What is this?
=============
Selinimum speeds up selenium by only running the specs it needs to for
your commit (iff it can safely determine that). For the purposes of the
initial implementation, that means that if your commit ONLY affects:
1. controllers (but not ApplicationController)
2. views (but not shared / layouts)
3. misc whitelisted stuff (images, .md files, etc.)
then it will only run the selenium specs that actually exercise those.
If your commit touches ANYTHING else (models, lib, etc.), all selenium
specs will run.
But wait, there's more!
=======================
Very soon selinimum will also handle:
1. js/coffee/jsx/hbs (except in the common bundle)
2. scss (except in the common bundle)
We already capture which bundles get used by each spec (see Capture), we
just need to correlate that with the individual files via a dependency
graph (probably using madge and sass-graph)
How does it work?
=================
The new post-merge selenium build will run all the specs with selinimum
capturing enabled. This records any controllers/views/js_bundle/css_bundle
that gets used in the course of each selenium spec, and stores a bunch of
data in S3.
Then when your patchset build runs, it will run Selinimum.minimize (via
corresponding tweak in rspect repo) on the list of spec files. If your
commit's dependents can be fully inferred and synthesized with the spec
dependency data from S3, only the relevant specs will actually be run.
Test Plan
=========
This commit doesn't actually cause selinimum to run on jenkins; that
requires some rspect changes and jenkins config. Refer to the test plan
here: https://gerrit.instructure.com/#/c/58088/
Change-Id: I991574c327a3a580c6fdc3ca3797dcfe0490a096
Reviewed-on: https://gerrit.instructure.com/58085
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Jon Jensen <jon@instructure.com>
QA-Review: Jon Jensen <jon@instructure.com>
This is the first step to get us moved over to factory girl for test
factories. Gergich (rightly) has a lot to say on this, because I've
moved around a lot of scary looking code, but I am hesitant to spend
much time on fixing it here, since the end goal would be to rewrite most
all of the factory logic in factory girl anyway. Any feedback is good
feedback!
Change-Id: Id0da1099e98d4ac79c6bf1e1e8808d6e7ea43596
Reviewed-on: https://gerrit.instructure.com/57853
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: John Corrigan <jcorrigan@instructure.com>
Tested-by: John Corrigan <jcorrigan@instructure.com>
Product-Review: John Corrigan <jcorrigan@instructure.com>
fixes CNVS-21362
test plan:
* make sure you have pg_collkey installed
* test user search
* it shouldn't asplode
Change-Id: I911d57ea950679b3e26390c140149c528eae0a2d
Reviewed-on: https://gerrit.instructure.com/56969
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
closes CNVS-21601
test plan:
- Differentiated Assignments should be on for all courses in all accounts
Change-Id: I24142a2e8e20186c62de5ef8db909e13b87f44e6
Reviewed-on: https://gerrit.instructure.com/57502
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
Reviewed-by: Mike Nomitch <mnomitch@instructure.com>
QA-Review: Jason Carter <jcarter@instructure.com>
Product-Review: Cameron Sutter <csutter@instructure.com>
refs CNVS-21700
test plan
- specs should pass
Change-Id: I89570dbfe5162c83c9b9cfcdc2d73ee1e881dffa
Reviewed-on: https://gerrit.instructure.com/57709
Tested-by: Jenkins
Product-Review: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
The commit tests the index page and show page for a quiz with
multiple due dates for various roles. The roles include student in
the main section, student in the additional section, ta, and
observer associated to student in the additional section.
Observer associated to both the students in the main section and
additional section is currently not working as expected(I think a
bug has been already raised for this). The rest is working fine.
Change-Id: I7c5852b9692b29d4de5e36cb51cc0669e7d2b37a
Reviewed-on: https://gerrit.instructure.com/55391
Tested-by: Jenkins
Reviewed-by: Derek Hansen <dhansen@instructure.com>
Product-Review: Derek Hansen <dhansen@instructure.com>
QA-Review: Derek Hansen <dhansen@instructure.com>
fixes CNVS-21191
test plan:
* configure saml, but without the entity id
* logins should fail saying your IdP was unrecognized
* fix the entity id
* you should be able to log in
Change-Id: I8226bf5c831a4cc939477dd12e3dc8d95e55aa38
Reviewed-on: https://gerrit.instructure.com/55906
Tested-by: Jenkins
Reviewed-by: August Thornton <august@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
closes CNVS-20947
Allow users to "delete" auth configs without
violating foreign key constraints.
Also means updating all places that use the
association interface to a new method
that strips out inactive AACs
TEST PLAN:
1) create a new AAC with the IDP of your choice
2) create some pseudonyms that are attached to the new AAC
3) try to delete the AAC from the authorization config area
4) it should not blow up
Change-Id: Iff56fd8aa2ee66a2468191a9c880a99862d83927
Reviewed-on: https://gerrit.instructure.com/55808
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
Grading Periods previously could overlap in arbitrary ways.
This adds a server side validation to ensure that when a Grading
Period is persisted it will not overlap with existing Grading
Periods in the same Grading Period Group. Grading Periods in
different groups are not validated in this way. The front end will
report errors if attempting to save a grading period that overlaps.
Our definition of overlapping is any two grading periods
intersecting each other except if the end date of an earlier
grading period is equal to the start date of a later grading period
These two grading periods would be considered overlapping
(when in the same group):
GradingPeriod.new(
start_date: 0.months.ago, end_date: 2.months.from_now
)
GradingPeriod.new(
start_date: 1.months.from_now, end_date: 3.months.from_now
)
These two grading periods do *NOT* overlap, even thought the
end_date of the first is the same as the start date of the
second (again, these would need to be in the same group):
GradingPeriod.new(
start_date: 0.months.from_now, end_date: 2.months.from_now
)
GradingPeriod.new(
start_date: 2.months.from_now, end_date: 3.months.from_now
)
Fixes CNVS-19858
Change-Id: I0c901fa35f3225186948bbd8d61ef368cd15c939
Reviewed-on: https://gerrit.instructure.com/53953
Tested-by: Jenkins
Reviewed-by: Dylan Ross <dross@instructure.com>
QA-Review: Michael Hargiss <mhargiss@instructure.com>
Product-Review: Derek Bender <dbender@instructure.com>
* get rid of has_one
* get rid of several methods on account that are unused or trivially
replaced
Change-Id: I5a4f1e342b2bd465a240bbe701c2ab883b1f3878
Reviewed-on: https://gerrit.instructure.com/55240
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
fixes CNVS-20361
This is the first step in extracting soft deletion and
only touches grading period models. I audited other models
to see if this extraction would work for them, but no other
models met my criteria which are as follows
- [ ] defines workflow state of _only_ active and deleted
- [ ] active scope where state is active
(not `workflow_state<>'deleted'`)
In `def destroy`:
- [ ] state set to deleted
- [ ] then save
- [ ] runs callbacks
Many variants of soft deletion exist, including scoping
active to `workflow_state<>'deleted'`, not running
callbacks after save, and wrapping the state change in a
transaction block.
This is the first step in making soft deletion behave
consistently. There are approximately 30 models that have
an implementation of soft deletion.
Change-Id: I6cb48571377a4bb403285f95c058020b46ca3a30
Reviewed-on: https://gerrit.instructure.com/53821
Reviewed-by: Derek Bender <dbender@instructure.com>
Product-Review: Strand McCutchen <smccutchen@instructure.com>
QA-Review: Strand McCutchen <smccutchen@instructure.com>
Tested-by: Jenkins
fixes CNVS-20394
split it into appropriate concerns. main points are:
* /login never renders a login form - it redirects forward to the
default auth controller based on the first account
authorization config (or discovery url on the account)
* /login/canvas is the new home of the old login form. this form is
never rendered in-situ anymore - other places that used to render
it now redirect to /login (and then forward to here), reducing
their knowledge of SSO
* /login/ldap ends up at the same place (cause LDAP auth is handled
transparently)
* /login/cas and /login/saml redirect forward to the first SSO
configuration of the appropriate type. /login/:auth_type/:id can
be used to select a specific one
* if an SSO fails, it redirects back to /login with flash[:error]
set. this can forward to the discovery url appropriately, or
render an error page appropriately (the old no_auto=1, but now
it's not layered on top of the login partial that didn't show a
login form)
* ?canvas_login=1 is deprecated. just go directly to /login/canvas
* /saml_consume, /saml_logout are deprecated. they are processed
directly by /login/saml and /login/saml/logout
* /login/:id is deprecated - it forwards to /login/:auth_type/:id
as appropriate (presumably only saml, since that was the only
one that previously should have been using these links)
* OTP has been split into its own controller, and separated into
multiple actions instead of one all-in-one action
* /logout has been vastly simplified. the login controller should
set session[:login_aac], and on logout it will check with that
AAC for a url to redirect to after logout, instead of /login.
SSO logout is handled by each controller if they support it
test plan:
* regression test the following functionality -
* login with canvas auth
* login with LDAP auth
* login with SAML auth - and multiple SAMLs
* login with CAS auth
* MFA (configure, using, auto-setup)
* Canvas as OAuth Provider flow
* redirects to the login page when you're not
logged in
* failure of SAML/CAS (i.e. can't find user)
show a decent error page and allows retry
* "sticky" site admin auth (site admin is CAS/SAML,
going directly to another domain logs you in with
site admin)
Change-Id: I1bb9d81a101939f812cbd5020e20749e883fdc0f
Reviewed-on: https://gerrit.instructure.com/53220
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins
Reviewed-by: Ethan Vizitei <evizitei@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
fixes CNVS-16142
previously, if there was a quiz with file upload answer types,
those file submissions would not download because the path would
refer to assignments instead of quizzes. This first detects
if the assignment is a quiz type and then hands the api the
correct submissions url.
Test Plan:
1) Create a quiz with at least one question as a file submit type
2) Publish the quiz
3) Take the quiz as a student
4) As a teacher, go to the Gradebook Individual View. In the Content
Selection area, choose the quiz from the "select an assignment"
drop down
5) Click the "Download All Submissions" button in the Assignment
Information section
6) The download process should complete successfully
Change-Id: I31a98cae291ceff86a7316d43900b70b209cfe4b
Reviewed-on: https://gerrit.instructure.com/46296
Reviewed-by: Josh Simpson <jsimpson@instructure.com>
Tested-by: Jenkins
QA-Review: Amber Taniuchi <amber@instructure.com>
Product-Review: Derek Bender <dbender@instructure.com>
This commit adds a new module called LiveEvents that knows how to send a
certain set of events to Kinesis. The module is configured via
normal plugin settings per account. Once the plugin is configured with
a Kinesis stream, events will start getting sent to that stream.
Events are sent asynchronously, in a background thread.
test plan:
* See `doc/live_events.md` for instructions on how to setup a local
kinesis stream and configure the LiveEvents plugin.
* Start tailing the stream with the command specified in
`doc/live_events.md` in a terminal.
* Perform the actions described in `doc/api/live_events.md` and verify
that events show up in your Kinesis terminal with the correct data.
Change-Id: Id799688c972205a1eee84a673912f84b0c7abb57
Reviewed-on: https://gerrit.instructure.com/50324
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
Product-Review: Zach Wily <zach@instructure.com>
When the user is not logged in, or is not enrolled in the course, don't
show student comments on announcements.
Fixes CNVS-19270
Test Plan:
- Create an announcement in a *public* course as a teacher
- As a student, leave a reply on the announcement
- Verify that the reply shows up for students in the course, as well
as the teacher and account admins
- Log out, and verify that the comments are not visible to
a non-user
- Create an announcement in a non-public course and ensure that
student and teacher and admin can all see them properly
Change-Id: Ide381f6271a1de66ac85f6c7b0e2a2557190991d
Reviewed-on: https://gerrit.instructure.com/50595
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
Reviewed-by: Mike Nomitch <mnomitch@instructure.com>
QA-Review: Adam Stone <astone@instructure.com>
Product-Review: Benjamin Porter <bporter@instructure.com>
resolves CNVS-19289
Testplan:
- the api should handle the show action for all contexts
(root accounts, sub accounts and courses)
- a 404 Not Found should be thrown when attempting to access
a grading period not 'owned' by the current context
Change-Id: Idb3e4c2d88b9e68e81f636d014bc027d0c30bde6
Reviewed-on: https://gerrit.instructure.com/50733
Tested-by: Jenkins
Reviewed-by: Cameron Matheson <cameron@instructure.com>
Product-Review: Derek Bender <dbender@instructure.com>
QA-Review: Derek Bender <dbender@instructure.com>
Previously, the controller for grading periods only fetched active
grading periods for the current context and thus missed grading
periods on account chains.
Closes CNVS-18058
Test Plan: Create grading periods for root account, sub accounts
and courses. Ensure they all show up in the index action
of GradingPeriodsController
Change-Id: I9282b458207b8571022cd8ad3e33208131c8a743
Reviewed-on: https://gerrit.instructure.com/49120
Tested-by: Jenkins
Reviewed-by: Josh Simpson <jsimpson@instructure.com>
QA-Review: Robert Lamb <rlamb@instructure.com>
Product-Review: Derek Bender <dbender@instructure.com>
closes CNVS-18224
test plan:
-Verify automated tests pass. So long as the automated tests pass,
the refactor of tests was successful.
Change-Id: Icae6c036f0b6bca58fc5beed290ab10590e4d9c7
Reviewed-on: https://gerrit.instructure.com/49029
Tested-by: Jenkins
Reviewed-by: Josh Simpson <jsimpson@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
Product-Review: Spencer Olson <solson@instructure.com>
(also allow it to be published if it got in that state earlier)
test plan:
* create an unpublished course
* enroll a student
* add and publish an assignment
* visit the gradebook
* should not be able to enter a grade before
the course has begun
closes #CNVS-18454
Change-Id: I9a3f894ad6bf130d359de5c4717cba9bee6704b3
Reviewed-on: https://gerrit.instructure.com/49047
Tested-by: Jenkins
Reviewed-by: Dan Minkevitch <dan@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
* invite a student
* as the student, accept the invitation
* use the people page to re-enroll the same student
* should not set the enrollment back to "pending"
closes #CNVS-18004
Change-Id: Icfcc6a12400d63d132d01ceb93ef98f1c3344355
Reviewed-on: https://gerrit.instructure.com/47954
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
Add API access to get/set the calculation_method and calculation_int on
learning outcome objects. Add some default values for these, and
handling for older learning outcomes that have a nil calculation_method
and calculation_int. Also add some specs.
Fixes CNVS-10619
Test Plan:
(Verify this all works when authorized, and all fails when
unauthorized)
Using the API:
context: create a new outcome
- create a new outcome group and an outcome
- query for the group and outcome and make sure they return properly
- observe that the default calculation_method is returned as 'decaying_average'
- observe that the default calculation_int is returned as 75
context: query an existing outcome
- query an existing outcome (should have a nil
calculation_method in the DB)
- observe that the API returns 'highest' for the
calculation_method
context: update an outcome
- make an update to an existing learning outcome, adding
a calculation_method of 'highest'.
- re-query, verifying correct info returned
- verify that a calculation_int is NOT returned
- make another update to the outcome, this time setting
calculation_method to 'n_mastery' or 'decaying_average'.
Set calculation_int to '8' or '85', respectively
- re-query, verifying correct info returned. Verify that
a calculation_int IS returned
Change-Id: If07b0f6a85a8a080b6e96cadc1f5b3745b71794f
Reviewed-on: https://gerrit.instructure.com/45399
Reviewed-by: Matt Berns <mberns@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Adam Stone <astone@instructure.com>
Product-Review: Benjamin Porter <bporter@instructure.com>
closes CNVS-17710
test plan:
- as an admin with permission to manage sis, make sure sis ids are
returned in the terms api
- try creating a new term with an sis id, it should work
- try updaing and existing term with an sis id, it should work
- updating without specifying an sis_term_id should not remove the id
- updating and specifying sis_term_id: '' should remove it
Change-Id: Ia91766d6ee04b360432de1a603d89d1e6ba89c8b
Reviewed-on: https://gerrit.instructure.com/46438
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
refs CNVS-17062
This wrapper will catch any usage of the redis commands that twemproxy
doesn't support, including in specs, so that they don't sneak through.
test plan: specs should still pass, and redis caching should continue to
work as before.
Change-Id: I88d74c23c92c8be9f49e9399d8acbaf8ba31513e
Reviewed-on: https://gerrit.instructure.com/44710
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
closes CNVS-17105
Test plan:
(This has to be done at the rails console)
* enable multiple grading periods
* set up assignments in all the grading periods
* grade the assignments for a student
* run the grade calculator for a grade period. make sure the grade
only considers assignments in the grading period:
gc = GradeCalculator.new([student_id], course, grading_period)
pp gc.compute_scores.first.first
Change-Id: I3b87eb7ec08fedebaab4f7a2fc83e68d4d4d5c7e
Reviewed-on: https://gerrit.instructure.com/45753
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
Reviewed-by: Cameron Sutter <csutter@instructure.com>
Product-Review: Cameron Matheson <cameron@instructure.com>
add content and tests for API to ensure that the
course's grading period is RESTful.
test plan:
1. In a course, turn on the multiple grading periods feature flag
2. Using the api, create a few grading periods
3. do a GET on api/v1/courses/:course_id/grading_periods
4. verify that you don't get an error
fixes CNVS-17492
Change-Id: I36cdd1fea1bdd9b426d061e29abb75dd6a192a80
Reviewed-on: https://gerrit.instructure.com/45748
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Josh Simpson <jsimpson@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
Product-Review: Spencer Olson <solson@instructure.com>
Change-Id: I167620165171b6fd0d41e69590e1f3225ac2fe2c
Reviewed-on: https://gerrit.instructure.com/45690
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
test plan:
* basic regression test on assignments, discussion topics
gradebook, and modules (mostly make sure the basic
index/show/edit views aren't broken)
closes #CNVS-15563
Change-Id: I3411bfb7645b3c4bf8a4663e3e052b4402f899ba
Reviewed-on: https://gerrit.instructure.com/43609
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Now an LTI launch can list the section ids that a user has
enrollments in with: $Canvas.course.sectionIds and
$Canvas.course.sectionSisSourceIds
Test Plan:
* Create a user with enrollments in a section and multiple sections
* Configure an LTI tool to have the 2 new section variable subs
* The ids/sis ids of the section that the user has a direct
enrollment in should be substituted
* If a teacher is only enrolled in the main section all the other ones
will _not_ be listed.
closes PLAT-784
Change-Id: I0af6b674a710767f4f38693f86fac8b988a21f06
Reviewed-on: https://gerrit.instructure.com/45462
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brad Humphrey <brad@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
Support for extracting and recording "question_answered" events from
submission_data. Unlike the other event patches, this takes place
completely on the back-end.
Closes CNVS-16802
Other things:
- refactored stuff to use QuizSubmission#graded?
- QuizQuestion::AnswerSerializers now output string IDs
TEST PLAN
---- ----
You need a database browser for this, like pgadmin3 [1].
Preparation:
- create a quiz with ALL question types
- using pgadmin3, view the data in the quiz_submission_events_2014_XX
table (XX would be the current month), keep this window open
+ this window should be empty so far, unless you're repeating this
plan
- go to take quiz page
- do anything useful to trigger the initial backup call:
+ verify that there's a new record with "event_type" is
"question_answered"
+ grab the "event_data" in that column and paste it in some JSON
editor like http://jsoneditoronline.org/ [2]
+ verify that this data-set includes the initial answers for ALL
questions
Ok, now we need to test whether each answer we update gets recorded:
- in any question, change your answer
- open the pgadmin3 table window
+ refresh, press F5
+ verify there's a new event record
+ copy/paste the "event_data" in the JSON editor and:
- verify that not ALL the answers were recorded again, ONLY the
one that you have just added/changed/updated
Rinse and repeat with the rest of the questions. Make sure that answers
to *all* question types are being recorded (this includes File Upload,
in which case the value would be the attachment ID.)
[1] pgadmin3 works on all platforms, download it for OS X from
http://www.pgadmin.org/download/macosx.php
[2] when copying from pgadmin3, it may wrap the JSON with '' and that
will cause an error in the editor, just remove those quotes
Change-Id: I3330bd987396aa84937af295390ec169b06c58e9
Reviewed-on: https://gerrit.instructure.com/44335
Reviewed-by: Derek DeVries <ddevries@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Trevor deHaan <tdehaan@instructure.com>
Product-Review: Ahmad Amireh <ahmad@instructure.com>
add GradingPeriodGroup, and change associations between GradingPeriods,
GradingPeriodGroups, Courses, and Accounts. also adjust the grading
periods controller to account for addition of grading period groups
closes CNVS-16538
test plan:
-run bundle exec rake db:migrate, and bundle exec rake db:migrate RAILS_ENV=test
-verify the migrations successfully run
-open the rails console in sandbox: bundle exec rails c -s
-create a course, a few grading periods, and a grading period group. Add the grading periods to the group. Assign
the grading period group to the course.
$ course = Course.create
$ grading_period1 = GradingPeriod.create(weight: 25.0, start_date: Time.zone.now, end_date: 2.days.from_now)
$ grading_period2 = GradingPeriod.create(weight: 30.0, start_date: Time.zone.now, end_date: 2.days.from_now)
$ grading_period_group = GradingPeriodGroup.create()
$ grading_period_group.grading_periods << grading_period1
$ grading_period_group.grading_periods << grading_period2
$ grading_period_group.course = course
-verify the associations are working as expected, i.e. a GradingPeriodGroup has GradingPeriods, a GradingPeriod
belongs to a GradingPeriodGroup, and a GradingPeriodGroup belongs to a course or account.
$ grading_period_group.grading_periods #should return an array containing grading_period1 and grading_period2
$ grading_period1.grading_period_group #should return grading_period_group
$ grading_period2.grading_period_group #should return grading_period_group
$ grading_period_group.course #should return course
$ grading_period_group.account #should return nil (should not throw error)
Change-Id: I9d7465431dabd2afa18e7a8a33706b9a78a94cd1
Reviewed-on: https://gerrit.instructure.com/43512
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Josh Simpson <jsimpson@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Product-Review: Spencer Olson <solson@instructure.com>
test plan:
* have site admin on one shard
* make a custom account role
* give it all the permissions
* login as a user with that custom role
* visit an account on another shard
* should have all the permissions
Change-Id: I2a128a672b7b6973e1d25c58d635f0147a486240
Reviewed-on: https://gerrit.instructure.com/44353
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
Change-Id: I7cca4a22ef7dc310ba1b94fd81d67854a6fe1daf
Reviewed-on: https://gerrit.instructure.com/43833
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
A small gem for abstracting partitioning at the model layer, as well as
helpers for dynamically creating the partitions needed for quiz
submission events.
You can read more about the gem's API in its README file.
Closes CNVS-16795
TEST PLAN
---- ----
- check out the patch
- run `bundle exec rake db:migrate`
- run `bundle exec rake canvas:quizzes:create_event_partitions`
- run the rails server and visit any page:
+ if you got this far, and jenkins has passed, things are good
Change-Id: I7d6b77c62db8510e09a54fbae00048a14b5366bb
Reviewed-on: https://gerrit.instructure.com/44145
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Trevor deHaan <tdehaan@instructure.com>
Reviewed-by: Derek DeVries <ddevries@instructure.com>
Product-Review: Ahmad Amireh <ahmad@instructure.com>
refactor everything that used to use strings for roles
to use actual role_ids
the apis should be backwards compatible so we don't need
to update (most of) the UI's right away in this commit
test plan:
* regression tests for permissions, role overrides,
alerts (for account roles), enrolling users,
adding account admins, etc.
refs #CNVS-15481
Change-Id: Id57fd3104c5c518b6fbf180609950dcddcdd474d
Reviewed-on: https://gerrit.instructure.com/41208
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Steven Shepherd <sshepherd@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
Change-Id: If7dbcd29ddbb0f5912fc0fc819017533f44a5ad7
Reviewed-on: https://gerrit.instructure.com/42229
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: James Williams <jamesw@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
so we don't need to force marshalling in tests
Change-Id: Ia12f0ed55281f5691a304e6e82bf796cb0da39a0
Reviewed-on: https://gerrit.instructure.com/43233
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
closes CNVS-15881
This mostly involved adding hooks to the gem for things that we were
directly modifying in Canvas, then hooking into those points in the
canvas config/initializers/delayed_job.rb file.
Periodic jobs scheduling changed a bit as well -- there's no longer
support in the extracted gem for reading a special file under config/,
so I moved our periodic_jobs.rb file to a normal initializer.
test plan: delayed jobs should still work as before, including queuing
jobs, running the worker pool, and in tests.
Change-Id: I9ce57091d18f21f4355011fcb75230193d53facb
Reviewed-on: https://gerrit.instructure.com/42027
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
fix a blocking thing, and add a compatibility gem
and a few final missed things
fixes CNVS-16239
Change-Id: I6ffa4569f936173393eaf7225f7463a4ccba1c7c
Reviewed-on: https://gerrit.instructure.com/42715
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Braden Anderson <braden@instructure.com>
Product-Review: Braden Anderson <braden@instructure.com>
QA-Review: Braden Anderson <braden@instructure.com>
fixes #CNVS-14270
move broadcast policy into a gem of its own
to remove plugin deprecation warnings.
TEST PLAN:
-no behavior changes
-regression test notifications
(no need to hit them all, confirm that 3 or
4 separate notifications flow and
that will prove the pipeline)
Change-Id: If8445653ec09ab4d221124d85f9674d1cedd3751
Reviewed-on: https://gerrit.instructure.com/40899
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Matthew Wheeler <mwheeler@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
QA-Review: August Thornton <august@instructure.com>
closes CNVS-14268
Since this is very clearly our own fork of the gem at this point, I've
removed a lot of unused code, rather than fixing it up to work as a gem.
This includes:
* all the other processors besides mini_magick
* red_artisan, it was only used by the core_image processor
* geometry and the Array monkey patch, it was only used by image science
* the db_file_backend
* the Tempfile monkey patch, I fixed the AttachmentFu code to properly
create tempfiles with the desired extension
* removed the Technoweenie outer namespace, to match normal gem practices
test plan:
Attachments should still work as before, including viewing, uploading,
downloading, and thumbnail generation.
Change-Id: I94ff63182af839ec54b64714defd6912b0d91f65
Reviewed-on: https://gerrit.instructure.com/41281
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
fixes CNVS-13933
test plan (with a course setup for DA):
for the following tests:
* perform them on assignments that are only_visible_to_overrides
* _and_ again on assignments that should be visible to everyone (regression)
- mute an existing assignment that has a due date for one section only
- unmute it
- verify that the *unmuted* notification only go to the students & admins who can see the assignment
notes: must be an existing assignment that is more than 30 minutes old
Change-Id: Ic26fe29a8b1db06e376fdeae129636b0a097fab1
Reviewed-on: https://gerrit.instructure.com/37271
Reviewed-by: Cameron Sutter <csutter@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
Product-Review: Liz Abinante <labinante@instructure.com>
test plan:
- regression test to make sure that you can navigate to different
domains and shards, create + process delayed jobs, and navigate to the
default and site admin accounts
Change-Id: I0ed4bf3309e3950a046ed1cd7bc7b1fe0a806a7a
Reviewed-on: https://gerrit.instructure.com/39972
Tested-by: Brian Palmer <brianp@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
Thumbnails will now have namespace column which will be populated with
its attachments namespace on save. Old thumbnails will have null
namespace and should behave as they used to. New thumbnails will work
like boss.
Fixes CNV-12380
Test Plan
=========
Prerequisites
-------------
- S3 storage
- **Sharding**
- multiple users with the same ID on different shards
- profile photos on all the users with the same fileID
Details
-------
Before the fix the last uploaded avatar will be the *thumbnail* for
all user avatars that collide with each other.
After the code is updated all avatars will be blank.
After `bundle exec rake db:migrate` avatars should display correctly.
Change-Id: Iec533086308da352f317cda60b404327b14516e3
Reviewed-on: https://gerrit.instructure.com/39108
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
Product-Review: Bryan Madsen <bryan@instructure.com>
QA-Review: Steven Shepherd <sshepherd@instructure.com>
This turns the vendor/plugin into a rails engine, and establishes the
convention of canvas-dependent rails engines/gems going into
gems/plugins, and everything in that dir being auto-required and added
to canvas spec runs.
closes CNVS-14286
test plan: regression test on the respondus quiz builder client. no
behavior should change.
Change-Id: I51b548418bcb70af77e87c2c2d62cac27ed4ab44
Reviewed-on: https://gerrit.instructure.com/38394
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
full warning:
> rspec-rails 3 will no longer automatically infer an example group's spec type
> from the file location. You can explicitly opt-in to this feature using this
> snippet:
>
> RSpec.configure do |config|
> config.infer_spec_type_from_file_location!
> end
>
> If you wish to manually label spec types via metadata you can safely ignore
> this warning and continue upgrading to RSpec 3 without addressing it.
Change-Id: I0f0ec385a49d6b37bfb236c82ab1027934476441
Reviewed-on: https://gerrit.instructure.com/39299
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Paul Hinze <paulh@instructure.com>
QA-Review: Paul Hinze <paulh@instructure.com>
***test plan
1. Make a POST like /accounts/1/account_notifications
2. Required Parameters:
1) account_notification[subject]
2) account_notification[start_at]
3) account_notification[end_at]
4) account_notification[message]
3. Optional Parameters:
1) account_notification[icon]
'warning' | 'information' | 'question' | 'error' | 'calendar'
note: defaults to warning
2) account_notification_roles[]
'StudentEnrollment', 'TeacherEnrollment' etc...
this defaults to all roles
4. Only account admins should be able to make the api call
5. Should not be able to create an account notification with an
end_at < start_at
closes: PS-1730
closes: PS-1872
Change-Id: Ide86722598ae4a7ab565422f2996015b48cf8910
Reviewed-on: https://gerrit.instructure.com/37477
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Matt Fairbourn <mfairbourn@instructure.com>
Reviewed-by: Brandon Broschinsky <brandonbr@instructure.com>
Change-Id: I22ea36859637e6081d79b5c3f1ec064a778635ca
Reviewed-on: https://gerrit.instructure.com/38028
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
this allows once-ler to work in api specs by
resetting the user access tokens cache in the
global before :each block
Change-Id: I580007a17129e3e4b96f6310113e1578b5e63544
Reviewed-on: https://gerrit.instructure.com/37553
Reviewed-by: Brian Palmer <brianp@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Product-Review: Jon Jensen <jon@instructure.com>
QA-Review: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
refs CNVS-13987
what was called CanvasUuid was *not* generating UUIDs. it was generating
slugs. by default, its generate method only creates 4 character slugs.
these should obviously not be used as UUIDs. the misnomer already caused
a bug in EventStream where it used these slugs as UUIDs, causing
collisions. to fix:
(1) rename canvas_uuid gem to canvas_slug, and rename it's primary
class CanvasUuid to CanvasSlug
(2) create new canvas_uuid gem, with class CanvasUUID, extracted from
lib/uuid_singleton for actual UUID generation
(3) fix event stream use CanvasUUID, rather than following the rename
of CanvasUuid to CanvasSlug
test-plan:
- have cassandra set up for audit logs
- create an audit log entry (e.g. change a grade)
- look at the generated audit log entry's id field; it should be a UUID
value, not a 4 character slug
Change-Id: I19758fff4433cd6cb2e21219217dced19ee05c5a
Reviewed-on: https://gerrit.instructure.com/37506
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
this hard-codes draft state to on in the code, but still allows tests to run
against non-draft state code (as if it was still set to allowed). this allows
us to then go clean up tests on a component by component basis as we rip out
old non draft state code
closes CNVS-13582
test plan:
- basic canvas regression test
- make sure draft state is on for all courses
- make sure it cannot be turned off at the course or account level
Change-Id: Ia22e6b8a7e40a64b42021846f2fe85aaf3005504
Reviewed-on: https://gerrit.instructure.com/37260
Reviewed-by: Bryan Madsen <bryan@instructure.com>
Product-Review: Bryan Madsen <bryan@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
fixes CNVS-13351
test plan:
* created an admin role that has permission to create other admins,
but that's it
* as an admin in that role, it should only show that role as one
to choose for new admins
* you should only be able to delete admins in that role
* verify both of the above are enforced via the API
Change-Id: I11459567ab184d787ee02af55280e0f4f76d47e8
Reviewed-on: https://gerrit.instructure.com/35672
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
fixes: CNVS-11425
This is a performance refactor of the permissions. The
biggest change is the caching. The cache key is now based
on the right so each right will be cached by itself. The
goal is to reduce places where we implement caching for
permissions and let adheres_to_policy handle it.
Another commit is coming to clean up calls to the new
methods created here. g/34280
Test Plan:
- Make sure permissions all work still.
- Make masquerading still works with permissions.
- Make sure switing views such as "student view" for a
course.
Change-Id: I4a30b0aba394cea24c3b60167fc1369a2584f5a4
Reviewed-on: https://gerrit.instructure.com/34278
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Turns out that truncate is a super slow operation in Cassandra. For the
tests that this affects, we'll handle the potentially non-empty db.
Change-Id: Ie7e64add3b53f26eb98ba441e46270a8c08657ea
Reviewed-on: https://gerrit.instructure.com/36593
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Product-Review: Shawn Meredith <shawn@instructure.com>
QA-Review: Shawn Meredith <shawn@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
closes PS-1602
test plan:
1. enable draft state on a course
2. go to the course
3. you should see the new buttons
in the top right
4. play around with them
5. you should not be able to see course
status if there are graded submissions
in the course
6. go to course settings
7. you should see the course status now
in the top right (published or unpublished)
8. if there are graded submissions you should
be able to hover the course status and get
a tooltip saying you cannot unpublish
Change-Id: Idb7c27503f84eb489e1970b2061eb903e452de09
Reviewed-on: https://gerrit.instructure.com/36041
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Jake Sorce <jake@instructure.com>
they're not relevant to *a* User, and they're needed by things other than
User.reflections.
test plan:
n/a, just refactoring to a (hopefully) better spot. existing and new specs
should cover all of this
Change-Id: I66ab5314582113ac549af5662bcf08a8ca5df580
Reviewed-on: https://gerrit.instructure.com/35082
Reviewed-by: Dave Donahue <ddonahue@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
refs CNVS-13024
Setting wasn't properly being initialized as unsharded because
it was loading before Switchman. The reason we need Setting before
switchman is just for yaml loading, so split that into its own
class.
Change-Id: I5456e103cb216dba2d5af4e9c20a697b468c923b
Reviewed-on: https://gerrit.instructure.com/35043
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
fixes CNVS-10415
test plan:
* configure site admin with its own domain, and to use CAS auth
* log in at site admin
* go to another account with the same base domain (i.e.
siteadmin.canvas.dev and accounta.canvas.dev)
* it should redirect you to site admin's CAS server; and likely
directly log you in to canvas, cause you're still logged in
there
* go directly to a course on a different account without being
logged in; it should send you to site admin cas
* log out on the site admin domain and the other domain
* go to the other domain to log in; it should no longer redirect
you to site admin cas
Change-Id: I72d5327193832264228305f73e849282c48780d3
Reviewed-on: https://gerrit.instructure.com/34425
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
change how we default to UTC for tests. this way we:
1. don't create Account.default if a given spec doesn't need it
(explicitly or otherwise)
2. don't do an unnecessary Account#update_attributes before every spec
test plan:
specs, duh
Change-Id: Icd425b0e2b27bbfa6c95b713ae69c5fa36e14c14
Reviewed-on: https://gerrit.instructure.com/35069
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Landon Wilkins <lwilkins@instructure.com>
Product-Review: Jon Jensen <jon@instructure.com>
QA-Review: Jon Jensen <jon@instructure.com>
fixes CNVS-12963
test plan:
* set up a trust from account A to account B
* enable sis imports for account A and account B
* add a user to account B with an SIS ID
* add a course to account A with an SIS ID
* do an sis import to account A for enrollments as user
that is an admin in both account A and account B;
specify the course from account A as the target,
the user from account B, and add another column
root_account with account B's domain
* it should succeed, and enroll the user from account B
* unenroll the user manually
* do the import as a user that's an admin in account A,
but not account B - it should fail citing permissions
* remove the trust link from A to B
* do the import as the user that's an admin in both;
it should fail citing no usable login
Change-Id: Ie5b7b71bfe563da9c49d3aa2321586994634ccb5
Reviewed-on: https://gerrit.instructure.com/32133
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
fixes CNVS-4475
pre-checkout plan:
* create a course
* open people->groups
* create a student group with multiple students
* open discussions
* create two topics
* make one topic a group assignment
test plan:
* open the topics you created
* verify that a "group discussion" option replaced "group assignment"
* verify that your group assignment is a group discussion
* verify that your group discussion uses the same group set
* verify that the old behavior of presenting child topics is retained
* verify that your non-group topic is not a group discussion
* verify that the "group discussion" flag cannot be changed for topics
with replies
* create a new discussion topic
* verify that "group discussion" is available for ungraded topics
* verify that changes to the field persist
* create a new graded group discussion topic
* post to one of the subtopics as a student in its group
* open the gradebook as the teacher
* verify that the student who posted has a submission but the other
group members do not
* verify that group members can be graded individually
Change-Id: Iada30628f0abdb7d7df4267d695553baf8b952d3
Reviewed-on: https://gerrit.instructure.com/33253
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Trevor deHaan <tdehaan@instructure.com>
Reviewed-by: Jon Willesen <jonw@instructure.com>
Product-Review: Braden Anderson <banderson@instructure.com>
test plan:
* create a subaccount (the "parent" subaccount)
* create more children subaccounts within that parent subaccount
* create an account admin user for the parent subaccount
* create a course beloning to one of the children subaccounts
* as the account admin user, confirm that you can visit
the course settings page and use the drop-down box to
change the courses' account to any child account that
belongs to the parent subaccount
* also confirm that the drop-down box does not show accounts
outside the parent subaccount (even if they're on the same root
account)
fixes #CNVS-10501
Change-Id: I1d7cae8a19b926cabb3473ba950d29ab08ad25ce
Reviewed-on: https://gerrit.instructure.com/34009
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Nathan Rogowski <nathan@instructure.com>
Product-Review: Hilary Scharton <hilary@instructure.com>
fixes: CNVS-12565
test plan:
- as a student take a quiz
- verify that:
- background submissions are working
- end of time / date submissions are working
- manual submsissons are working
- verify various question types are graded correctly
- verify outcomes work as previously defined
Change-Id: Ia85141559e8026993c0e270267947128a5a0466b
Reviewed-on: https://gerrit.instructure.com/33669
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Josh Simpson <jsimpson@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Product-Review: Jason Madsen <jmadsen@instructure.com>
Test plan:
- As a teacher, create a quiz.
- Visit the quizzes API using JSONAPI headers. For that quiz,
"submitted_students" should be null. You should get a URL back to
the "unsubmitted_students" endpoint, which you can query and find
the unsubmitted students.
- As a student submit the quiz. As a different student, don't submit
the quiz.
- As a teacher, visit the quiz show endpoint for that quiz again. You
should have "submitted_students" and "unsubmitted_students" under
the "links" hash. Query these APIs using those URLs. The students
returned from the link that looks like "?submitted=true"
- As a student, you should not see "submitted_students" or
"unsubmitted_students" under the "links" hash when querying
the show API in JSONAPI format
- In non-jsonapi format as any user, you should not see
"unsubmitted_students" or "submitted_students"
closes CNVS-11687
Change-Id: I7094dfc37b0dde501e5a2c1f12ade983cd2a150a
Reviewed-on: https://gerrit.instructure.com/31223
Reviewed-by: Derek DeVries <ddevries@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes CNVS-12245
test plan:
*run a course migration on a course that has attachments
the attachments should come across
Change-Id: I897ec39bfa393835ee20cb8ff83918dcdddf57ff
Reviewed-on: https://gerrit.instructure.com/32965
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Nathan Rogowski <nathan@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
fixes CNVS-10479
test plan:
- in a course with kaltura enabled
- go to a discussion and add media
- upload a video (use right tab, not the webcam)
- save the video/discussion post
- the video should be saved properly and viewable
(this sometimes takes a minute of two)
Change-Id: I40b9174807707dd1fb41125e04705422a8711d5d
Reviewed-on: https://gerrit.instructure.com/32024
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Nathan Rogowski <nathan@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
fixes CNVS-10638
test plan:
* open outcome gradebook
* select a section
* click on "export report"
* download and open the export
* verify that the export format matches the Jira documentation
* verify that the export data matches the data from your browser
Change-Id: I35bd78719880026b71b30da5794c9afe7dd31868
Reviewed-on: https://gerrit.instructure.com/31774
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Steven Shepherd <sshepherd@instructure.com>
Reviewed-by: Jon Willesen <jonw@instructure.com>
Product-Review: Braden Anderson <banderson@instructure.com>
This reverts commit e3148346df
This reverts commit 16f518a130
This partially reverts 9d34baed66
fixes CNVS-12021
test plan (e3148346df)
- rails 3 specs should pass
test plan (9d34baed66)
- import content including a video file into a course
(such as the QTI file attached to CNVS-11602)
- the import should complete
test plan (16f518a130)
- submit a document to turnitin
- it should successfully receive a score
Change-Id: I0622d9eceee4b94e488f103db68290f1b641b555
Reviewed-on: https://gerrit.instructure.com/32333
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
if mocha was initialized prior to rails (i.e. if a spec like swagger
that doesn't initialize rails runs prior to a spec that needs rails),
CollectionProxy would remove the mocha methods when it was first defined.
so make sure we restore them
Change-Id: Icf9b1a2598fef279c32b37dd7afe52e15c07c23e
Reviewed-on: https://gerrit.instructure.com/31934
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Bryan Madsen <bryan@instructure.com>
QA-Review: Bryan Madsen <bryan@instructure.com>
Reviewed-by: Cameron Matheson <cameron@instructure.com>
webrat is abandonware, and doesn't work properly with rails 3
Change-Id: I34db6c150b6715e33a30d531941b76458090ce63
Reviewed-on: https://gerrit.instructure.com/31457
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: James Williams <jamesw@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
especially in rails 3
just use stubs instead of starting up a second thread and opening a
connection
Change-Id: I52837c6ff65ed62a225c0a4df61c1a73df2a1526
Reviewed-on: https://gerrit.instructure.com/31320
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: James Williams <jamesw@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Change-Id: Ibc73cddcd87012ef3776c2c5a99b305fb3c2878b
Reviewed-on: https://gerrit.instructure.com/30869
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
* use 'HTTP_AUTHORIZATION' for header, not :authorization or
'Authorization'
* fix stubbing of forgery protection (in Rails 3, the instance method
doesn't chain to the class method)
* fix re-ordering of AuthLogic callback chain for rails 3
Change-Id: I6f190995cee7fd54076e786b17eba430ae03a1c0
Reviewed-on: https://gerrit.instructure.com/30796
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Derek DeVries <ddevries@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
enroll_user touches the user, but because touch no longer saves,
this changes things for some specs
Change-Id: Ie5be09e0b30ed23e14a8ba2d39905bf7fa4c1346
Reviewed-on: https://gerrit.instructure.com/30608
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
* fix view spec rendering to include helpers
* re-implement have_tag rspec matcher
* fix problems with finding routes to
unsaved records
Change-Id: I6ed267fcf5e8e32a62ee059be46371bc0ea35603
Reviewed-on: https://gerrit.instructure.com/30016
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
Change-Id: I898645bb63d1bb76f888cbf23fe867d6d71c7229
Reviewed-on: https://gerrit.instructure.com/30018
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
Change-Id: I783618bc5457ea53a9d59ab36d3ccf7b7fde7b2e
Reviewed-on: https://gerrit.instructure.com/29595
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
refs CNVS-9546
pull the common code into
* Rails.force_cache!,
* Rails.unforce_cache!,
* Rails.force_cache{},
* Rails.disable_cache!, and
* Rails.disable_cache{}
methods. leave the implementation of those methods close to the code
they're replacing for now, but in the near future we'll reimplement
those methods to be cleaner (i.e. not mucking around with version
specific internal constants and such).
test-plan: specs
Change-Id: Ie5f47a64f57dea0034933d8dad84e17633869a49
Reviewed-on: https://gerrit.instructure.com/28086
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
Change-Id: I8a10679218b9a6ff8485b7822a21c704bdfaa398
Reviewed-on: https://gerrit.instructure.com/29213
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
fixes CNVS-10679
this commit refactors quiz into a quizzes namespace. it contains various
shims to facilitate the data migration of polymorphic relationships
('Quiz' -> 'Quizzes::Quiz'). JIRA contains several tickets linked to
the above tickets in regards to removing these shims after the data
migration, as well as the strategies on reverting the shims once the
data migration is complete.
Change-Id: I30c566d60a87af6ee83e9d0041fdcb909ead6a89
Reviewed-on: https://gerrit.instructure.com/28573
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Derek DeVries <ddevries@instructure.com>
QA-Review: Myller de Araujo <myller@instructure.com>
Product-Review: Josh Simpson <jsimpson@instructure.com>
Change-Id: Ie65a2a2b9e306fd8ec6eb47e317ad42c43db2c48
Reviewed-on: https://gerrit.instructure.com/28975
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
The gem still lives in the canvas-lms repo, but has separate tests, and
knows nothing about Canvas proper. Canvas' usage of the gem is through
Canvas::Cassandra::DatabaseBuilder (and Canvas::Cassandra::Migration).
Change-Id: I51878055647225755d54edc5595b8189b7bea3cc
Signed-off-by: Stephan Hagemann <stephan.hagemann@instructure.com>
Reviewed-on: https://gerrit.instructure.com/28632
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
in rails 3, ActionController::TestUploadedFile has
been moved to Rack::Test::UploadedFile. This commit
simply updates uses of TestUploadedFile to work
with this new structure
Change-Id: Ib31159c635f033a13908608dffeea88c8f719086
Reviewed-on: https://gerrit.instructure.com/28234
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Product-Review: Anthus Williams <awilliams@instructure.com>
QA-Review: Anthus Williams <awilliams@instructure.com>
Gives account admins the options to display
announcements to users that have a given role in
at least one course. This will enable us to, e.g.
write surveys intended for teachers and ensure
they will not be seen by K-12 students, etc.
Currently the granularity of this feature extends
only to the base enrollment types, (defined in
RoleOverride::ENROLLMENT_TYPES) not to the custom
roles that may have been defined in a given
account.
Fixes CNVS-8319
Test plan
- While logged in as an account admin or site
admin, browse to /accounts/N/settings#tab-announcements
and add a new announcement
- You should see the enrollment types delineated as
checkboxes
- Create an announcement defined for one role but
not another
- Log in as a user who has one of the defined roles
in at least one course to verify you are seeing the
announcement
- Log in as a user who has does not have any of
the defined roles in any of his enrolled courses
and verify that you do not see the announcement
- Verify it works for "Unenrolled users" (which is
not, in fact, a type of role in the same vein as
the rest) by logging in as a user who is not
enrolled in any courses
- Check "Account admin" option with a user who
does not have any role for which the announcement
is defined, but is an account admin (added under
the Admins section of /accounts/N/settings)
Change-Id: I7d141c7c38dc05ae72991de3a710043327d615f6
Reviewed-on: https://gerrit.instructure.com/27008
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Munda Frazier <munda@instructure.com>
kaltura is always available over https, and requesting a secure resource
from within a plain http page is not harmful.
so we can simplify the code and pave the way for a media service that
only runs over https by converting everything to request kaltura
resources via https.
to accomplish this we pull together all of the myriad ways that HTTP
requests were being made from canvas's kaltura client. then in the
unified code path we ensure SSL is being used to make requests.
we're also pulling in webmock to make for better tests of the kaltura
client code with stubs closer to the HTTP layer.
unfortunately this change ends up touching most of kaltura
functionality, so the test plan is basically a full kaltura regression
test.
test plan:
- upload a video to kaltura; once it's done transcoding, the thumbnail
should work, and the video should play
- upload a video via canvas files, then embed it in some content; do
the same verification
- record a video using your webcam; verify it works
Change-Id: If5f67469fee07db80188911a0c7edd256c94c0a3
Reviewed-on: https://gerrit.instructure.com/28100
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Paul Hinze <paulh@instructure.com>
Change-Id: I896138df06b396b495728a6488d9780dec09d85e
Reviewed-on: https://gerrit.instructure.com/27935
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
test plan:
- The quiz api should work like it normally does when you don't pass
an 'Accept: application/vnd.api+json' header.
- The quizzes index page and quiz edit page should work like they
always do.
- Testing the Quizzes API for "jsonapi" style:
- For all requests, you MUST have the "Accept" header set to
"application/vnd.api+json"
- Test all the endpoints (PUT, POST, GET, INDEX, DELETE) like you
normally would, except you'll need to format the data according to
the next few steps:
- For "POST" and "PUT" (create and update) requests, you should send
the data like: { "quizzes": [ { id: 1, title: "blah" } ]
- For all requests (except DELETE), you should get back a response
that looks like: { "quizzes": [ { quiz you requested } ]
- For the "delete" action, you should get a "no content" response
and the request should be successful
Change-Id: Ie91deaeb6772cbe52a0fc46a28ab93a4e3036061
Reviewed-on: https://gerrit.instructure.com/25997
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Caleb Guanzon <cguanzon@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
accidentally removed in 4c2250d
test-plan:
- have RAILS_ENV=development in your shell
- run specs
- they run with RAILS_ENV=test
Change-Id: I6f2baa5ed523535f2c24f3eb26204455717b33fc
Reviewed-on: https://gerrit.instructure.com/27637
Reviewed-by: Zach Pendleton <zachp@instructure.com>
QA-Review: Bryan Madsen <bryan@instructure.com>
Product-Review: Bryan Madsen <bryan@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
Change-Id: Ib2147e2a5c388ba56c1e558b414da9b7ec4c9cd2
Reviewed-on: https://gerrit.instructure.com/27614
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
Change-Id: Ib035e63de191617946be167a1645aab182a7ced6
Reviewed-on: https://gerrit.instructure.com/27434
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
fixes CNVS-9496
test plan:
- draft state feature should show up in site admin feature
flags, or root account feature flags when called as site
admin
- when site admin hits "allow" for the feature, it should
appear in the root account administrator's settings
in "Off" state
- the root account admin should be able to "Allow" the setting
which allows a sub-account or course to turn it on
- when the feature is turned on via the Feature Settings tab
or features API, draft state functionality should appear
in the course wiki pages and elsewhere
Change-Id: Id7403f2a8371b0a7bfebffbb8f29330fff5c94c5
Reviewed-on: https://gerrit.instructure.com/26308
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Nathan Rogowski <nathan@instructure.com>
fixes: CNVS-348
This adds grade change auditing functionality. It uses cassandra and is built
after the authenication auditing. A new API endpoint was created to query these
logs. Permissions for this is a domain account. The logs can be quiried by
assignment, course, student, and grader.
Refer to: https://gollum.instructure.com/grade-auditor-implementation
Test Case:
Setup:
- Create a course with a student and an assignment.
1. Grade an assignment for a student.
2. The auditor should create a record in cassandra.
3. Query the endpoint should return the audit event.
- Query by Assignment
- Query by Course
- Query by Student
- Query by Grader
4. Ensure permissions are valid by querying with a non root account admin.
5. Permissions should be changable by site_admin under account permissions.
Change-Id: I0a1cf867d5d1b5bfbdeacc7eac81747f8732025a
Reviewed-on: https://gerrit.instructure.com/25961
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Product-Review: Nick Cloward <ncloward@instructure.com>
refs CNVS-4704
we can use the built in :null_store with rails3
Change-Id: I0dc6c441da4f300fe8ee870b8c676c8e449d1830
Reviewed-on: https://gerrit.instructure.com/26332
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
needed for g/24755 so that plugin spec tweaks pass before it hits master
test plan:
n/a
Change-Id: Ia3160024965a1f2916ef8a80a4a133516483c624
Reviewed-on: https://gerrit.instructure.com/26063
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Landon Wilkins <lwilkins@instructure.com>
Product-Review: Jon Jensen <jon@instructure.com>
QA-Review: Jon Jensen <jon@instructure.com>
refs CNVS-9166
was already fixed in application setup, but not in these specs
test-plan: N/A
Change-Id: I7aaf2d487806c10b7c30dbd7e056e7b26e475875
Reviewed-on: https://gerrit.instructure.com/25732
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
refs CNVS-7877
* counter updates have to be in their own batch in 1.2+
* add the use_cql3? method to cassandra gem, even
though we're not updating it yet
* slight change in syntax for table creation
* 1.2 doesn't return schema info in the schema cql command;
use a query to get tables
Change-Id: I22642b0fb99e744080f9a7efd0b3d0372de020b9
Reviewed-on: https://gerrit.instructure.com/25361
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
fixes CNVS-8756
this fixes some unrelated plugin specs that fail iff PseudonymSession is
already loaded
also it's The Right Thing To Do™, because having an automatic session for
the factory makes no sense and slows down specs
test plan:
n/a, it's a spec fix
Change-Id: Id7ead2f519868eb10272e154ffdc8622ee5e17ab
Reviewed-on: https://gerrit.instructure.com/25332
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bryan Madsen <bryan@instructure.com>
Product-Review: Bryan Madsen <bryan@instructure.com>
QA-Review: Bryan Madsen <bryan@instructure.com>
to catch problems when using a "real" cache in dev/prod
Change-Id: Ic9ed6bc0420e3435d49ac0be756ba66a6f3cb0f2
Reviewed-on: https://gerrit.instructure.com/25217
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
rather than CANVAS_RAILS3 or Rails.version
this is to be consistent, and to reinforce that any "special" branches
are for rails 2.3 backwards compatibility while trying to target rails
3, rather than rails 3 "forwards compatibility".
Change-Id: I4494b65e3f71108a43d09032c1569c478646a828
Reviewed-on: https://gerrit.instructure.com/24998
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
no longer necessary to do this manually in specs
Change-Id: I7f121743a5059234560c431c5225485124d85b5d
Reviewed-on: https://gerrit.instructure.com/24769
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
removes need for run_transaction_commit_callbacks all over the place
Change-Id: Id878276ed86bb37f625ef34412b16d1f75a63bca
Reviewed-on: https://gerrit.instructure.com/24758
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
test plan:
- start with draft state disabled
- for each step, exercise the api (as a teacher) to confirm the
expected values
1) create pages with different hide_from_students values
a) as a teacher
hidden pages should be visible; the hidden flag should persist
b) as a student
hidden pages should not be visible
2) using the api, update published and hide_from_students
(together and separately)
a) the published value should not be affected
b) the hide_from_students value should be updated when set
3) enable draft state
a) as a teacher
previously hidden pages should be visible, but unpublished
b) as a student
previously hidden pages should not be visible
4) edit a page
a) ensure the "Hide from students" option is gone
5) publishing pages should behave as expected
a) published pages should be visible to students
b) unpublished pages should not be visible to students
6) using the api, update published and hide_from_students
(together and separately)
a) the hide_from_students value should not be affected
b) the published value should be updated when set
7) create new pages with different published states
a) as a teacher
unpublished pages should be visible, but unpublished
b) as a student
unpublished pages should not be visible
8) disable draft state
a) as a teacher
previously unpublished pages should be marked hidden
b) as a student
previously unpublished pages should not be visible
fixes CNVS-7617
Change-Id: I395e0b2639543a64d9e2bc8d9377c78cf36f42d6
Reviewed-on: https://gerrit.instructure.com/23618
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
fixes CNVS-7823, CNVS-7847
Test plan:
* enroll a student in multiple sections
* make a group assignment
* comment on the group assignment submission for the student with
multiple sections
* the student should receive one copy of the comment (not multiple)
Change-Id: I26f44ef054fdb136f180c949d0676fc0168827a8
Reviewed-on: https://gerrit.instructure.com/23886
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
fixes CNVS-7676
test plan
- use the add_message endpoint to add a message, including
recipients that weren't in the conversation and some included
messages
- ensure that the new recipients are added to the conversation
and can see the new message as well as the included messages
- add a message that excludes some recipients who are already
conversation participants
- ensure that the excluded participants cannot see the new message
Change-Id: Id4f1ed741514c16cdafd81609d82e5c66aae85ac
Reviewed-on: https://gerrit.instructure.com/23627
Reviewed-by: Jon Willesen <jonw@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Joel Hough <joel@instructure.com>
There are a few old LearningOutcomeResults that have a nil artifact, and
many that have a Submission as an artifact. We want to get rid of these
because they come from bad data, and step 1 toward that goal is to stop
creating them and hide them in the UI.
The LORs with a nil artifact are very old and I believe came from a very
early incarnation of outcomes. The LORs with a Submission as an artifact
came from a combination of two code problems. The first was old code
that allowed an assignment that was aligned with an outcome but did not
have a rubric to create LORs directly based on it's submission. The
second was a bug that prevented the assignment <-> outcome link from
being destroyed when a rubric with an outcome was removed from an
assignment.
fixes CNVS-7495
fixes CNVS-7498
test plan:
- try different combinations of adding a rubric with an outcome to an
assignment.
- when you grade the assignment, the grade create a learning outcome result
(which can be seen on the outcome show page, or in the account outcome
report) if the rubric+outcome are currently attached to the assignment.
- so for example, add a rubric with an outcome, check, remove just the outcome
row, check, add a new outcome row, check, remove the whole rubric, check.
- be sure to check both the show page and the outcome report
TODO:
- datafix migration
Change-Id: I37700e3e5c08fc6cfb8fcf1cac42ea6693fcaba3
Reviewed-on: https://gerrit.instructure.com/23303
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cameron Matheson <cameron@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
Turns our we *do* want to grandfather in existing users :P
This reverts commit ae6d9033ac.
Change-Id: I7b109375a4844ef0291f0f72d89028b39d2289a0
Reviewed-on: https://gerrit.instructure.com/23384
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
fixes CNVS-7385
test plan:
1) in a console:
# grab a user of your choice
u = User.find(5)
# make it seem as if they have never accepted the terms before
u.preferences[:accepted_terms] = nil
u.save!
2) log in as that user
3) verify that you are required to accept the terms of use
Change-Id: Ibc314040f35d3d7418a3b31c7280188db86a552b
Reviewed-on: https://gerrit.instructure.com/23110
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
they were required prior to our new settings refactors. this way we don't
need to go set it in prod
test plan:
1. terms should be required when registering at /register
2. terms should be required when activing an account (via course
invitation email)
3. in the console, do Setting.set('terms_required', 'false')
4. terms should no longer be required on those pages
Change-Id: Idb13727839b847845cd4dacde4797e4e1571b42f
Reviewed-on: https://gerrit.instructure.com/22988
Reviewed-by: Mark Ericksen <marke@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
refs CNVS-6659
* move validation logic into model
* standardize api error messages
* deprecate split_group_count
* document group_limit
* actually require name (since that's what the api says)
* disallow setting self_signup when editing account categories since it
shouldn't be an option (and is totally broken)
test plan:
1. run specs
2. regression of creating/editing categories on group management page
Change-Id: Iccdd4e2e98978943f0562aad5c8ac055048d204d
Reviewed-on: https://gerrit.instructure.com/22493
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
refs CNVS-6202
test plan:
* run specs with a foreign key on user_acccount_associations(user_id)
(in a later commit, cause we're not ready to add it yet)
Change-Id: I30fc37da78232c1b18b834309f67c365a346b892
Reviewed-on: https://gerrit.instructure.com/21753
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
test plan:
* upload a video file
* identify the attachment id from the file's download url
(e.g. '/courses/:course_id/files/:attachment_id/download')
* set the media object's user_id to nil by
entering the following commands into the console:
id = [[INSERT ATTACHMENT ID HERE]]
mo = Attachment.find(id).media_object
mo.user = nil
mo.save!
* confirm that, as any course admin user, the 'CC'
button appears when previewing the video
fixes #CNVS-3855
Change-Id: I00b8ec4de50850cffee7be1332d811909d85932a
Reviewed-on: https://gerrit.instructure.com/21596
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
this was removed from the UI in Mar 2011 but was never completely ripped out.
we'd like to remove it now since it was adding extra complexity for no benefit.
closes CNVS-5929
refs #3974
test plan:
- create/update/delete an assignment from the index page, and the show page
- grade an assignment (with and without muting)
- test assignment notifications (with and without muting)
- creating an assignment
- editing an assignment
- changing a due date (after 3 hours of being edited)
- grading an assignment
Change-Id: Ie455bed41154018b5bd2c9c0e69e1e3285a0ac09
Reviewed-on: https://gerrit.instructure.com/20778
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
test plan:
* add an external tool to each of:
- context module item
- course navigation (tabs)
- assignment
* exercise the index methods for each API
* ensure a url is returned for each external tool
- this url should be to the sessionless launch API
* query the sessionless launch API with the url
- this call will return another url which allows a launch of the LTI tool in a browser not logged into Canvas
* copy/paste the url into a browser that is not logged into Canvas (incognito)
* ensure the LTI tool launches correctly
fixes #CNVS-5854
Change-Id: I6b50f965f4714e7efb9cfe0f99e1cd0b5f2055f2
Reviewed-on: https://gerrit.instructure.com/20868
QA-Review: Clare Strong <clare@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan:
- as a few different students, take a quiz with at least two questions
that are file upload questions. Answer each question as each
student.
- as the teacher, you should see a "Download All Files" button on the
right on the Quiz Show Page next to "Quiz Stastics" and "Moderate
This Quiz".
- You should get a pop up that successfully downloads all the zips
(make sure you have delayed jobs running!). Make sure all the files
you submitted as the students are there, with the student's name,
user id, question number, and attachment display name in the
filename of each file.
closes CNVS-3048
Change-Id: I23cb2d4262bb0446476eeac4fdcb356e604e6a05
Reviewed-on: https://gerrit.instructure.com/20495
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Myller de Araujo <myller@instructure.com>
Reviewed-by: Eric Berry <ericb@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
- update the Gemfile to be 1.9 only, and raise an exception on wrong
ruby version
- remove RUBY_VERSION checks, replacing with the applicable code
- remove the FasterCSV compatibility shim, just use CSV now
test plan: trying to bundle install on ruby 1.8 or 2.0 should raise an
exception, specs should pass, canvas should work as normal on 1.9
Change-Id: I49088e9d227c59c6d5d5acb417c2df971129474a
Reviewed-on: https://gerrit.instructure.com/19806
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
replaced the mailman gem with custom code with more error
handling. this will allow the incoming message processor to
continue processing messages after encountering a message with
an encoding or parsing error. the broken messages will be moved
aside to a separate folder for later inspection.
fixes CNVS-4970
test plan:
- read up on the new incoming_mail.yml configuration settings.
- configure incoming_mail.yml with the test imap accounts
using legacy settings and check for regressions.
- reconfigure incoming_mail.yml to read from a directory.
- copy some testing email files into the configured directory.
test files should be a mix of:
- emails with encoding errors
- emails with syntax errors
- normal emails
- all of the normal emails should be processed normally
- all of the error emails should be moved into the error
subdirectory
Change-Id: I0f946a56b41492f007db2775aa6da3cdfa4fdd3f
Reviewed-on: https://gerrit.instructure.com/19729
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
adds account setting and new user permission
fixes CNVS-4726
Testing Notes:
============
* To enable...
* Account Settings, check Feature
"Admins can view notifications"
* Account permission under "Account Roles"
becomes available under "Admin Tools"
group. Check "View notifications"
* appears under account "Admin Tools"
sidebar area on "View Notifications"
tab.
(EX: /accounts/[account_id]/admin_tools)
* Verify "View Notifications" tab does not
appear if either account setting or user
permission is disabled. (For AccountAdmins)
* Verify a SiteAdmin is able to access the
feature.
* Verify that notifications are returned
and displayed for a selected user
and date range.
* Verify it displays "No messages found"
when user doesn't exist or the user
exists but the date range doesn't
return data.
* Verify that the user_id is required when
searching
* Verify that the "To Date" cannot be before
the "From Date".
* Verify an invalid date like the word "couch"
gets ignored and the actually used date/time
is displayed in the overview text description.
* Verify searching by dates when either or both
are left blank and when both are used.
* Verify that the messages automatically
fetch more when you scroll down.
* Verify that before the results, it displays
the user's name and the dates used for the
results.
Change-Id: I9d2689b4760af57bbc2d15fd7d50610dcf593a7e
Reviewed-on: https://gerrit.instructure.com/18629
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Reviewed-by: Mark Ericksen <marke@instructure.com>
This can successfully load rails console and rails server. There are
many, many problems still. The idea is this won't change anything under
rails 2.3, it's all backwards compatible.
closes CNVS-4711
test plan: `touch RAILS3` in your Canvas Rails.root directory. The run
`bundle update` and verify that you get rails 3 installed. Run `bundle
exec rails c` to load console or `bundle exec rails s` to start a
webrick server. You can login, though the dashboard currently breaks.
Also jammit isn't working yet.
But more importantly, Rails 2.3 should still work same as ever. All
tests should pass, and a basic regression sanity check would be good too.
Change-Id: Idd6f35de88adde84cd2db3a650f44b71bd6e9684
Reviewed-on: https://gerrit.instructure.com/18453
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
the implementation was rife with potential race conditions, and active
records query cache doesn't play nicely with threading.
Change-Id: I0e1c3d5cc05ad78e2f91f304490e6a1b5a925ab2
Reviewed-on: https://gerrit.instructure.com/18880
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
they're prone to leaving junk around, don't allow parallel specs
on the same database, and are typically slower anyway if you do
the "right" thing and truncate_all_tables in an after all
Change-Id: I2455e5c0de98c75e3748ce7fc2caf6d04a150a44
Reviewed-on: https://gerrit.instructure.com/18684
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Product-Review: Bryan Madsen <bryan@instructure.com>
QA-Review: Bryan Madsen <bryan@instructure.com>
code fix, no test plan
Change-Id: Iff01e6523fb7d77a84d8e9829c5efbb2a5306a51
Reviewed-on: https://gerrit.instructure.com/18622
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Bracken Mosbacker <bracken@instructure.com>
the dynamic attachment_fu backend changing overwrote Attachment#attachment_path_id
with a custom method to dynamically delegate to the backend. detect such methods,
and leave them alone
test plan:
* `spec spec/apis/v1/course_api_spec.rb spec/apis/v1/sis_imports_api_spec.rb`
should pass
Change-Id: I6cad3c9bbc4edfca7ab64bb4ffe239d50dde8cdf
Reviewed-on: https://gerrit.instructure.com/18685
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Bryan Madsen <bryan@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes CNVS-4455
you can never have too much context
also, apparently this is the first integration spec that uses the
API from a session (not an access token), so fix API forgery
protection to respect the allow_forgery_protection option
(what's set for specs to not have to worry about forgery
protection), and clean up enabling of it in specs to use
stubbing
test plan:
* do an action that counts as participating, but wasn't a GET
(i.e. comment on a discussion)
* you should see a page view for the user in that course
Change-Id: I8714de45575123d6877e0265623e0fcaf9e7fa58
Reviewed-on: https://gerrit.instructure.com/18504
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Change-Id: I4a33904e48810c98850c763ba33c817232cb8e83
Reviewed-on: https://gerrit.instructure.com/18598
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
closes CNVS-4248
this gains us EU region support, and no longer using a forked aws-s3 gem
in the process, setting bucket_name via a plugin is no longer supported
test plan:
* should be able to upload new files via various methods
* should be able to download old and new files still
Change-Id: If32fa5f381f5a4ac493948fa32230175a695f51e
Reviewed-on: https://gerrit.instructure.com/18282
QA-Review: Clare Hetherington <clare@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
removes the need to fork/exec (and reboot rails) for specs;
also simplifies forcing a specific backend for specs
note that path_prefix in file_store.yml is now respected for
S3 as well (so that parallel spec runs that use the same bucket
don't conflict with each other), with the caveat that 'tmp/files'
is special cased to be backwards compatible for S3, and change
to 'attachments'
test plan:
* specs pass (especially selenium specs involving files)
Change-Id: I9673d454291062c958c2989788d36339ce60dfc4
Reviewed-on: https://gerrit.instructure.com/18292
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
Test Plan:
- with an existing quiz submission with bad UTF8 byte sequences,
update the quiz submission
- no errors should be raised and the version of the quiz submission
should be updated
fixes CNVS-4421
Change-Id: I5288021a3b400a0bd59c4d70437ef737058bec18
Reviewed-on: https://gerrit.instructure.com/18346
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
also fixes an issue where some dates display as "Friday at 11:59pm" instead
of just "Friday"
Also does a little bit of refactoring and spec backfilling for the
override list presenter. The override list presenter now returns a much
more friendly list of "due date" hashes to the outside world to make it
easier to consume in views. Views don't have to format the dates by
passing in a hash anymore.
test plan:
- specs should pass
- as a teacher, create an assignment with overrides using the web
form. In one of the overrides, enter a day like March 1 at 12am.
- save the overrides
- Make sure fancy midnight works for lock dates and due dates, but not
unlock dates (12:00 am unlock date should show up as 12:00 am, not
11:59 pm)
- on the assignment's show page, you should just see "Friday", meaning
that the assignment is due at 11:59 pm on March 1.
- The "fancy midnight" scheme should work correctly for
assignments,quizzes,and discussion topics, including the default due
dates.
- Be sure to check that the dates show up correctly on the
assignment,quiz, and discussion show pages.
- Be sure to make an override that has a blank due_at, lock_at, and
unlock_at, but has a default due date, lock date, and unlock date.
The overrides should not inherit from the default due date (fixes
CNVS-4216)
fixes CNVS-4216, CNVS-4004, CNVS-3890
Change-Id: I8b5e10c074eb2a237a1298cb7def0cb32d3dcb7f
Reviewed-on: https://gerrit.instructure.com/18142
QA-Review: Amber Taniuchi <amber@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
when an undated event is created on caledar2 month view with a very
long name, the name will be truncated in the undated list and will
retain the truncation when dragging the event to a date.
fixes CNVS-1256
test steps:
- create a new course
- go to calendar2
- create an undated event with a title that is > 58 charactes
- ensure that the event on the right hand side is truncated
- click and drag the event out to a date and ensure the name is
truncated
Change-Id: I94b36736d87acd7d5afb8501bfa78d02f182d2b9
Reviewed-on: https://gerrit.instructure.com/18210
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Mark Ericksen <marke@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
in messageable users. if a user has multiple enrollments in a course,
don't return multiple MessageableUser rows. also, make sure
interpretation of shard-local common context ids occur relative to the
shard the row comes from.
refs CNVS-3969
test-plan:
- create a course (course1)
- create a user (user1) that's enrolled multiple times course1 (e.g. as
a TA in one section and a student in another)
- create another user (user2) in course1 that can see both of the first
user's enrollments (e.g. a teacher without section-limited
visibility)
- call user2.messageable_users_in_context(course.global_asset_string)
- the result should contain user1
- the result should contain user1 only once
- the result for user1 should have both roles in the common_courses
Change-Id: Ic8ce5f07e5ce3a0d56998da0876d12333d97f6e6
Reviewed-on: https://gerrit.instructure.com/18238
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
fixes a race condition issue where some tests were being set to the
wrong locale.
test plan:
- specs pass
- make a spec that changes the global locale (there are several
already that exist it seems). Run that spec, then run another spec
asserting that the locale is "en" again, rather than the locale you
set.
Change-Id: I3f925f1b59e7d8c975398429824432ab9c94ef86
Reviewed-on: https://gerrit.instructure.com/18153
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Bryan Madsen <bryan@instructure.com>
* creating a new course(...) puts the Course on the shard for the
target account (default: Account.default). if it creates a new
teacher, that will also be on the course's shard
* creating a new account_admin_user(...) puts the AccountUser on the
target account's shard. if it creates a new user, that will also be
on the account's shard
* if a new course_with_user(...) creates a new user, put the user on
the same shard as the course
Change-Id: I3b9675fa0a6d4fd3793bf2a38a7c7accdacd987f
Reviewed-on: https://gerrit.instructure.com/17568
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
In anticipation of adding a faster google docs listing, first
refactor the specs.
Test Plan:
- google docs should behave as before
refs CNVS-3592
Change-Id: Ic62d0cd170f491b5f36f516c0a71fde367dab0b2
Reviewed-on: https://gerrit.instructure.com/17548
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Backported from ruby 2.0 (and possibly later 1.9 patchlevels) because it
was filling our logs with many millions of warnings. The code was
backported directly, the test was backported with conversion from
minitest -> rspec.
test plan: Delayed jobs that use ruby's net libraries should still work,
such as sending messages, taking web snapshots, etc. You shouldn't see
any further lines like this in the log:
net/protocol.rb:313: warning: regexp match /.../n against to UTF-8 string
Change-Id: Ic29daa4ee9f0587fb2a1ac2968cd08a2f68365a1
Reviewed-on: https://gerrit.instructure.com/17431
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
fixes CNVS-1171
test plan:
* full conversations regression test
* initiate a conversation with a user from another shard
* reply to that conversation from both the sender and the
receiver
* repeat for a group conversation involving two or more
shards
* repeat for huge batch conversations with hundreds of
users and two or more shards
* known NOT working yet:
* re-using the correct cross-shard private conversation
* probably the tagging of messages with Course x,
Group y, etc.
Change-Id: I52549039875941cd518077cea4e28bfd2bc10dbf
Reviewed-on: https://gerrit.instructure.com/16523
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
This fixes some failures that happen depending on spec ordering
Also fix a selenium spec bug that was trying to turn an Announcement
into an assignment discussion.
Change-Id: Ic252844ae348642ea66f02cfedbd735d1eeb1d53
Reviewed-on: https://gerrit.instructure.com/16582
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Bryan Madsen <bryan@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
Allows several new fields in the Assignments API to both update existing
assignments and set attributes on freshly created assignments.
test plan:
- run through the api trying each field in the generated
documentation.
- Make sure you can create assignments with every field, and update
assignments with every field available in the documentation. The
specs do this so they should pass as well.
closes #CNVS-2190
Change-Id: I0d67e379777b5a313f45289f23852122b1e61a37
Reviewed-on: https://gerrit.instructure.com/16114
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
You can add enrollments with the custom roles and see who
has the roles.
Test Plan:
* Create custom roles for each enrollment type
* Test all the settings page's functionality like adding/deleting users with custom roles
* Make custom observers observe students in various combinations of custom roliness
- verify that the new observer role has the custom role
* Make sure the section limited check box shows up for custom tas/teachers by selecting those options in the new user select box
closes #cnvs-1166
Change-Id: I5f133bf1b5b1438d7f8e34297b450ff561d401d0
Reviewed-on: https://gerrit.instructure.com/16272
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Jeremy Stanley <jeremy@instructure.com>
add index and show endpoints for Roles API; fixes #CNVS-2357
these endpoints add the ability to view inactive roles
remove the ability to delete and make the DELETE method
deactivate (at least until we figure out how to delete properly
with regard to account users, enrollments, and sub-accounts);
fixes #CNVS-2378
test plan:
* render the docs and examine the new actions
* test the index action (GET /api/v1/accounts/X/roles)
- make sure it lists all roles
- make sure built-in roles are 'active'
- make sure you can list inactive roles
with state[]=inactive
* test the show action (GET /api/v1/accounts/X/roles/RoleName)
- make sure it works for a built-in role
- make sure it works for a custom role
- make sure it 404s if an invalid name is given
* test the deactivate action (DELETE /api/v1/accounts/X/roles/RoleName)
- make sure it deactivates the role
Change-Id: Ic0b1e1709d2f52b17d26bc15ab7ecd60dd7ed743
Reviewed-on: https://gerrit.instructure.com/16291
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
QA-Review: Bracken Mosbacker <bracken@instructure.com>
- make course/account/user associations not load deleted grading standards
- make course copy not copy deleted grading standards
- never show more than 100 grading standards on a course/account page
fixes #CNVS-2230
test plan:
- in a course, create a grading standard
- delete it
- copy the course
- the destination course should not have that grading standard
Change-Id: I0063b5ca704667b2863f1d571c86df82c2a5cb97
Reviewed-on: https://gerrit.instructure.com/16108
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
refs #11982
test plan:
- no visible changes
- specs should still work (tables should still be truncated)
Change-Id: I426bd81cbfd1147f156600bd09e94066710cd876
Reviewed-on: https://gerrit.instructure.com/15627
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
We explicitly want an invalid utf-8 string here, so we have to force 1.9
to do so.
Change-Id: Idf15a8ebcdb810197c06881ece56f63c6125b407
Reviewed-on: https://gerrit.instructure.com/14944
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
simple keep-both resolutions for app/models/submission.rb and
config/routes.rb. spec/integration/learning_outcome_group_spec.rb stays
removed.
fixed path->url in outcome group api pagination to match master's new
rules.
Conflicts:
app/models/submission.rb
config/routes.rb
spec/integration/learning_outcome_group_spec.rb
Change-Id: I8dd31e1d3764970a8f683aef362f0cca06abe90e
implement background message sending in the inbox. when sending any
message, the form now unlocks right away and a progress bar appears
at the top. you can potentially have several messages sending at once,
each with its own progress bar. determinate progress bars (i.e. for
bulk private messages) will still be on the page if you reload (assuming
they haven't finished sending).
also implement client-side form validations so that users are prompted to
put in recipients and a message
progress bar should be aria compliant. refs #9237
test plan:
1. send a new message to a single recipient
2. there should be an indeterminate progress bar as it sends, and the ui
should be unlocked
3. send a new group message
4. see step 2.
5. send a bulk private message
6. there should be a determinate progress bar as it sends, and it should
move with a relatively consistent velocity. the ui should be unlocked
7. send a message on an existing conversation
8. see step 2.
9. repeat steps 1-8 with attachments
10. try sending messages without a body or recipients. you should get red
error boxes
Change-Id: I1e4641505c3e4c42f840b292d739c78cb1c2baff
Reviewed-on: https://gerrit.instructure.com/13617
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
This supports all the features of our current delayed jobs backend,
including priorities, queues, jobs scheduled for the future, strands,
periodic jobs, etc.
Atomicity is guaranteed by using the new Lua scripting features of Redis
2.6, so this requires 2.6 (which is still only a release candidate as of this
time).
It's not yet production ready (see the TODO at the top of the
redis/job.rb file), so trying to start canvas in prod with redis jobs
configured will raise an error as a safeguard.
The tests have been modified to all pass with redis configured as the
jobs backend. Some selenium specs were removed because the jobs UI lost
some functionality that I didn't think was important enough to port to
redis (listing the most popular tags for future and failed jobs, for
example).
Change-Id: Ie57b15bae1d4ba7b2b2344c872411165551d1ac8
Reviewed-on: https://gerrit.instructure.com/12120
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
* fix some invalid syntax that's snuck in recently
* fix an issue with initializing tempfiles in Canvas::HTTP
* fix some "can't modify frozen object" errors in specs
* upgrade mocha to 0.12.3
Change-Id: I6b6f25bcfff2466774e2941d35fafb7af7c50569
Reviewed-on: https://gerrit.instructure.com/13344
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
test plan:
- In a course where "Let Students attach files to Discussion Posts"
check box is checked (under "more options" when editing course details)
- Create a group and add a student to the group
- Log in as the student and create a new discussion or reply to a discussion
- Click on the choose file button and attach something
- The attachment should be saved
- Also verify that the student doesn't have the option to attach
a file when the above checkbox is not checked
Change-Id: I56f4e2e29a8350a50a85a926f8ca9493a1c3fd0c
Reviewed-on: https://gerrit.instructure.com/13365
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
the shims will be removed in a later commit. that commit will need to
wait for the plugins to be fixed before it can be submitted.
test-plan:
- specs pass
Change-Id: Ifd6e2a254f0272a58d507c845cdae58b7392801c
Reviewed-on: https://gerrit.instructure.com/12798
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
A set of class functions were added to Delayed::Backend::ActiveRecord
for all the querying a updating functionality that the jobs admin needs,
so that no direct ActiveRecord queries are needed. The /jobs UI is
refactored to use these new functions.
There are a few differences in behavior: The search isn't a combined
wildcard search anymore. Instead, new "flavors" were added to the
drop-down for strand, tag, and ID. The search box searches only the
selected attribute, and it's exact match now.
Specs are being updated to use these new functions as well. Eventually,
no direct AR queries will be done against Jobs anywhere, so that non-AR
jobs backends are possible.
Also as part of this, all jobs require a queue now. Passing nil for the
queue will use the default of Delayed::Worker.queue.
test plan: Load /jobs, and verify that it works as before except where
there are differences as described above.
* Selecting flavors of jobs lists only those jobs.
* Searching by ID, strand or tag works.
* The hold/unhold/delete actions work in the various combinations of
filtering/searching.
* Linking to an individual job still works (though the query string
has changed so old links don't work)
* Running jobs and list of popular tags still works as expected.
Change-Id: Iffd5b8c7b3d6e4b128792a9dee7b97c6dfb251dc
Reviewed-on: https://gerrit.instructure.com/12632
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Reviewed-on: https://gerrit.instructure.com/13089
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jacob Fugal <jacob@instructure.com>
This list is *NOT* complete, some items may have snuck in that I forgot
to note, and/or some of the noted items may not be completely functional
yet.
Specs need to be written around a lot of this, other specs will no doubt
need to be fixed.
Some things, particularly around LearningOutcomeGroups will need data
migrations that aren't there yet.
* remove LearningOutcome.non_rubric_outcomes? and replace with false
where invoked
* remove LearningOutcome.enabled? and replace with true where invoked
* remove never-taken branches
* remove the shared/aligned_outcomes partial and it's supporting
javascript, since it's now empty
* remove js handler for add_outcome_alignment_link and supporting
method since it only occurred in never-taken branches
* mix LearningOutcomeContext into Course and Account
* replace LearningOutcomeGroup.default_for(context) with
LearningOutcomeContext#root_outcome_group
* rename LearningOutcome#content_tags to LearningOutcome#alignments
* rename LearningOutcomeGroup#content_tags to
LearningOutcomeGroup#child_links, and properly restrict
* remove ContentTag[Alignment]#rubric_association_id, add
ContentTag[Alignment]#has_rubric_association? that looks at the
presence of the content's rubric_association_id
* condition off the assignment having a rubric_association rather than
filtering tags by has_rubric_association (which just looks back at
the assignment). all or none of the assignment's alignments are
forced to have the association (via the assignment). this was true in
practice before, is now codified (and more efficient)
* rename AssessmentQuestionBank#learning_outcome_tags to
AssessmentQuestionBank#learning_outcome_alignments
* rename Assignment#learning_outcome_tags to
Assignment#learning_outcome_alignments
* rename Rubric#learning_outcome_tags to
Rubric#learning_outcome_alignments
* move/rename (Course|Account)#learning_outcome_tags to
LearningOutcomeContext#learning_outcome_links
* move/rename Account#learning_outcomes (corrected) and
Course#learning_outcomes to
LearningOutcomeContext#linked_learning_outcomes
* move/rename Account#created_learning_outcomes and
Course#created_learning_outcomes to
LearningOutcomeContext#created_learning_outcomes
* clarify and correct usage of linked_learning_outcomes vs.
created_learning_outcomes
* move/rename (Account|Account)#learning_outcome_groups to
LearningOutcomeContext#learning_outcome_groups
* remove unused Account#associated_learning_outcomes
* just remove one link to a learning outcome when deleting
* merge Account#has_outcomes?, Course#has_outcomes? and
Course#has_outcomes into LearningOutcomeContext#has_outcomes?, add a
use in Context#active_record_types
* kill LearningOutcomeGroup#root_learning_outcome_group (unused)
* rename LearningOutcomeResult#content_tag to
LearningOutcomeResult#alignment
* kill unused (and broken) OutcomesController#add_outcome_group
* kill unused OutcomesController#update_outcomes_for_asset
* kill unused OutcomesController#outcomes_for_asset
* remove unused (outside specs, correct specs)
AssessmentQuestionBank#outcomes=
* remove unused ContentTag#learning_outcome_content
* replace ContentTag.learning_outcome_tags_for(asset) (only ever called
with asset=an assignment) with call to
Assignment#learning_outcome_alignments
* remove unused ContentTag.not_rubric
* remove (now) unused ContentTag.include_outcome
* remove unused LearningOutcome#learning_outcome_group_associations
* avoid explicit use of ContentTag in outcome-related specs
* replace LearningOutcomeGroup#learning_outcome_tags with
LearningOutcomeGroup#child_outcome_links (and only use for outcome
links; not tags for child groups)
* split ContentTag#create_outcome_result into
Submission#create_outcome_result,
QuizSubmission#create_outcome_result, and
RubricAssessment#create_outcome_result. fix some bugs along the way
* refactor ContentTag.outcome_tags_for_banks and some code from
QuizSubmission#(track_outcomes|update_outcomes_for_assessment_questions)
into QuizSubmission#questions_and_alignments
* refactor RubricAssociation#update_outcome_relations and
Rubric#update_alignments into LearningOutcome.update_alignments
* don't use ContentTag#rubric_association with outcome alignments; use
the tag's content's rubric_association in its place (they should have
been equal anyways)
* refactor LearningOutcome.available_in_context and
@context.root_outcome_group.sorted_all_outcomes (only time
sorted_all_outcomes is used) into
LearningOutcomeContext#available_outcomes and
LearningOutcomeContext#available_outcome
* overhaul LearningOutcomeGroup#sorted_content and rename to
LearningOutcomeGroup#sorted_children. it not returns ContentTags
(outcome links) and LearningOutcomeGroups, vs. LearningOutcomes and
LearningOutcomeGroups; fix usages appropriately
* fix UI for arranging/deleting outcome links and groups within a group
to refer to the outcome link rather than the outcome
Change-Id: I85d99f2634f7206332cb1f5d5ea575b428988d4b
Reviewed-on: https://gerrit.instructure.com/12590
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jacob Fugal <jacob@instructure.com>
This adds an alternative method for uploading files by giving Canvas a
public URL in the first step, rather than uploading the file data directly.
test plan:
- create a course file via the API upload mechanism
- make sure the return values are as documented
- make sure the file was correctly uploaded
- create a course file via the URL approach
- make sure the return values are as documented
- make sure the file status endpoint returns valid responses
- make sure the file was correctly stored in Canvas
- repeat that process with a file that has at least one redirect
- repeat that process but creating a homework submission file
- try to create a course file with a malformed URL
- confirm that the appropriate error message is returned
- try to create a course file with a relative URL
- confirm that the appropriate error message is returned
- try to create a course file with a URL that doesn't return 200
- confirm that the appropriate error message is returned
Change-Id: I2dcf711347ec4ef26d767ae1c1fa0bb056986651
Reviewed-on: https://gerrit.instructure.com/12143
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
A set of class functions were added to Delayed::Backend::ActiveRecord
for all the querying a updating functionality that the jobs admin needs,
so that no direct ActiveRecord queries are needed. The /jobs UI is
refactored to use these new functions.
There are a few differences in behavior: The search isn't a combined
wildcard search anymore. Instead, new "flavors" were added to the
drop-down for strand, tag, and ID. The search box searches only the
selected attribute, and it's exact match now.
Specs are being updated to use these new functions as well. Eventually,
no direct AR queries will be done against Jobs anywhere, so that non-AR
jobs backends are possible.
Also as part of this, all jobs require a queue now. Passing nil for the
queue will use the default of Delayed::Worker.queue.
test plan: Load /jobs, and verify that it works as before except where
there are differences as described above.
* Selecting flavors of jobs lists only those jobs.
* Searching by ID, strand or tag works.
* The hold/unhold/delete actions work in the various combinations of
filtering/searching.
* Linking to an individual job still works (though the query string
has changed so old links don't work)
* Running jobs and list of popular tags still works as expected.
Change-Id: Iffd5b8c7b3d6e4b128792a9dee7b97c6dfb251dc
Reviewed-on: https://gerrit.instructure.com/12632
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
There is an attachment spec that exercises some code that cares about the id
of the logged in pseudonym (attachment.rb:517). A mock object used to respond
to #id in 1.8 with the ruby object_id, but no longer in 1.9. We continue
emulating that behavior with the mock for the sake of tests.
Change-Id: Ife2369aa9c56b7f4303bbac4ff59ed105fff7db4
Reviewed-on: https://gerrit.instructure.com/10898
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
change the the list of recently logged in users to be loaded
asynchronously and paginated via the api.
test plan:
- navigate to /courses/:course_id/statistics;
- click on the 'Students' tab;
- verify that the most recent students have
loaded;
- in a course with > 25 users who have logged in, and some of
whom have multiple pseudonyms, view the same page
- verify that while scrolling, more students are loaded automatically
in until all the students in the course are present in the list.
Change-Id: I10ea92e0a286ce117ec0e957a91c8c347b89e751
Reviewed-on: https://gerrit.instructure.com/8404
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
since we have already "validated" the email (by virtue of them receiving
it and clicking on a link), we don't need to validate it here. fixes an
issue where users with non-email pseudonyms could not get past this page
also tweak form so that pseudonym can be specified if it needs to be set
(for example, the email was already taken by another user)
test plan:
1. as an admin create a new user with a login other than their email
address
2. check the user's /messages URL to see the email that was sent to the
user
3. copy and paste the URL that was sent in the email and navigate to it
4. the registration page should allow you to proceed and the label should
say "Login"
Change-Id: I563b53b16b950bd7f6dafc456349db74fd97b294
Reviewed-on: https://gerrit.instructure.com/12569
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
change registration flows for teachers, higher-ed students, and parents.
now users can start using canvas immediately before confirming their
email address (and setting a password). they get a nice big reminder when
they first view the dashboard, and can't edit their profile (or related
things) until they do so.
test plan:
1. go to the signup form for a teacher
2. fill it out
3. confirm that you are immediately logged in to the dashboard
4. confirm that you get a big popup when you first view the dashboard
5. confirm that you can't edit your profile
6. repeat steps 1-5 for higher-ed students (no join code)
7. repeat steps 1-5 for parents (observers)
8. confirm that students registering with a join code do not need to
verify their email address (since no email is sent)
Change-Id: I4e7e1c083d70725fffd345016f1ca1eec4aeab13
Reviewed-on: https://gerrit.instructure.com/12172
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
other changes:
- makes it possible to add a student to multiple sections in the course
- pagination of the user lists
- converted user tab js to coffee and backbone
test plan:
- as a teacher go to /courses/*/settings#tab-users
- verify that multiple students can be linked/unlinked to an observer
- verify that users can be added to and removed from multiple sections
- verify that 'Resend Invitation' and 'Remove from course' work
Change-Id: I0f64f72f1937348817990b6f13b6310185b68a73
Reviewed-on: https://gerrit.instructure.com/10865
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Joe Tanner <joe@instructure.com>
a masquerading user should not be able to see a list of the masqueradee's
google docs file. additionally, a masquerader should not have the google docs
tab as an option for file upload submission.
test plan:
- in an account with google docs enabled
- in a course with a file upload assignment
- masquerade as a student who has google docs enabled
- go to the assignment tab and click submit
- google docs should not be an option
- stop masquerading, and log in as the student
- go to the assignment tab and click submit
- you should be able to successfully commit and file from google docs
Change-Id: I31ca6e7ca4b89331c9eabca7130eb7fc47417875
Reviewed-on: https://gerrit.instructure.com/12170
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
In a group graded discussion assignment, when creating the child topics for
each group, the new discussion topics were touching their root topics, kicking
off a new job to refresh the subtopics. This created a race condition where
duplicate subtopics for the group could get created, in addition to a lot of
unnecessary jobs. This commit moves the touch to only happen when an entry in
a subtopic is updated, tightens up some conditions in the way soft-destroys
cascade between assignment and discussion, and adds a unique index on
context+root_topic to prevent this from happening in the future.
test plan:
- ensure that creating a group discussion assignment still creates all
necessary sub-topics for the groups
- in a course with many student groups, create a new group discussion
assignment.
- each group should only have one unique topic for this assignment
- delete a group discussion assignment, it should delete all associated topics
at the course and group levels
- also try initiating the delete from the root topic. the assignment and sub
topics should be deleted
Change-Id: I9b0fb79c2c2b3b9512802a781b8ea0f4364af541
Reviewed-on: https://gerrit.instructure.com/11712
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Fixes up some abstraction so that we can add other jobs backends and
specs, migrations, etc will work as expected.
Also remove some unused parameters from the Delayed::Job methods for
finding and locking jobs.
test plan: run the database migrations on a new db, and migrations
should work without error. delayed jobs should also be created and
processed by workers without error.
Change-Id: I1fe6ef5464f9780db3010fa002703fc030832f8d
Reviewed-on: https://gerrit.instructure.com/11590
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
test plan: follow a user and a group, make sure that makes you
auto-follow all the existing collections. add a new collection and
verify you're now following that new collection.
this only applies to public un-deleted collections, or all un-deleted
collections if you're a member of the group.
Change-Id: I163f26661d8537f059955cf34edb48cbeafa24b6
Reviewed-on: https://gerrit.instructure.com/11381
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
fixes#8508, refs #7561
test plan:
* create or edit a new appointment group
* add course(s) or sections from some courses
Change-Id: I8813f312fe5a36ca83ed9dce9c66cbab761d463e
Reviewed-on: https://gerrit.instructure.com/10703
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
spec updates for 1.9
* fix a syntax error
* update our html_escape backport so that rails 1.9 doesn't print
constant warnings about using the "n" regex option with a utf-8
string (as a bonus this is also a lot more efficient)
* fix using a migration class as a rspec describe context, because its
method_missing prints the method name to console so we get a ton of
"to_ary" etc printed
* fix post header checks in spec/lib
Change-Id: I634570e516252e9a2fbef9f13a55d1bae0a254cd
Reviewed-on: https://gerrit.instructure.com/10856
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
In this first phase, we use the image url passed in, or take a snapshot
of the link if no image url is given.
test plan: using the API create a collection item without an image url.
After the job runs, the item will have a image_url returned. Then create
another item passing in an explicit image url and verify that's used
instead.
Change-Id: I2134b0014a3135ef0580461a6321d1adc99c2e9c
Reviewed-on: https://gerrit.instructure.com/10764
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
The "To Do" area of the sidebar was displaying quizzes and assignments
that are locked. This adds a named_scope called "not_locked" to Assignment
and adds it to the conditions used in User#assignments_needing_submitting.
They remain showing under "Coming Up" area.
Test Plan:
* Create a quiz that is due within the next 6 days and locked until some future time
between the due date and now.
* As a student in the course, the quiz should show up under "Coming Up"
but not in "To Do"
* If the locked until time is changed to make the quiz available, it should
now show up in the "To Do" area.
Change-Id: Ia049cabe7bd9130faf0e0a767362cb3de01763e6
Reviewed-on: https://gerrit.instructure.com/10602
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Joe Tanner <joe@instructure.com>
* add the foreigner gem so plugins can begin adding foreign keys
immediately
* add an extension to do less locking when creating foreign keys
on postgres 9.1+
* fix a few pieces of code that either don't properly clean up
foreign dependencies, or create objects in the wrong order
to maintain referential integrity
* change the specs to truncate all tables in a single command
for postgres (to avoid referential integrity errors; also
slightly faster)
test plan:
* no user visible functionality should change
Change-Id: I185e478b99fbe598d408912053c34a064aa9c461
Reviewed-on: https://gerrit.instructure.com/10580
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes two issue with the ungraded count logic:
1. the submission triggers updated the count regardless of the enrollment
status (or existence). teachers or people not even in the course could
cause the count to change (e.g. by taking/previewing a quiz)
2. the enrollment triggers did not factor in the enrollment type. so
teachers/tas (un)enrolling in the course would cause the count to
change if they had any submissions (e.g. from a quiz)
test plan:
1. create a quiz with essay questions (so that submissions will need to be
graded)
2. enroll a student in multiple sections in the course
3. take the quiz as the student
4. take the quiz as the teacher
5. take the quiz as an admin not in the course
6. confirm the ungraded count is just 1
7. unenroll the teacher
8. confirm the ungraded count is still 1
9. unenroll the student
10. confirm the ungraded count is now 0
Change-Id: I11dbf3915d79f9820267469fad8949abfa008e14
Reviewed-on: https://gerrit.instructure.com/10451
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Joe Tanner <joe@instructure.com>
fixes#8314fixes#8315
fix the interplay between submission and quiz_submission when manually grading
a quiz_submission's questions or fudge points while another version of the
quiz_submission is currently in progress. we overcorrected slightly in the last
fix.
test plan:
- on a quiz that allows multiple submissions (try with both keep-highest and
keep-latest settings)
- as a student, complete this quiz, then start taking it again and leave the
page
- as a teacher, try grading it from the quiz history page or the speedgrader.
change question points and fudge points. changes should save across reload
and the score should be in the gradebook.
- also try changing the grade directly in gradebook. and check that the change
is mirrored in the quiz history page
- as the student, finish the second attempt and start a third.
- repeat the above checks as the teacher, ensuring that the appropriate score
(highest or latest) comes through in the gradebook.
Change-Id: Id5c0b60c9d0c5f56aae625c3192bd50f93d671b8
Reviewed-on: https://gerrit.instructure.com/10373
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
closes#6832
Test plan:
- in a separate branch (master), create a new appointment group and
assign it a group category or section
- switch to this branch and migrate; the appointment group should
still be assigned to the group or section you chose earlier
- create a new appointment group and assign it some course sections
- verify that students in those sections can reserve appointments, but
not students that do not belong to those sections
Change-Id: I1662374c5e6d2e5e9f7d6b54b0bc91420f150b7a
Reviewed-on: https://gerrit.instructure.com/8765
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
submissions that are pending_review, which right now is just quiz submissions
with essay questions, were improperly being shown as 'not submitted' in the
coming-up events list on the dashboard and course home page. this correctly
marks them as submitted.
test-plan:
- create a quiz with an essay question and a due date in the next week
- as a student verify it shows in coming up as 'not submitted' on the dashboard
- take the quiz
- it should now show as 'submitted'
- make sure other events in the coming up list show correct states.
Change-Id: I3ad8d208f6b1d3a9366e68e869652c22ab2702d6
Reviewed-on: https://gerrit.instructure.com/9948
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
allows course admins to view the course from a student perspective. this is
accessible from a button on the course/settings page. They should be able to
interact with the course as a student would, including submitting homework and
quizzes. Right now there is one student view student per course, so if the
course has multiple administrators, they will all share the same student view
student.
There are a few things that won't work in student view the way the
would for a normal student, most notably access to conversations is disabled.
Additionally, any publicly visible action that the teacher takes while in
student view will still be publicly visible -- for example if the teacher posts
a discussion topic/reply as the student view student, it will be visible to the
whole class.
test-plan:
- (the following should be tried both as a full teacher and as
a section-limited course admin)
- set up a few assignments, quizzes, discussions, and module progressions in
a course.
- enter student view from the coures settings page.
- work through the things you set up above.
- leave student view from the upper right corner of the page.
- as a teacher you should be able to grade the fake student so that they can
continue to progress.
- the student should not show up in the course users list
- the student should not show up at the account level at all:
* total user list
* statistics
Change-Id: I886a4663777f3ef2bdae594349ff6da6981e14ed
Reviewed-on: https://gerrit.instructure.com/9484
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Fixes a race condition where the view might get generated by the job
without the new entry.
test plan: this is difficult to duplicate by hand, but you could put a
breakpoint in and verify the job doesn't get inserted before the
transaction commits.
Change-Id: I6c373553dfae409adab25dd9e3bafc7126169231
Reviewed-on: https://gerrit.instructure.com/9710
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
This API abstracts away the difference between S3 uploads and local
storage uploads, while still allowing direct-to-S3 functionality to
avoid typing up Rails processes during S3 uploads.
The only concrete starting endpoint I've implemented in this changeset
is for submission file uploads. Uploads to course and user files is
coming in a subsequent changeset.
test plan:
see the api doc (generate with rake doc:api). repeat this test for both
s3 and local storage configurations.
first, post to the submission file upload endpoint, get your
upload_params back. use that to post the actual file data to the url
returned. then follow the redirect back to canvas, and verify you can
download the file from the url given in the json response. verify you
can attach the new file as part of an assignment submission.
edge cases to test:
* in local files, verify that attempts to modify the policy will fail
the request. in s3, amazon handles this.
* verify that if you do step 2 without step 3, the file isn't available.
* if you do step 1 but wait more than 30 min to do step 3, the upload
will be rejected.
* make sure you can't upload twice in the 2nd step
* make sure you can't verify twice in the 3rd step
Change-Id: I9b16b6e75defe9da551b965d9401f2cad8801f1d
Reviewed-on: https://gerrit.instructure.com/9552
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
add the ability to query enrollments for a given section with the api, and use
that api URL to load the section lists for courses/x/sections/y.
test-plan:
- in a course users split between sections
- go to /courses/x/sections/y
- make sure appropriate people are there
- no gui the creates enrollments for the section, so try posting to
/api/v1/sections/x/enrollments to create an enrollment for that section.
Change-Id: I434b10dc20e36f43e48bbad5caa8886796211b82
Reviewed-on: https://gerrit.instructure.com/9364
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
in the top bar, where it says (student x of y), y should be the correct count
of students in the course, even if students have multiple enrollments.
test-plan:
- create a course with students with multiple enrollments
- load speedgrader, check the count
Change-Id: I6efbe887cf11aef318587a9da20704e76463c673
Reviewed-on: https://gerrit.instructure.com/9239
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cameron Matheson <cameron@instructure.com>
test plan:
* use canvas and ensure that notifications work
Change-Id: Ie46f049aab5dde7167c3ea4228e503c7a686c839
Reviewed-on: https://gerrit.instructure.com/9154
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
quiz submissions that have essay questions are marked as pending_review, but
they have a grade, so the previous trigger was ignoring them when incrementing
the needs_grading counts. this changes increments the counter for
pending_review even if there is already a grade.
test-plan:
- create a quiz with an essay question
- as a student, submit the quiz
- as a teacher, your to do list should indicate that you have a quiz that needs
grading.
fixes#5326fixes#7466
Change-Id: I7cf2293bb43df882000902109124810e896e66ad
Reviewed-on: https://gerrit.instructure.com/9095
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
tweak our javascript so that the rubrics controller update method knows that we
want to save the rubric association even if we can't modify the rubric. also
clean up some unused code in the rubric spec that was confusingly named
read_only, but not related to the rubric read_only property.
test-plan:
- create a rubric
- create two assignments that have the same points
- associate the rubric with the first assignment and select it be used for
grading. make sure it sticks across refresh (and the rubric is not
duplicated)
- same for the second assignment
Change-Id: I2c32d4da35eff508680f0a19c97cb1111fe4cef1
Reviewed-on: https://gerrit.instructure.com/8981
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
also fix/enable zip file uploads in group and user contexts -- they were
partially enabled, but broken. This required generalizing
UnzipAttachment to work for any context, not just courses, though that
was mostly just a matter of renaming things.
The zip file uploads in accounts are still not enabled, as the accounts
file section is not implemented yet, though it's referenced in the
routes file.
fixes#5913fixes#5728fixes#5463fixes#5012
test plan:
* upload a zip file to a course, to a group, and to a user's files. in
each case, try uploading the zip both through the button in the file
browser, and by dragging a zip file into the file browser (in a
capable web browser)
Change-Id: I6c648ef677d2bd61ae41a2b8fe0f89be43d63375
Reviewed-on: https://gerrit.instructure.com/7402
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
test plan:
1. create a quiz
2. change the type to one of the survey options
(graded survey works)
3. add a question
4. publish the survey
5. take the survey as a student
6. go the quiz summary as the teacher and click on
"show student survey results"
7. Observe the students name/email is not anywhere
on the page (page title, bread crumb in
particular)
Change-Id: I58bc62266f2e9150224cf6f8c39f1726088630c2
Reviewed-on: https://gerrit.instructure.com/8999
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
section limited ta's are correctly only able to see/change grades for students
in their section, but the reported counts of ungraded students were incorrectly
being pulled from all sections.
test-plan:
- create a course with multiple sections, and an assignment with submissions
- create students for each section, and submissions for each student
- as a section limited ta, go to /courses/x/assignments/y. you should see "n
out of m Submissions Graded"; n and m should make sense
- go to the speed-grader, at the top you should see "student n of m"; make
sure n and m make sense
Change-Id: I1f59b037c38cb4671165ac0fc201eaa7dc2e3350
Reviewed-on: https://gerrit.instructure.com/9054
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Rather than displaying the comments, we were just showing the
placeholder "the assessor will use this area to enter comments".
test plan:
* create an assignment and a rubric used for grading. on the rubric,
select the "use freeform comments" option.
* grade a student on the assignment, and enter comments on the rubric
rows. add some line breaks or urls, to test the html formatting.
* as a student, go to your course grades summary page
(/courses/X/grades), verify that when you click to show the rubric,
the comment is displayed and properly html-ified.
* as the student, do the same on the individual submission page
(/courses/X/assignments/Y/submissions/U)
Change-Id: Ic4667eda36064d3fd4d70eec0d2bd7656e543051
Reviewed-on: https://gerrit.instructure.com/8908
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
we were showing these grading schemes in the list of options you had, but we
weren't allowing them to be set. this brings into line what is
shown in the list with what can be set
test-plan:
- make a course level grading standard and an account level one
- make sure they can both be set for the course (or an assignment in the
course) both by their creator or another teacher.
Change-Id: I951e7fb6102b8b8574234d0fa201ed0b4eaa5e57
Reviewed-on: https://gerrit.instructure.com/9004
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
FileInContext (used by the zip importer) was bypassing the filename= setter
for Attachment, so when using attachment_fu, sanitize_filename was not getting
called on the filename. This resulted in us generating S3 urls with characters
in them like filename[0].txt. That normally worked fine. However, Firefox
would escape those characters when redirected to a URL like that, which would
cause a signature mismatch with S3.
This commit stops bypassing the filename= setter so files uploaded as zip
files and in migrations have escaped filenames. Because of difficulties
testing S3 attachments, the included spec is weak.
This also includes a migration that will rename attachments with []" in their
filenames, and make a copy of the S3 object to match.
There is also an unrelated spec refactor around faking out a portion of the
code about S3.
test plan:
* Enable S3
* Create a ZIP file with a file in it with a name like test[0].bin
* Upload that ZIP file to your files are, choosing to unpack the ZIP contents
* Verify that you can download the extracted file using firefox
* Also verify that the attachment's filename is escaped in the db
Change-Id: I54fc0682b64a9e0021b4b41236f8cab168a0e56e
Reviewed-on: https://gerrit.instructure.com/8875
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes#7095
This is an existing feature that just needed some UI improvements. If
the quiz submission is marked as needing grading because the quiz has
changed significantly since it was submitted, we were showing "The
following questions need review" and then an empty list of questions.
test plan:
* create a quiz, and have a student take it
* then significantly change the quiz -- change how many points it is
worth, for example, and re-publish
* the student's submission should now be marked as needing review, and
viewing the submission should show the teacher a message about the
submission needing review because the quiz has changed
significantly. It shouldn't show an empty list of questions needing
attention.
Change-Id: Ibe388a661dda34c47bcb91b5932db5d37719a01b
Reviewed-on: https://gerrit.instructure.com/8819
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
test plan:
* set a custom css for site admin
* other root accounts should pick up that custom css
immediately without restarting the server
Change-Id: Ief1356f7a67b3ea461656bc8f6a9bf1938566b91
Reviewed-on: https://gerrit.instructure.com/8522
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
We want to be able to change or delete enrollments on the course settings page,
even if there are multiple enrollments for a single student. This commit adds
this ability, and adds tests to ensure that multiple enrollments are coalesed
under a single user.
test-plan:
- create a course with three sections
- enroll a student in two of these sections (from the console)
- navigate to the course settings page, users tab
- make sure the student only shows up once, with both enrollments listed
underneath
- try changing one of these enrollments to the third section.
- try deleting one, and then both of these enrollments
Change-Id: I4bc35ac2f79fd6297b50e5217a567290eff59a92
Reviewed-on: https://gerrit.instructure.com/8364
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
test plan:
1. click on the sent filter
2. ensure you only see non-archived conversations where you have written
at least one message
3. ensure that the timestamp and preview on the left reflect your latest
message (not necessarily the latest in the conversation)
4. ensure the conversations are sorted by the timestamp of your most
recent message
5. ensure that when you delete the last message by you in a given
conversation, that conversation is removed from the ui
Change-Id: I85468d19122f1190bd2c53cb640145b7d14e2b42
Reviewed-on: https://gerrit.instructure.com/8416
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
when you add a learning outcome to a rubric, you can optionally choose to
ignore it when grading. this commit ensures that point totals acutally ignore
the line consistently across the varios places they are displayed, including
when creating the rubric, when grading from the speed grader, and when grading
from the assignment submission page.
test plan:
- create a learning outcome
- create an assignment with a rubric for grading
- make sure the rubric has at least one normal criterion for grading
- include the learning outcome, and choose ignore for grading
- make sure point totals are consistent in the rubric form
- grade the assignment with the speed_grader, make sure point totals are
consistent.
- modify the grade at /courses/c.id/assignments/a.id/submissions/user.id and
make sure point totals are still constistant.
Change-Id: I454d73897ee5d4e6413b7c653ffafa1c4ac98e2e
Reviewed-on: https://gerrit.instructure.com/8263
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
provides a role override permission for viewing discussions. primarily useful
for disallowing observers from reading discussion, although by default it is
enabled.
test plan:
- create a course
- create a discussion (d1) in that course
- create a discussion assignment (d2) in that course
- log in as an observer and make sure you can see both discussions above
- log in as an admin and revoke the read_forum permission for observers
- log back in as the observer and make sure you can't see the discussions
- also check that the assignment shows the assignment page, but does not
redirect to the associated discussion.
Change-Id: I4c6441c781c24e6aadacbfc23dcc307c772ecd2c
Reviewed-on: https://gerrit.instructure.com/8069
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
Hook into the redis library at a pretty low level, to try and do
everything we can to avoid erroring if redis goes down. This applies to
both redis-as-cache and redis-as-data-store.
test plan: Set up redis and caching in your local instance. Point it to
both an existing box on a port not running redis, and a non-existent IP.
In both situations, you should not see caching errors or redis data
errors. After the first error, it shouldn't attempt to hit redis again for 5
minutes.
Change-Id: I101b2d3d2123151b244eb82ba78b176ed1f4d5ad
Reviewed-on: https://gerrit.instructure.com/8097
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
ContentZipper for some reason was allowing fetching all files (as if a
teacher) when user was not specified. This fixes that and requires correct
permissions when zipping up a folder.
It also runs a migration which will delete existing folder zip files for
anonymous users, since those are cached.
test plan:
* Create a public course and put some files in it.
* Lock and hide some of those files.
* Log out and browse to the course files.
* Choose "download zip file".
* Verify that the zip file you get only has visible files in it.
Change-Id: Icf5929f7d1dbc4a7f2122337aff9ed6ae003af12
Reviewed-on: https://gerrit.instructure.com/8085
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
In the SpeedGrader, if you went past a user with > 1 submission, grading
subsequent students with only one submission would result in a page error in
the submission content iframe after the grade is saved. We were only
populating the <select> element for > 1 submissions people, and the change()
binding on it would call for everyone else, triggering badness.
test plan:
* Create 2 users in a course with an assignment.
* Submit the assignment twice as student A, and once as student B.
* In SpeedGrader for that assignment, browser to student A, then student B.
* Grade student B's submission.
* Notice that when the submission reloads in the iframe, it is not a page
error.
Change-Id: If461ecc1121fcae0549f1f451ecaa33edf2aa69e
Reviewed-on: https://gerrit.instructure.com/8046
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
allow points in rubric criteria and ratings to have decimal values. in working
with brian, we're operating under the following assumptions:
- round to 2 decimal places
- splitting always gives you a integer by default (you can change it yourself after)
- if there's not room to split with an integer, repeat the low value
test plan
- create a new rubric
- change a criterial value to something with a decimal point
- try setting specific ratings with decimals
- try to split between a large space (ie 10.5 and 0), should be 5
- try to split between a small space (ie 0.5 and 0), should be 0
closes#5355
Change-Id: I17e26fe18dda0847fa59dd40976e4d6f38851287
Reviewed-on: https://gerrit.instructure.com/7882
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
* adds course url to course record
* adds avatar url to users record more globally
test plan: make api calls that return courses or users, ensure they still work
Change-Id: I1db69fe3865a39744ba7f3fcc7fc885f46c6551b
Reviewed-on: https://gerrit.instructure.com/7496
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Test Plan:
* Create a tool with api
* Edit tool with api
* Get tool with api
* List tools with api
* Delete tool with api
* Etc., etc.
closes#6589
Change-Id: I3f1adc97937588534f8005574bd0278b6f03cbde
Reviewed-on: https://gerrit.instructure.com/7612
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes#6510
Most of this is a refactor so that all API JSON generation goes through
an api_json method, in order to standardize stuff like permissions and
:include_root. The existing specs verify that this doesn't inadvertently
change any existing responses -- except the discussion topics responses,
which were returning the :permissions array in the json unintentionally.
The refactor fixes the locked assignment response as a side effect.
Change-Id: I287b366fe05ef6116f713fc52075aff93d5e87b6
Reviewed-on: https://gerrit.instructure.com/7262
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
testplan:
* make sure user models destroy transactionally
* create two users, one with a managed pseudonym and one without,
destroy both, and make sure that the failure to remove the managed
pseudonym makes the original user destroy bail
* make sure you can force delete a user with managed pseudonyms
* make sure that the account controller can destroy users with managed
pseudonyms
* make sure the users controller can destroy users with managed
pseudonyms only when the current user has permission
* also, make sure other user destruction functionality is unchanged
* make sure the users controller doesn't confirm a deletion when
the user doesn't have permission
* make sure we don't add a user destruction link when we know the
destruction will fail, but add it otherwise
Change-Id: Ie7c17de1134543fe55a3fdd03c60879925ecc50d
Reviewed-on: https://gerrit.instructure.com/6832
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes the logic that determines when to display the "Customize" and
"View all courses" links in the course menu. the two problems were:
1. if all Courses were already favorited (via Customize UI), the
Customize link would no longer show up
2. if the number of active enrollments was less than 12, but with your
temporary enrollments you exceeded that, you would not see the
"Customize" or "View all courses" links
test plan:
* enroll in more than 12 courses and customize the menu so they all
appear. ensure you can still customize the menu when you reload the
page
* enroll in fewer than 12 courses and then invite yourself to a bunch of
courses so that your total exceeds twelve. ensure that you can
customize the menu and you have a "View all courses" link
* basic regression of course menu customization
Change-Id: Iaddc54fd011159a498e39c28adfd81672f87261f
Reviewed-on: https://gerrit.instructure.com/7141
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
test plan: run the tests
Change-Id: If7fd4288520af765211a026ff0202b18249f86fe
Reviewed-on: https://gerrit.instructure.com/7254
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
When student submits a quiz with an essay question, it now
displays as ungraded in Speedgrader until the grader reviews/
grades the essay question.
test plan:
1. create a quiz with an essay question;
2. complete the quiz;
3. view the quiz assignment in speedgrader;
4. verify that assignment is marked as "not graded"
in the student dropdown menu;
5. grade the essay question;
6. verify that the assignment is now marked as "graded"
in the student dropdown menu.
Change-Id: I67ca56df2ec08380c75aa1ddf64fe8848e2b574d
Reviewed-on: https://gerrit.instructure.com/6619
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
We are now prepending all json responses with "while(1);" to protect
against browsers that allow stealing this information from a <script>
tag on third-party sites, by overriding constructors or property
getters/setters.
this loop is not prepended to API requests, unless those requests are
authenticated via a session cookie (canvas itself makes API
requests using the user's session, but we don't want third-party apps to
have to remove the loop before parsing).
fixes#6459
Change-Id: Icf00056d4d7fba198a8957892af09cdd84d55bc4
testplan:
* Do anything in the application that results in a AJAX request
returning JSON -- for instance, load your list of conversations.
* Use a web inspector to verify that the canvas is returning the JSON
response with this prepended loop, but that the javascript code
handles that and still can parse the response.
* Make API calls to Canvas, verify that nothing is prepended to the
JSON responses.
Reviewed-on: https://gerrit.instructure.com/7144
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
mocha deliberately doesn't support evaluating thunks in mocked objects,
so, that broke our usage pattern when we switched.
testplan: n/a
Change-Id: I2ae8d2e4de1249965b12659ee76a785b13f7c73d
Reviewed-on: https://gerrit.instructure.com/6654
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
This uses redis to store the nonces as locks that expire after 90
minutes. Timestamps are epoch UTC values, as per the oauth spec.
testplan: send oauth requests to the api endpoint with the same nonce
more than once, or with a too-old timestamp
refs #5892
Change-Id: Id6130c2a07e206dad716673aa6adbe9d36565a7c
Reviewed-on: https://gerrit.instructure.com/6683
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
This was already happening for a couple of the default front
pages, but this fix makes it happen for all of them
closes#5842
Change-Id: If11db2e93cdfe228a3ee9019ff68ffe97e03696f
Reviewed-on: https://gerrit.instructure.com/6601
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
refs #5948
adjust specs so that if a login does inject themselves in by adding
additonal redirects, we keep following them
Change-Id: I16e616066ea1bef1aa5ed97718cbd8ddbd2c27c5
Reviewed-on: https://gerrit.instructure.com/6536
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes#5573, #5572, #5753
* communication channels are now only unique within a single user
* UserList changes
* Always resolve pseudonym#unique_ids
* Support looking up by SMS CCs
* Option to either require e-mails match an existing CC,
or e-mails that don't match a Pseudonym will always be
returned unattached (relying on better merging behavior
to not have a gazillion accounts created)
* Method to return users, creating new ones (*without* a
Pseudonym) if necessary. (can't create with a pseudonym,
since Pseudonym#unique_id is still unique, I can't have
multiple outstanding users with the same unique_id)
* EnrollmentsFromUserList is mostly gutted, now using UserList's
functionality directy.
* Use UserList for adding account admins, removing the now
unused Account#add_admin => User#find_by_email/User#assert_by_email
codepath
* Update UsersController#create to not worry about duplicate
communication channels
* Remove AccountsController#add_user, and just use
UsersController#create
* Change SIS::UserImporter to send out a merge opportunity
e-mail if a conflicting CC is found (but still create the CC)
* In /profile, don't worry about conflicting CCs (the CC confirmation
process will now allow merging)
* Remove CommunicationChannelsController#try_merge and #merge
* For the non-simple case of CoursesController#enrollment_invitation
redirect to /register (CommunicationsChannelController#confirm)
* Remove CoursesController#transfer_enrollment
* Move PseudonymsController#registration_confirmation to
CommunicationChannelsController#confirm (have to be able to
register an account without a Pseudonym yet)
* Fold the old direct confirm functionality in, if there are
no available merge opportunities
* Allow merging the new account with the currently logged in user
* Allow changing the Pseudonym#unique_id when registering a new
account (since there might be conflicts)
* Display a list of merge opportunities based on conflicting
communication channels
* Provide link(s) to log in as the other user,
redirecting back to the registration page after login is
complete (to complete the merge as the current user)
* Remove several assert_* methods that are no longer needed
* Update PseudonymSessionsController a bit to deal with the new
way of dealing with conflicting CCs (especially CCs from LDAP),
and to redirect back to the registration/confirmation page when
attempting to do a merge
* Expose the open_registration setting; use it to control if
inviting users to a course is able to create new users
Change-Id: If2f38818a71af656854d3bf8431ddbf5dcb84691
Reviewed-on: https://gerrit.instructure.com/6149
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
we would need a separate cache for each [@current_user,
@real_current_user] combination because the authenticity token is
included in the html here -- it's not really worth it, just skip the
cache when masquerading.
Change-Id: Ie1440a6e592ef96649467e06006520d176438a70
Reviewed-on: https://gerrit.instructure.com/6385
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Assessment questions can be shared among multiple contexts, so we need to make
the Canvas links used inside authorized to anyone with the link.
Change-Id: I0df4907405fd518ee0efebccf1b9fb8717dca141
Reviewed-on: https://gerrit.instructure.com/6341
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
fixes#5737
There is one situation where a session is still desireable -- if the
attachment data includes links, for instance a html file attachment,
then a session will be needed to view the links from that file. The
limited safefiles session will still be created when downloading the
file, so apps can optionally use the session to support that
functionality.
Change-Id: I48558c4a3217ebea92118f8f08d1254041bd65e5
Reviewed-on: https://gerrit.instructure.com/5860
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
so that things don't asplode if you do something that auto-commits the
transaction, and then AR can neither commit or rollback the transaction
it thinks it's in
Change-Id: I9df10697a255f60155fa256d93675aa8792009be
Reviewed-on: https://gerrit.instructure.com/5943
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Jon Jensen