b31b30f2e2aad58652a12f870b9876a6
Reviewed-on: https://gerrit.instructure.com/13016
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes#9863
test plan:
* navigate to /accounts/:account_id;
* begin typing in the 'Find a Course' text box until possible
matches are displayed;
* verify that when you mouseover results or navigate through
them with your arrow keys the current option is highlighted.
Change-Id: I9a2b34009f943082e91f9dc640142bfdaeccbe7b
Reviewed-on: https://gerrit.instructure.com/13037
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cameron Matheson <cameron@instructure.com>
fixes#6233
test plan:
* add a file to a module
* upload a new file with the same name, overwriting the old one
* make sure the file still appears in the module
* make sure the new content is downloaded
Change-Id: Ic861cfd89aa30436f2abcf5d52e00efbcfb935e9
Reviewed-on: https://gerrit.instructure.com/12851
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
this gets rid of more of the ActiveRecord Delayed::Job calls in our
specs, so that the specs can be run against other Delayed::Job backends.
Change-Id: I0df99dbb0ab9f7719741cfe7c68e76a4ace8afcf
Reviewed-on: https://gerrit.instructure.com/12958
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
The main feature of this commit is that it introduces a grade-dropping
scheme that maximizes the students grade (rather than the simple yet
somewhat arbitrary and inconsistent scheme we had before)
Also fixes the following bugs:
fixes#8454fixes#8330
refs #8177
Test plan:
Create a few assignments in an assignment group with drop rules
(you'll need at least 'drop lowest' and 'never drop') and make sure
those rules are respected in the gradebooks (old and new).
Don't forget to test with the 'treat ungraded as 0s' option
Change-Id: I7e4f11939a311e1360aedbeda4d4461f317cfee6
Reviewed-on: https://gerrit.instructure.com/12405
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
old UserContent.css_size was really weird about what it would accept and
when it would return a String vs. a Float. the times it returned a
Float, it would make api_user_content explode. fix that and add some
specs. the vulnerable code was exercised, among other places, in the
assignment json, which impacts gradebooks and other UI features.
fixes#9881
test-plan:
- create an assignment in a course
- in the assignment description, include the html
<object width='100%' />
- try and view the gradebook for the course
- it should not have an ajax request error
Change-Id: I02e824414013347730185fbf7f7fb94a951f3e77
Reviewed-on: https://gerrit.instructure.com/12895
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan: no visible change in behavior, attachments should still get
root attachments assigned when appropriate.
Change-Id: I866a81b6da81a744483fcadb2bff5b74d229619b
Reviewed-on: https://gerrit.instructure.com/13041
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
test plan:
* get some notifications for discussions, conversations, etc.
* delete the root account
* reply to the notifications via e-mail
* undelete the root account
* the replies should not show up
Change-Id: I2afe5de256cbd55ca360a4327150871ea40d7493
Reviewed-on: https://gerrit.instructure.com/12902
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
test plan:
* with a read-only slave environment
* create a new course
* go to the course
* it should not error
Change-Id: Ie0003cec2b684fca1400e6efbcca434a540d5c7a
Reviewed-on: https://gerrit.instructure.com/13032
Reviewed-by: Zach Wily <zach@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
test plan:
* visit several different courses
Change-Id: I19e8fbefba6164392269d6688df2c58d25e0f34b
Reviewed-on: https://gerrit.instructure.com/13027
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
* calendar events in the .ics feed
* searching for users in an account
* user's recent stream items
test plan: verify that these functions still work, both with and without
a slave db configured
Change-Id: Ia596d388642cc9df16e471472406d447a5eb1cf0
Reviewed-on: https://gerrit.instructure.com/13025
Reviewed-by: Zach Wily <zach@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
test plan:
* create a user with at least 2 confirmed communication
channels;
* on the profile page, click the default link (the star) for
the non-default channel and verify that it is properly set
as the default.
Change-Id: I1f48fcc9d11d4d5ed2cff60cc5d3b2d28e3fc0d3
Reviewed-on: https://gerrit.instructure.com/12999
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
previously gradebook2 section list was only set to scroll if there
were more than 15 sections. this caused layout problems for sections
with long names that wrapped onto a second line.
solution is to always overflow the section list if it's taller than
550px.
test plan:
* create a course with > 15 sections;
* open gradebook2 in that course and verify that the section list
is scrollable;
* view a course with < 15 sections and verify that the section
list still displays properly.
Change-Id: Iac199bfbf30e0c3f69b9e89b1f5c6b0f4f8fc5d4
Reviewed-on: https://gerrit.instructure.com/12963
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
test plan: as a site admin, or another user who has no account
association but can view an account, visit an account that you aren't linked to.
you shouldn't see a page error.
Change-Id: Ib9544d188ff0e5cb3deb4753967fd69ab485b859
Reviewed-on: https://gerrit.instructure.com/13019
Reviewed-by: Bryan Madsen <bryan@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
global includes for sub-accounts are cached, but we don't yet have good
expiration based on when the asset paths change, so this brings back a 15
minute caching window that was previously in place.
test plan:
- add sub-account branding
- visit a page and make sure it works (may need to wait up to 15 min)
- remove sub-account branding
- make sure it is gone after 15 minutes
Change-Id: I9c6778c673a18e95f175733bda2f4eb3d6fd2198
Reviewed-on: https://gerrit.instructure.com/13018
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
fixes#9993; fixes#10034
we were caching the user's common account chain, but this was occasionally
caching all of the accounts loaded associations, which wasn't unmarshaling
properly.
the new strategy is to cache the global asset paths that should be used for
different contexts.
test plan:
- no visual changes in sub-account branding
- shouldn't generate any caching errors (these were intermittent and we never
had solid steps to reproduce)
Change-Id: I37cc58a609ed7f90d967d6ebde74e849c754c0e8
Reviewed-on: https://gerrit.instructure.com/13017
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
closes#9935
test plan:
* configure an LDAP server without a Login ID Attribute
* logging in with a pseudonym matching username should succeed
* set the Login ID Attribute to something the LDAP server
returns
* change the pseudonym to match what the LDAP server will return
* logging in with the same original username should succeed,
finding the pseudonym named after the returned attribute
Change-Id: I84a154de2bf4fbefa6183a9381ca21441bd2c35a
Reviewed-on: https://gerrit.instructure.com/12910
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
fixes#10003
when grade publishing was disabled, a strange series of events was causing the
course settings page to make a GET xhr request to the course show action, which
handles these types of requests differently and returns the course json with
ALL current enrollments attached.
this sort of defeats the purpose of paginating the enrollments on the course
settings page, so that is sad.
test plan:
- with the network tab open, go to the course settings page in a course with
lots of students
- you shouldn't see the offending xhr request
- grade publishing should still work
Change-Id: I3348d312ec6ad78b2a1ce9c1c2a9a9685f2f5a19
Reviewed-on: https://gerrit.instructure.com/12982
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes#9852
they'll be truncated to 100 characters. they'll still link to the full url, and
the full url will be visible by hovering over them for a moment.
test plan:
- as a user, visit some long canvas urls (assignment edit is a good one)
- go to /users/:id
- look through the page views table
- long urls should be truncated, so that all the other columns are always
visible
- you should be able to see the full url by hovering
- make sure you test in all browsers
Change-Id: I56ebfc667b2252fb626b481d3541f76d0f5836b6
Reviewed-on: https://gerrit.instructure.com/13005
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
convert line breaks, links etc.
test plan:
1. edit to your profile bio
2. put in some breaks and links
3. after saving, the formatting and links should be preserved
4. if you edit again, it should be exactly as it was
Change-Id: I294a3a593260c8b52720e7f272017139578b8031
Reviewed-on: https://gerrit.instructure.com/13007
Reviewed-by: Zach Wily <zach@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
fixes#9995
also validates_as_url the redirect_uri, sometimes people were leaving
off the http:// part when setting up the key
test plan: set up a developer key with a given domain. kick off an oauth
request flow with redirect_uri equal to that domain, it should be
accepted. use a sub-domain of that domain, it should also be accepted.
use a higher-level domain, it should not be accepted.
Change-Id: I55510f463b1faa3339b9908f9941715d93de5a16
Reviewed-on: https://gerrit.instructure.com/12980
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes#9954
test plan:
- create a wiki page
- put in links to pages, assignments, discussion topics,
and files, and also to the index pages for these
- retrieve the page via the API, and check that the
data-api-endpoint and data-api-returntype attributes
are set
Change-Id: Ife67f3119aa73971153f88fe46787d7e1563f0ef
Reviewed-on: https://gerrit.instructure.com/12925
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#9869
Test plan:
* go to the profile settings page
* make sure the edit button in the right sidebar says 'edit settings'
Change-Id: I7362197618080af174f80c3e3059dabb499c8631
Reviewed-on: https://gerrit.instructure.com/12955
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
fixes#10007
when reordering content in a module, all the content has to be resaved with
its new position. each of these saves was touching the module, which could
cause a huge number of duplicate updates in a big module
test plan:
- reordering items in a module should have no visible changes
- tail the logs while reordering items
- you should only see one call of the form UPDATE "context_modules" SET
"updated_at" ...
Change-Id: I860c88dad3fd5fde63a2317dacf557acd02729ff
Reviewed-on: https://gerrit.instructure.com/12993
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#9510
this uses jqueryui tooltip for discussion unread.
test plan:
* shrink browser window to at least 1024x768;
* create a discussion with multiple entries;
* log in as a member of the class;
* hover over the total/unread counts and verify that the
tooltips don't clip.
Change-Id: I10485e6a86debc5fca2c6a1e841568c8b6fb137c
Reviewed-on: https://gerrit.instructure.com/12664
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
fixes#6347
* logs more information on ldap failures and passes it down to the browser in
the ajax response.
* fixes a crazy javascript bug where we were accidentally using a reserved
global var in webkit, 'status', which is a string, which interacted strangely
with our use of it as a boolean. this fixes the tester for firefox/ie
test plan:
(for #6347)
- use the tester in firefox and ie, it should work
(for error messages)
- one at a time, change the fields of a config, and run the tester
- you should get (slightly) more helpful error messages about what is failing,
based on status returned from the server.
Change-Id: Ic0837d7ff9f6283d615ddd4bbeef5a957dbd6553
Reviewed-on: https://gerrit.instructure.com/12880
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#9879
The profile nav link should only be shown when @domain_root_account has
profiles enabled.
Test plan:
* make sure caching is enabled
* go to to your user settings on an account with profiles enabled
- you should see a profile link in the sidebar
* switch to an account that doesn't have profiles
- you should no longer see the profile tab in the sidebar
Change-Id: If502829ef9d0bfa8117df82e241beb8cd61e03a9
Reviewed-on: https://gerrit.instructure.com/12935
Reviewed-by: Jon Jensen <jon@instructure.com>
Reviewed-by: Bryan Madsen <bryan@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
do it all in a single update query - avoids extraneous touches as well
as several queries to load data that can be checked in the update
test plan:
* run grade publishing specs
* publish grades with async option
* import the results
Change-Id: I95a67cd1c4d7459cb0f28033421328da6de7113a
Reviewed-on: https://gerrit.instructure.com/12992
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
we use jslint just as a last resort effort to make
sure our javascript doesn't have syntax errors or
something. these changes will make the jenkins
output less verbose.
Change-Id: I937ad1bc6f6b142c4ba424f65e72e9806468638f
Reviewed-on: https://gerrit.instructure.com/12787
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
when the profile links are rendered they are now
checked for a simple schema, the check is very
loose so people can add tel:// file:// etc.
if there is no schema, http:// gets added to it
Change-Id: I68ad3d83d459916a25941fbf7d2803a68c5bf40b
Reviewed-on: https://gerrit.instructure.com/12987
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
- moved generic "contact" method icon to "message"
- added a google docs logo
facebook used to be in the 0x0 position, making
any services without an icon default to the
facebook logo, now it defaults to the message
logo which is better until we have an icon for
everything
Change-Id: I05378295dcfc4f86ab865ada838c77e321414cc4
Reviewed-on: https://gerrit.instructure.com/12984
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
fixes#9890
Test plan:
* edit a user's profile
* delete the name
* you should see an error about the name
Change-Id: I05a3ad4ecd429c5e6563574e92571ae59100f0a6
Reviewed-on: https://gerrit.instructure.com/12942
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
fixes#9451
rack's request.scheme doesn't take x-forwarded-proto into account, so it
was returning http. Using request.protocol correctly handles ssl
termination, it just means we have to chop off the "://" part of the
protocol.
test plan: In an environment using ssl behind a load balancer, load the
avatar for a user that doesn't have one. verify that the gravatar
request redirects back to canvas using https, not http.
Change-Id: Ifb5f42e91379cfe591d29e07cd2ccf1f9d2b19fa
Reviewed-on: https://gerrit.instructure.com/12865
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
closes: #7172
test plan:
* open discussion topic index page:
- see how it looks in blank course
- full course
- try graded & unread filters (make sure you see things you expect to and not those you don't)
- do bulk actions by clicking checkbox for a few and hitting delete and lock buttons
- verify infinite scroll works
- verify that as a student you don't see posts that had delayed posting
- click "create new" button to make a new one, make sure it works
- do all the above in the announcement index page
* while viewing announcements index:
- verify teacher can create external feed on right
- no right side unless external feeds exist or they are teacher
- external feeds are listed
- only teacher can delete external feed
* while editing/creating new discussion/announcement
- verify that announcement cant be made into assignment
- for discussion topic, set as assignment and make sure the assignment settings set.
- cant change discussion -> announcement (& vise versa)
- type crazy & blank input, verify that it validates it for you
- title cant be longer than 254
- make sure these features work:
- podcast feed
- student posts in podcast feed
- delayed posting
- toggling threaded/unthreaded
- must post before seeing replies
- attach file, remove file attachment, upload new attachment should work
* make sure announcements/discussions look & behave right in other places they show up
(like course, user dashboard)
* if you can think of any other places where you can edit/create discussions/announcements, make
sure that still works
Change-Id: Ib0acaff8542bf09f99cd7aa99fb3ed16c999d224
Reviewed-on: https://gerrit.instructure.com/12655
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
fixes#9975
test plan:
- retrieve a folder using the API
- locked_for_user should be a single boolean value
Change-Id: I2bd6fcde8554be35ac497700c9e30a714fe96bed
Reviewed-on: https://gerrit.instructure.com/12975
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#9872
on the course settings page, the 'end this course' button should not
display for courses whose terms have already ended.
test plan:
* create a course inside of a term whose end_at date has already
passed;
* visit the course settings page and verify that the 'end this course'
button is not visible in the sidebar.
Change-Id: I8f8ddc1cd495a3488fda6989de28d45abd67b6cd
Reviewed-on: https://gerrit.instructure.com/12893
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
now cache permission lookups for anything that is_a_context?, except for
the User model (since that might result in a lot of writes to the cache
that seldom get read). this expands the cacheable list to [Course, Group,
Account]
test plan:
1. use course, group and account-related functionality in canvas
2. confirm that the those permissions are cached (rails log) and used
3. do something that sets :session_affects_permissions (e.g. get a
course invitation and go look at the course)
4. confirm that course, group and account permissions are no longer
cached, but work correctly
5. confirm that non-context permission checks work correctly and are not
cached (rails log)
Change-Id: I2aab74e225bb4da1a7f486512575c702415eb6fc
Reviewed-on: https://gerrit.instructure.com/12971
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
clean up grants_right? and grants_rights?, and add cache expiration so
that stale data eventually clears. the cache-related changed are:
1. we now cache "nobody" lookups for course permissions
2. course permission lookups are cached for no more than a day
additionally, there is a slight behavior fix for non-course grants_rights?
calls that care about the session. previously, the session argument to a
"given" block would be set to nil unless the :session_affects_permissions
flag was set. this was *not* the case for grants_right?. so that means
that grants_rights? calls for a non-context could be more restrictive than
the equivalent grants_right? one(s).
a code audit reveals there should be no places where this was actually
happenening today, so the fix shouldn't affect any current permissions
checks in canvas. rubric_assessment.rb would be susceptible, but the
corresponding controller code is unused. eportfolio.rb has some session-
based policy checks, but it was setting :session_affects_permissions.
test plan:
1. use course-related functionality in canvas
2. confirm that the course permissions are cached (rails log) and used
3. do something that sets :session_affects_permissions (e.g. get a
course invitation and go look at the course)
4. confirm that course permissions are no longer cached, but work
correctly
5. confirm that non-course permission checks work correctly and are not
cached (rails log)
Change-Id: Ie7f79054f48f6a9f168510349c3d1f1ef453deb4
Reviewed-on: https://gerrit.instructure.com/12933
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan:
* log in checking "stay signed in"
* close the browser
* open the browser, go to profile
* it should say "For security purposes, please enter your password
to continue" in yellow
Change-Id: I6a0f03d5d40314b1422d881f15f7a9053afcfc16
Reviewed-on: https://gerrit.instructure.com/12970
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
functionally the same, but allows for higher level routing of CAS
requests apart from general login requests
test plan:
* login and log out with CAS configured
Change-Id: Id4a9633f2dd48e9d7fe0cf9d3ec917750eb8c8ce
Reviewed-on: https://gerrit.instructure.com/12961
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
also refactor the assignment description to an @object,
and reference it from all actions.
add some missing Assignment fields too
test plan:
- make sure the generated documentation for Assignments is good
(there is no behavior change)
Change-Id: I29815bb5dcd15ae14faac59f9941220415867ec4
Reviewed-on: https://gerrit.instructure.com/12867
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
Simon Williams