Our generated json did not handle array data types for @return tags.
This adds support, for example, for '@return [User]'
Change-Id: I3f9bee95c49fc737d07b220b99c9083d28d0ffde
Reviewed-on: https://gerrit.instructure.com/24500
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Product-Review: Duane Johnson <duane@instructure.com>
QA-Review: Duane Johnson <duane@instructure.com>
test plan: links to the files api documentation, such as in
submissions#upload_file , should work correctly
Change-Id: I936a597b5a9e40bae06c753e036ca36aa1538cfd
Reviewed-on: https://gerrit.instructure.com/24279
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
Replaces the @object User example description. Add :model to tags that
are shown to describe objects in the API docs. Uses model info to
reproduce the expected @object style API documentation.
Change-Id: I12ffca98aeef72851cd331794fa8268d14812315
Reviewed-on: https://gerrit.instructure.com/23967
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Duane Johnson <duane@instructure.com>
Tested-by: Duane Johnson <duane@instructure.com>
Reviewed-by: Duane Johnson <duane@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
- Explicitly describe path parameters (e.g. "id", "account_id") so
that swagger will autogenerate the correct code.
- Use :resources which is already grouped, rather than :object, which
is not.
- Guess type information from current sample @object models
- Accept @model in API docs as a better alternative to @object.
@model descriptions use the JSON-schema draft 4 specification,
which is what Swagger uses.
See https://github.com/wordnik/swagger-core/wiki/Datatypes
- Add some swagger json generator specs
- Fix SubmissionsController's "Submission" object
Change-Id: I71befe1d2cea039fd996124e7de9cab2e639e191
Reviewed-on: https://gerrit.instructure.com/23831
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Duane Johnson <duane@instructure.com>
QA-Review: Duane Johnson <duane@instructure.com>
Change-Id: Ibbb161baed27ffdf0b1a17cdc18b7bcfcb8d2195
Reviewed-on: https://gerrit.instructure.com/23562
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
Add 'swagger' API metadata generator from Yard. This metadata
can be used to generate a Canvas API wrapper library, or to benefit
from the swagger doc ecosystem.
See https://github.com/wordnik/swagger-core/wiki
Test Plan:
- Call 'rake doc:api API_YML=1' from the command line
- Check that api.yml file is created in current directory
fixes CNVS-7311
Change-Id: I9c5f756192794e5ea767c4db745a777cd63c3942
Reviewed-on: https://gerrit.instructure.com/23079
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Nathan Mills <nathanm@instructure.com>
Product-Review: Duane Johnson <duane@instructure.com>
QA-Review: Duane Johnson <duane@instructure.com>
test plan:
* exercise paginated api endpoints (including the search endpoint)
- ensure the link headers now include current (for the current page)
refs CNVS-7508
Change-Id: Id271c3a05b726de9ce619bd0100af84db199d4f1
Reviewed-on: https://gerrit.instructure.com/23365
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Hannah Bottalla <hannah@instructure.com>
Reviewed-by: James Williams <jamesw@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
closes CNVS-7220
test plan
- should have "All ids in canvas are 64 bit integers"
Change-Id: I45ed55f85233c48aee38194695fc04c6e73ab623
Reviewed-on: https://gerrit.instructure.com/22803
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
documentation on the server side, and adaptation of Backbone.Collection
to handle this style of document on the UI side.
refs CNVS-390, refs CNVS-6069
Change-Id: Ice854695df66efb13545aa7ae47b39e7ad673c60
Reviewed-on: https://gerrit.instructure.com/22145
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
This allows us to upgrade our routes file to rails 3 syntax while still
staying compatible with rails 2.3
refs CNVS-5146
test plan:
This affects literally every URL in Canvas, but shouldn't introduce any
new behavior. The automated integration and selenium tests still pass,
which is a good smoke test. Other than that, it's really just making
sure that routes are generated and recognized as before (regression
testing).
Change-Id: I443d006e3fcb5a0a0f8d6db46a8873a498ae7fd4
Reviewed-on: https://gerrit.instructure.com/21729
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
test plan:
- have a course with a quiz
- in rich content (like a wiki page), use the wiki sidebar
to insert a link to the quiz list and a link to the quiz
- retrieve the wiki page via the pages API
- the quiz list link should have added attributes
* data-api-returntype="[Quiz]" (with brackets)
* data-api-endpoint: valid API link to the quiz index
- the quiz link should have added attributes
* data-api-returntype="Quiz"
* data-api-endpoint: valid API link to the quiz
- the API documentation should mention "Quiz" in the list
of supported data-api-returntype values, found in the
"Basics" section under "API Endpoint Attributes"
fixes CNVS-6115
Change-Id: If405f6779f1b3f3719503a9987cceaf29a508ed8
Reviewed-on: https://gerrit.instructure.com/21080
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
test plan:
- in rich text somewhere (wiki page, assignment, etc.),
embed a link to launch an LTI tool.
a suitable test tool can be found at
http://lti-tool-provider.herokuapp.com
- retrieve that text through the appropriate API
(pages, assignments, etc.)
- the link should have added data-api-return-type
(SessionlessLaunchUrl) and data-api-endpoint attributes.
- the data-api-endpoint should contain a link to the
generate-sessionless-launch API. hit this link with
curl or postman or whatever (authenticating with your
token as is normal for API requests)
- the above API should return a URL with a big scary
verifier in it. (you should be able to launch *that*
URL to get into the LTI tool without a Canvas session)
fixes CNVS-5944
Change-Id: I2e51312341b08f87ff2be7bee57370318be72b65
Reviewed-on: https://gerrit.instructure.com/21075
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
to give less impression that page=X is a valid parameter (it is a lot
but not necessarily).
refs CNVS-4793
Change-Id: I76fb45211831502211a685b6777f52bc02e72ca7
Reviewed-on: https://gerrit.instructure.com/20829
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Product-Review: Rachel Wolthuis <rachelw@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
also added styles to make .form-controls look
good in dialogs.
closes #CNVS-4302
Change-Id: Ibe54ee4046ac255b0b0ea83d32afc88e4a820464
Reviewed-on: https://gerrit.instructure.com/19331
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
QA-Review: Ryan Florence <ryanf@instructure.com>
Product-Review: Ryan Florence <ryanf@instructure.com>
adds a new LTI extension, "content", that
defines the interaction for sending content from
a tool provider to the tool consumer. This extension
will replace the "embed_content" and '"select_link"
selection_directives, as well as adding allowing
am external tool to submit content for a homework
submission.
also starts sending intended_use, return_types, return_url
and file_extensions as part of the LTI launch with the new
extension.
test plan:
- make sure the "more" tab only shows up when there are valid tools
- install at least one valid tool
(make a homework_submission tool by taking the xml for
a resource_selection tool and replace "resource_selection"
with "homework_submission")
- click "more"
- make sure you can't submit the assignment when no
resource has been selected
- set an assignment that only allows file uploads
- try selecting a url from the tool
- make sure it errors out
- set an assignment that only allows file uploads
- limit the file types
- try selecting a file with a non-supported file extension
- make sure it errors out
- set an assignment that only allows file uploads
- try selecting an invalid file from the tool
- try submitting the homework
- make sure it errors out gracefully
- set an assignment that only allows file uploads
- try selecting a file from the tool
- make sure the submission works correctly
- set an assignment that only allows urls
- try selecting a file from the tool
- make sure it errors out
- set an assignment that only allows urls
- try selecting a url from the tool
- make sure the submission works correctly
Change-Id: I8df682bc73087681159110ab02f77f0e5a2b3911
Reviewed-on: https://gerrit.instructure.com/13419
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
Product-Review: Brad Humphrey <brad@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
adds scopes to access token and a new scope, 'userinfo'. when this scope is
used, a user may choose to remember authorization for a 3rd party. when this
option is selected, subsequent requests for an access token scoped to userinfo
will skip the the step where the user authorizes the app and will return userinfo
but no access token.
test plan:
* follow the oauth token flow adding a param for scopes=%2Fauth%2Fuserinfo to the initial request
- check the box for to remember authorization
- click login
* repeat the above request
* you should not see the request access page
* delete the tokens that were generated above
* run the test above, this time not remembering access
* you should see the request access page on the second request
Change-Id: I303a55d3c71de517ce6aa5fd8acd74d89aa4c974
Reviewed-on: https://gerrit.instructure.com/17604
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
this will allow migrations to have flexible todo items
and allow us to make a super awesome UI for helping
teachers fix any migration problems
Test Plan:
* Run a migration that has issues. :)
* exercise the issue api
closes CNVS-4230
Change-Id: I4577f811dd3b16aa200d381f039632b7cc2cd184
Reviewed-on: https://gerrit.instructure.com/18639
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
a convenience method for changing the domain for all configured urls
Change-Id: I601c891e66fff476f8f743cc4519a6fecb432d12
Reviewed-on: https://gerrit.instructure.com/18094
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
closes CNVS-3417
test plan:
* after the migrations are run, ensure that every section has at
least one entry in CourseAccountAssociations in the database
* smoke test SIS imports
Change-Id: I261cad633788efbf4b0c64db34436ef695856fee
Reviewed-on: https://gerrit.instructure.com/17256
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
The documentation regarding creating an assignment override with
`group_id` is made more clear and the prerequisites are better stated.
The group assignments feature and the dependency between
`group_category_id` and `group_id` in the stages of assignment creation
and assignment override creation are explained by a diagram sitting in an
appendix entry at the bottom of the Assignments API documentation page,
Appendix: Group assignments.
The diagram image in the appendix is exported out of the raw .xmind file
in doc/diagrams. You can edit that diagram using the XMind program
(http://www.xmind.net/), it's free to use and cross-platform (JAVA).
---
Testing:
1. generate the API docs: `bundle exec rake doc:api`
2. navigate to the Assignments API page
(link: public/doc/api/assignments.html)
3. take a look at the "Create an assignment override"
section
4. also take a look at the bottom of the page
fixes #CNVS-1204
Change-Id: I07660a7e8a58aba2e307849a79557067a7ea77fb
Reviewed-on: https://gerrit.instructure.com/17454
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
Useful things the commit brings:
1. Source documentation can now include images and out-of-source examples
2. Source documentation can now be supplemented by "appendixes" for
documenting advanced or uncommon usage, auxiliary examples, or any
supplementary content
3. An implementation of the YARD @see tag that utilizes the canvas
YARD linkify helper
Necessary changes for integration were:
* Gemfile now includes 'yard-appendix'
* Rake task for generating API docs (doc:api) made more readable and
now supports asset migration (images and examples)
* Canvas YARD 'api' template now handles :appendix sections provided
by the plugin
* Canvas YARD 'linkify' helper modified:
* uses a shared linker to look up a topic and controller
* overrides default handling of 'Appendix: ' links
* defaults to using the @object title as the link body when no title
was explicitly passed instead of the path.to.object
* Canvas YARD 'fulldoc' handler respects a
DOC_OPTIONS[:all_resource_appendixes] that when turned on would
generate appendix entries in the All Resources section[1]
[1] I've already implemented this functionality because I misread the
requirement (as seen in PB 6) so I thought we could keep it around and
toggle it if need be. The options are inside lib/tasks/docs.rake
---
Testing:
To verify that the changes do not alter or affect the current API docs,
fire up a terminal and do the following (inline comments for directions):
```bash
cd /path/to/canvas;
# generate the original docs before pulling these changes
bundle exec rake doc:api
mv public/doc public/doc_original
# checkout these changes into a branch... after that:
bundle install
bundle exec rake doc:api
diff -r -y -q public/doc_original/api public/doc/api
```
The output of the last command should look like this:
Only in doc/api: examples
Only in doc/api: images
To test the actual @!appendix functionality:
* see https://github.com/amireh/yard-appendix for directions on how to
define Appendix entries
* write an Appendix in any controller, optionally reference it in some
method (using @see or {link})
* Appendix entry should be shown at the bottom of the controller's doc
page
* reference to the appendix entry should take you to it
Alternatively, you can check-out the gerrit change 17454 at
https://gerrit.instructure.com/#/c/17454/ which utilizes this
functionality.
Change-Id: Id667b77ff8d36b0f503e0f6752045e3d05bc3649
Reviewed-on: https://gerrit.instructure.com/17453
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
canvas sis imports do not have default values
all date time fields should be in ISO 8601
moved if a field is required to description
Change-Id: Ifead275fb789384a80542ee7a9ac370c38c01194
Reviewed-on: https://gerrit.instructure.com/15973
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Dave Jungst <dave@instructure.com>
closes #CNVS-1078
test plan:
- create custom roles in an account
- sis import:
- put the custom role name in the 'role' column in a SIS
enrollment import, and ensure the role_name is assigned
in the Enrollment
- ensure only valid roles can be assigned this way
(must be defined in the course's account or parent
account, and must not be inactive)
- sis export:
- ensure custom role names are exported in the 'role' column
of the SIS enrollment export and provisioning reports
Change-Id: Ib8b4c129d451023fa51c73747baadd42cb305338
Reviewed-on: https://gerrit.instructure.com/15868
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
There's now a UI for this, no need to use the console.
Change-Id: Iffdb70d41c5b4cca94a6bb442107d3923911e16d
Reviewed-on: https://gerrit.instructure.com/15232
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
only included in docs if INCLUDE_INTERNAL is set in the environment
test plan:
* mark some methods or controllers with @internal
* generate API docs
* they should not be included in API docs
* generate API docs setting INCLUDE_INTERNAL=1 first
* they should be included again
Change-Id: Ie6f3ff982c20beea2b66db4505a7987cadce66ce
Reviewed-on: https://gerrit.instructure.com/14983
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
refs #10541
add counts of how many unread discussions and announcements a user has in
a course or group in the left hand nav bar of the course or group, next to the
appropriate navigation link.
these counts are cached in a context/user/content_type join table.
unfortunately, there are situations that can change whether or not a discussion
or announcement is visible to the user (and thus unread) without triggering any
backend action. for example, a post delayed announcement, a locked discussion
assignment, or a discussion with prereqs in a module. because of these types of
situations, the count has to be re-queried every so often, and the time chosen
for this is if it's been stale for 10 minutes.
test plan:
- as a teacher, create some announcements and discussions
- as a student, you should have unread counts in the left nav
- read the announcements and discussions
- the counts should update appropriately
- (see explanation above for the following)
- try post delayed announcements
- try locked discussion assignments
- try discussions locked in a module
- make sure the count badge looks good in all browsers
Change-Id: Ia6428717e91ed389c63ca97a065232dac7121b7e
Reviewed-on: https://gerrit.instructure.com/13926
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
fixes#10491
test plan:
- make an api call to a paginated endpoint that has a query parameter as part
of the call (courses/<id>/users with enrollment_type=student is a good one)
- the pagination link header links that come back should maintain the query
parameter (in the example above, they would include enrollment_type=student)
- also try one that has an "include[]=" type parameter
- read the api pagination documentation (linked from the api sidebar) and make
sure it makes sense.
Change-Id: I6c1649513553bb2ac9c1cfc137ff16c21e50a6a3
Reviewed-on: https://gerrit.instructure.com/13641
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
This creates an LTI extension to pass text or urls along
with the score when doing an LTI 1.1 outcome request.
Test Plan:
* use a tool that supports this extension on an assignment
* After doing the tool activity the submission should have the expected value
refs #mebipenny
Change-Id: I296df1e7c7d99af61724a904511f9bf63d5d2613
Reviewed-on: https://gerrit.instructure.com/12878
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes#9995
also validates_as_url the redirect_uri, sometimes people were leaving
off the http:// part when setting up the key
test plan: set up a developer key with a given domain. kick off an oauth
request flow with redirect_uri equal to that domain, it should be
accepted. use a sub-domain of that domain, it should also be accepted.
use a higher-level domain, it should not be accepted.
Change-Id: I55510f463b1faa3339b9908f9941715d93de5a16
Reviewed-on: https://gerrit.instructure.com/12980
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes#9954
test plan:
- create a wiki page
- put in links to pages, assignments, discussion topics,
and files, and also to the index pages for these
- retrieve the page via the API, and check that the
data-api-endpoint and data-api-returntype attributes
are set
Change-Id: Ife67f3119aa73971153f88fe46787d7e1563f0ef
Reviewed-on: https://gerrit.instructure.com/12925
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
This adds an alternative method for uploading files by giving Canvas a
public URL in the first step, rather than uploading the file data directly.
test plan:
- create a course file via the API upload mechanism
- make sure the return values are as documented
- make sure the file was correctly uploaded
- create a course file via the URL approach
- make sure the return values are as documented
- make sure the file status endpoint returns valid responses
- make sure the file was correctly stored in Canvas
- repeat that process with a file that has at least one redirect
- repeat that process but creating a homework submission file
- try to create a course file with a malformed URL
- confirm that the appropriate error message is returned
- try to create a course file with a relative URL
- confirm that the appropriate error message is returned
- try to create a course file with a URL that doesn't return 200
- confirm that the appropriate error message is returned
Change-Id: I2dcf711347ec4ef26d767ae1c1fa0bb056986651
Reviewed-on: https://gerrit.instructure.com/12143
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Explaining when to store access tokens locally, and some basic tips on how to
securely do so.
Change-Id: Ie17843b6c657961c1de358b28d5f737ebc9567db
Reviewed-on: https://gerrit.instructure.com/12723
Reviewed-by: Zach Pendleton <zachp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan:
* generate an access token
* use the logout endpoint
* verify that the access token is no longer accepted
Change-Id: Iaac94e35d81711cff87604b6a996c41fdae3c640
Reviewed-on: https://gerrit.instructure.com/12674
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Course/group/users file uploads must be checked
against the context's storage quota before new
files can be added. This commit adds that check
for API uploads. It also adds a note to the API
documentation since this is an additional type of
response developers will need to anticipate.
test plan:
- preflight a file upload in a course that is not over quota
- ensure everything works correctly
- set a small quota for a course
- preflight a file upload in a course that is over quota
- ensure that an appropriate error message is returned
- set a quota of zero for a course
- preflight a file upload for a homework submission
(a case that isn't quota-enforced)
- ensure everything works correctly, even though the
course is at quota
Change-Id: I28cc02d91799b1ff27501c3ff919c54834597d74
Reviewed-on: https://gerrit.instructure.com/12142
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
the current code doesn't work because of the attr_accessible on
DeveloperKey
Change-Id: Id6cf7a3eab5808c05c22c43e6095ab6011ec0f76
Reviewed-on: https://gerrit.instructure.com/12275
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
API documentation and examples for Calendar Events and Appointment Groups.
Clean up some value_as_boolean usage, and fix a couple little issues in
the calendar APIs
test plan:
* build documentation
* it should generate and be correct
* run API specs
* they should pass
Change-Id: I4c57ac91a99e4eb04f5ba1741bb4f5968d0a0b14
Reviewed-on: https://gerrit.instructure.com/12209
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
A complete api for folder and file management
Also updates the alphabetical sorting features to escape
a backslash caused errors when casting a string to a
bytea in postgres
Test Plan:
* CRUD yourself some files
* CRUD yourself some folder
closes#9163
Change-Id: I0b937f9273077b66ab9d6c37171bec1fcc5380dd
Reviewed-on: https://gerrit.instructure.com/12085
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
External Tool extension previously needed their own urls,
custom fields, and text. Now they use the settings from
the main tool config as the defaults. So an extension
only needs a hash to be enabled.
Test Plan:
* Add a tool by xml that has custom parameters and that only has the enabled property in the course_navigation settings
* Launch that tool and verify that it used the main tools launch url and custom parameters
closes#8786
Change-Id: If760bbfe5c1dc10814d2a4b900a53abceab08e2e
Reviewed-on: https://gerrit.instructure.com/11700
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
For example to link to the collection item description:
Each collection contains many {api:collections:Collection+Item Collection Items}.
Change-Id: I633645be9e12481aa21e6c03d876ee159ec6437d
Reviewed-on: https://gerrit.instructure.com/11775
Reviewed-by: Ryan Florence <ryanf@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
adds support for flagging individual endpoints, not just resources, as
beta.
test plan: generate the api docs and verify that the tagged endpoints
have a beta message.
Change-Id: Iba815db309ee71482e1f471eaf613527cd7114ec
Reviewed-on: https://gerrit.instructure.com/11585
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
This standardizes the "user display" sub-object returned by the
discussions api, and returns that same data for each collection item.
test plan: make api calls to return collection items, verify the user
sub-object is present and contains the expected user data.
Change-Id: Ie5b1468816ffbf27a005044effbc49082bdf679b
Reviewed-on: https://gerrit.instructure.com/11276
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
Create a discussion topic with support for most of the options -- the
only thing missing is the ability to create an assignment discussion,
that will be added to the assignment create api.
You can also create an assignment linked to the discussion at the same
time you create the discussion. I refactored the assignment api
functionality to support this.
Added a topic delete API as well.
Also fix a bug where we weren't properly validating discussion_type
test plan: hit the api and exercise the various options, such as delayed
posting and require first posting.
Change-Id: I4afdd20313b5cea3ab7b05bf1c005c9f55debe7b
Reviewed-on: https://gerrit.instructure.com/10912
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
This already worked and was used by the Canvas front-end internally, but
wasn't officially supported.
test plan: make an API POST or PUT, and send an application/json body
rather than an application/x-www-form-urlencoded request body.
Change-Id: I2ecf2dce8ed8a592a101b6566c0b483737a68702
Reviewed-on: https://gerrit.instructure.com/10930
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
test plan: generate the api documentation, the collections api should
have a beta warning (but none of the other pages)
Change-Id: I0d7401566cbb3ec9ef76bad79094dad1628ef11c
Reviewed-on: https://gerrit.instructure.com/10720
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
* Allow linking to individual endpoints on the page.
* Give each endpoint a summary string, and list the summaries at the top
of the page, with links to the endpoint details.
* Make an omnibus "all resources reference" page, which has been a
common request. This only includes the endpoint details, not the
summary descriptions of the resources.
* Syntax highlighting for JSON
test plan: visit /doc/api/index.html and see the changes (run rake
doc:api first if on a dev box)
Change-Id: Ib126805825d40770c36b3688668c62938348412d
Reviewed-on: https://gerrit.instructure.com/10516
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
This explicit confirmation step is an improvement on our
login-and-implicitly-accept workflow from before. And it allows us to do
the oauth workflow without forcing a logout, which is much more ideal
especially for embedded LTI tools that want to use oauth.
Eventually this dialog will contain more information on the app and the
permissions requested.
test plan:
As a client application, kick off the oauth workflow for a logged-in
user, verify the user goes straight to the confirmation screen. Verify
you only get a code back if they accept, and an error if they deny. Do
the same without a web session, verify you go to the confirmation screen
straight after logging in.
Change-Id: Idf9905b795979339aec0cb5e4e058f4507a81bac
Reviewed-on: https://gerrit.instructure.com/9804
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
count can be slow if there are a lot. also remove the "last" link
from api responses that skipped the count
test plan:
* go to a user's page with less than 50 page views; they should show
and it should not try to load more
* go to a user's page with hundreds to thousands of page views; they
should load on demand, and when you reach the bottom, it should
stop trying to load more
Change-Id: I934cd7260232b78c33ae5fc1be5e49b2ea686614
Reviewed-on: https://gerrit.instructure.com/10135
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
closes#7775
Allows specifying the folder to upload to as a slash-separated string,
as well.
test plan:
upload to both the current user, and an allowed course, verify the
workflow for s3 and local files. verify you can't upload to course you
don't have permissions to, or another user.
verify that you can specify a folder, and the folder will be created if
it doesn't exist.
Change-Id: Ib9082f047c1c93824fe65decf4789606d82450c6
Reviewed-on: https://gerrit.instructure.com/9603
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
This API abstracts away the difference between S3 uploads and local
storage uploads, while still allowing direct-to-S3 functionality to
avoid typing up Rails processes during S3 uploads.
The only concrete starting endpoint I've implemented in this changeset
is for submission file uploads. Uploads to course and user files is
coming in a subsequent changeset.
test plan:
see the api doc (generate with rake doc:api). repeat this test for both
s3 and local storage configurations.
first, post to the submission file upload endpoint, get your
upload_params back. use that to post the actual file data to the url
returned. then follow the redirect back to canvas, and verify you can
download the file from the url given in the json response. verify you
can attach the new file as part of an assignment submission.
edge cases to test:
* in local files, verify that attempts to modify the policy will fail
the request. in s3, amazon handles this.
* verify that if you do step 2 without step 3, the file isn't available.
* if you do step 1 but wait more than 30 min to do step 3, the upload
will be rejected.
* make sure you can't upload twice in the 2nd step
* make sure you can't verify twice in the 3rd step
Change-Id: I9b16b6e75defe9da551b965d9401f2cad8801f1d
Reviewed-on: https://gerrit.instructure.com/9552
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Change all curl examples to use an oauth access token with the
Authorization header. Also cleanup of the pages discussing authorization
and oauth, and some general sprucing up of the documentation front pages.
test plan: n/a
Change-Id: I64dfe89932c4e98b6ea0f67b3ef09ba10a315444
Reviewed-on: https://gerrit.instructure.com/7764
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
test plan: run the doc:api rake task, verify the docs are still
generated
Change-Id: I9f372a8e68de1019619b452c14f1ebbb1895cecf
Reviewed-on: https://gerrit.instructure.com/7745
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
Cinches up the padding on the left nav a little bit and
adds a new section on LTI and our extensions to LTI.
test plan:
- run rake doc:api
- check out the new api
- make sure all links work
- make sure documentation makes sense
- make sure it links to IMS pages in the right places
Change-Id: I99de960b9e0262d7bda89515b9a7be10dd981ce7
Reviewed-on: https://gerrit.instructure.com/7528
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
as outlined in the oauth2 bearer token documentation:
http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08
test plan: make any api requests passing the access_token in the
authorization header, rather than the query string, and verify you can
successfully make those calls. also verify that the query string method
still works as before.
note that we are not yet responding with a proper 401 and
www-authenticate header, as described in the oauth2 bearer token spec.
that is coming in a subsequent commit, after some refactoring of our api
error response mechanisms.
Change-Id: I2cf470ce2dd33442bb71ea2d3c756410b418b1ca
Reviewed-on: https://gerrit.instructure.com/7664
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
this isn't supported, just an error in the docs
test plan: n/a
Change-Id: I957c6b030b269a93204f66416d65dd7ab9c65dee
Reviewed-on: https://gerrit.instructure.com/7520
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
except we don't even use jquery in the api docs
testplan: n/a
Change-Id: I6d4be9e25ca68e64f62414a1e81ac40549a5b99f
Reviewed-on: https://gerrit.instructure.com/6617
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Finding users is a bit different, since the user's sis information is
actually stored on the pseudonym. Before, we were working around this in
the submissions api. I've generalized it to work everywhere that uses
the Api find functionality, and in the process fixed the page views api
so that it works with sis ids.
This is necessary as we add more user apis, like the upcoming
/users/:user_id profile API.
Also added the /users/self shortcut to query the various user apis for
the user accessing the api.
Also for consistency, deprecate users/activity_stream in favor of
users/self/activity_stream
Change-Id: Icb0776231070b838bb341893d12b1061b90c5d04
Reviewed-on: https://gerrit.instructure.com/5628
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
accepts a redirect_uri to return the code to, in addition to the OOB uri
support. matches the redirect_uri domain host against the one stored on
the developer key.
this doesn't yet include a UI for registering developer keys.
Change-Id: I6fbfe6ff3dbd6ebea9c2f9fc5ce3e45447a1cbc8
Reviewed-on: https://gerrit.instructure.com/4963
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
periods were being interpreted as the beginning of a file extension,
rather than part of the sis id. fixing this meant completely changing
our routing, unfortunately, since rails resourceful routing is very
oriented on numeric ids, with format extensions.
the .json extension is now optional for api requests, in api v2 we'll
drop it completely. there is the unfortunate edge case that a sis id
ending in ".json" can't be send through the v1 api -- except...
we also now support hex encoding sis ids in the api calls. this allows
arbitrary strings to be used. in theory this could just use uri
encoding, which is also "supported", but there are bugs in various
releases of apache and the rack/rails stack that make this impossible to
use with some characters, such as "." and "/".
the api documentation has been updated as well
Change-Id: Ifa4b529dffee0f30ef5384f94c64aa6e8f8f2542
Reviewed-on: https://gerrit.instructure.com/4940
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Once rake doc:api or canvas:compile_assets is run, the API will be
accessible from within Canvas at /doc/api/index.html
Change-Id: I503701c0ef3dc0df0ea67477053b328411553352
Reviewed-on: https://gerrit.instructure.com/4723
Reviewed-by: Zach Wily <zach@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
users have both a SIS user_id and login_id, return both in the API and
allow both as ids when specifying a user in API calls using the syntax
sis_user_id:someid and sis_login_id:someid
These columns in the db aren't well named, unfortunately, but we'll try
to at least be consistent in the API.
This is technically a breaking change for the API. We've decided to go
ahead with it, as this API functionality was only recently added.
Change-Id: I8eabe4226580aa3b1aec7e5b7082b045f786e605
Reviewed-on: https://gerrit.instructure.com/4556
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
Added support for oauth 2 API requests. HTTP Basic
only works for Canvas-auth and LDAP accounts, but
oauth 2 will also work with SSO accounts. Also added
ability for users to create access tokens from the
profile page.
Change-Id: I13581b4e77bfa77bf11dbb732900012dd1e50ede
Reviewed-on: https://gerrit.instructure.com/3775
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
I removed the api_routes plugin, since the code is currently too tied to
canvas to be pulled out into a generic plugin anyway. The yardoc
templates now live in doc/templates, and I've done some major cleanup
and refactoring -- they don't have much in common with the default YARD
templates anymore, and they work much better as API documentation.
The styling is now a little bit more "canvas-like" now, too.
Change-Id: I80edd02e63d7815a292306741f2e8ea52872aae2
Reviewed-on: https://gerrit.instructure.com/2535
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
Cody Cutrer