in rails 3, .new is analogous to .build for collections, so otherwise
temporary records will be added to the collection (and be autosaved)
Change-Id: I08ce7b4b35ee35646aff3afd237bbe896162a014
Reviewed-on: https://gerrit.instructure.com/30334
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
converting for:
role overrides controller
sections controller
sis imports api controller
submissions api controller
submissions controller
Contributed by github.com/mcgachey
Fixes SIS-146
Currently, some API objects are documented using the @object tag, and
others are documented using @model. The @model tag is preferred because
it provides more information in the machine-readable Swagger documents
generated by the API documentation build step. For example, the @object
notation does not give a way to specify that a model property contains
an instance of another type. This complete information is necessary in
order to build an SDK generator.
This change converts the @object notations into @model, adding missing
type information and correcting inaccurate data (for example, dates were
typed as "string" in the existing JSON documentation). Embedded types are
also separated out so that their format can also be documented - this
information was previously lost.
The change also makes two minor fixes to the HTML and JSON documentation
generators. The HTML generator is fixed so that a missing documentation
string is ignored rather than being shown as an empty comment, and the
JSON generator is modified so that the Model-level documentation and
required attributes are properly provided.
Note that the JSON generated here is not fully-complient to the Swagger
format. Swagger does not support a Map structure, but the Canvas API
uses (semi-)arbitrary key/value dictionaries in a few places. In those
instances the properties are typed as "map", but this is not a part of the
Swagger spec. Any cleaner alternative approaches here would be welcome.
Change-Id: I6c878eaeab2f41a15a5a323abe35ae6c7d9287dc
Reviewed-on: https://gerrit.instructure.com/30004
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
test plan:
- have two courses (A and B) in the same root account
- create a SIS ID for course B
- for course A, go to Course Settings | Sections
and click a section
- press the "Cross-List this Section" button
- in the box labeled "enter the course's ID", enter the
SIS ID of course B and press Tab
- you should see information about course B under
"Selected Course", and the "Cross-List this Section"
button should be enabled
- the normal numeric ID of the course should work too
(e.g., 74)
- as should the shard-aware one (e.g., 1~74)
- enter an invalid ID in the box and press Tab, and
you should see a "Not authorized" message, and not a
"Confirmation failed" message
fixes CNVS-1873
Change-Id: I82eb6bcd123267f9f7efc8168459f08fc733a8ff
Reviewed-on: https://gerrit.instructure.com/29214
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Matt Fairbourn <mfairbourn@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
refs CNVS-7597
render :json => thing will call ActiveSupport::JSON.encode(thing) unless
thing is a String. ActiveSupport::JSON.encode(thing) just calls
thing.to_json but with some circular reference checking that we want. we
may also want enhance ActiveSupport::JSON.encode to do additional
processing, and calling to_json straight up would bypass that.
in the cases where we do need to do the structural transformation before
passing to render :json (e.g. because of need to pass arguments), use
as_json to do structural transformation only, vs. to_json that does
serialization of the as_json result.
adds a rake task to lint the controllers to enforce as_json over to_json
in render json calls.
test-plan: heavy regression testing; no end behavior should change
(except a pair of serialization bugs that got fixed)
Change-Id: I7a91a9fe0eca70456bc5bca233f0ed6b27a54aaf
Reviewed-on: https://gerrit.instructure.com/23650
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan:
* after adding, updating or deleting a course section:
* on the people page, for a student, click on "Edit Sections"
* should use the updated sections
fixes #CNVS-6034
Change-Id: I91d402f77637d4097b5ecb2a8d8064842b28bf7e
Reviewed-on: https://gerrit.instructure.com/21834
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
fixes CNVS-6507
test plan:
- remove the following permissions for TAs
* "See the list of users"
* "View all grades"
* "Edit grades"
- hit the list sections api, both with and without include[]="students"
- either way, you should get a list of sections, but students should not be
included in the list.
Change-Id: Iae910ec9f7ad32bdb8518176035550861230dc55
Reviewed-on: https://gerrit.instructure.com/21797
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
Reviewed-by: Cameron Matheson <cameron@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
fixes#11565
test plan:
- look at generated documentation for sections api
- create, update, and delete course sections with the API,
checking the following:
- verify documented parameters are accepted
- verify the Section json object is returned
- verify the SIS ID can only be set by admins
- verify students can't create/modify/delete sections
- verify you can't delete a section that has
active enrollments
- cross-list a section using the API
- make sure it requires admin privileges
- make sure it fails if the target course is in
a different root account
- un-cross-list a section using the API
- make sure it requires admin privileges
- make sure it fails if the section isn't
cross-listed
Change-Id: I9dbf2541f5f88f015514830e6cc79a564b1ff3c3
Reviewed-on: https://gerrit.instructure.com/15234
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Sterling Cobb <sterling@instructure.com>
fixes#10556
users with :manage_grades permissions that don't have
:view_all_grades permissions should be able to view and
use the gradebook without receiving permissions errors.
test plan:
* create a custom role that has :manage_grades permissions
but not :view_all_grades permissions;
* as that user, attempt to load gradebook2 and verify that
it loads as expected.
* smoke test other roles to ensure that they continue to
work as expected.
Change-Id: Ifbf2c2d9352fe6429497b5c54c269c4973ba7a26
Reviewed-on: https://gerrit.instructure.com/13781
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
fixes#10688
test plan:
- make a course and a section, note the id of the section
- delete the course
- try to access the section via /api/v1/sections/:id
- it should say the resource doesn't exist
Change-Id: I26f3eb3817bf92add82c08332b8b0d448bc84b6b
Reviewed-on: https://gerrit.instructure.com/13800
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes#8181
users with :view_all_grades permissions were able to see
gradebook1, but not gradebook2. this change gives them permission
to load the page as well as permissions to make the api calls
necessary to get all of the gradebook2 page data.
test plan:
* create a new account-level role with only permissions to
view all grades;
* navigate to an existing course's gradebook;
* verify that the page loads and data displays as expected.
Change-Id: I9e5f01e889126eb6675095bafe5510be5045009e
Reviewed-on: https://gerrit.instructure.com/12555
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Move CoursesController#sections to SectionsController#index, api-ify
SectionsController#show, refactor out sections_json, and bring docs
up to newer standards (@returns)
test plan:
* ensure /api/v1/courses/:id/sections still lists sections, and
includes of students works as well
* /api/v1/courses/:id/sections/:id should return some basic
section info
* test that you can't find a section for the wrong course
* test /api/v1/sections/:id works for raw ids and section ids
Change-Id: Ie6bf2257e0138ff7a76a5670a6cc041fcce0cd54
Reviewed-on: https://gerrit.instructure.com/12117
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
allows course admins to view the course from a student perspective. this is
accessible from a button on the course/settings page. They should be able to
interact with the course as a student would, including submitting homework and
quizzes. Right now there is one student view student per course, so if the
course has multiple administrators, they will all share the same student view
student.
There are a few things that won't work in student view the way the
would for a normal student, most notably access to conversations is disabled.
Additionally, any publicly visible action that the teacher takes while in
student view will still be publicly visible -- for example if the teacher posts
a discussion topic/reply as the student view student, it will be visible to the
whole class.
test-plan:
- (the following should be tried both as a full teacher and as
a section-limited course admin)
- set up a few assignments, quizzes, discussions, and module progressions in
a course.
- enter student view from the coures settings page.
- work through the things you set up above.
- leave student view from the upper right corner of the page.
- as a teacher you should be able to grade the fake student so that they can
continue to progress.
- the student should not show up in the course users list
- the student should not show up at the account level at all:
* total user list
* statistics
Change-Id: I886a4663777f3ef2bdae594349ff6da6981e14ed
Reviewed-on: https://gerrit.instructure.com/9484
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes#7600
test plan:
1. add active enrollment
2. add pending enrollment
3. complete enrollment
4. view section that enrollments
are in and verify that the
enrollment count display
is less confusing
Change-Id: I72d1637665359aa75aa7a87bc399aa2d62258636
Reviewed-on: https://gerrit.instructure.com/9432
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
paginate enrollments by loading them through the api. load
new pages by clicking 'View More Enrollments' link.
affects: sections controller
test plan:
* create course with large number of students (~ 500);
* visit course section page (/courses/:course_id/sections/:id);
* verify that page loads first 15 of both current and completed
enrollments;
* verify that if no enrollments exist in a category, a 'no enrollments
found' message is displayed;
* verify that clicking 'Load More Enrollments' loads another page
of enrollments;
* load a course with < 15 enrollments, verify that no 'View More
Enrollments' link is displayed.
Change-Id: Ied7ccdd8e59a56bef44ffbb07292ecfc0cb97ec5
Reviewed-on: https://gerrit.instructure.com/8365
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
closes#6251
test plan:
* uncheck the new permissions for teachers
* log in as a teacher
* verify that you can't conclude a course, or create/edit/delete sections
Change-Id: I787373442b21079e9987198d0e9b516d64542709
Reviewed-on: https://gerrit.instructure.com/7047
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
* expose sortable name directly to the user
* don't downcase it
* use a LOWER(sortable_name) index for postgres
* set sortable name as "last_name, first_name" explicitly for SIS imports
* populate sortable name intelligently in the UI
Change-Id: I476641f4817e27a11b573d91f102c5a74d3eba26
Reviewed-on: https://gerrit.instructure.com/6512
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
leave the old route in as well
Change-Id: Ifdbc4bdf9d23d866d941fac0b33cff456514e89f
Reviewed-on: https://gerrit.instructure.com/5345
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Basically, being an admin doesn't imply full access. Instead, it
only implies :read_as_admin, which only lets you see things like
course name and section names.
Add two new role overrides:
* :read_course_content implies :read on the course
* :manage_content is now a full fledge RoleOverride instead of
an internal permission implicitly given to Teachers and Admins
Actually start using :view_all_grades override so that Admins
without it won't see grades (replaces :read_as_admin that was
granted to concluded teachers; :view_all_grades is always granted to
concluded teachers, but not to Admins).
Spiffy up several helper functions to take an array of permissions,
and return if any of them are true.
Make sure not to show course tabs that the user does not have access
to.
Fix up lots of permission checks, especially around viewing users
(:read_roster, :manage_students, or :manage_admins might allow you
to see the users in a course; :read_roster only allows you to see
prior enrollments if it was granted to you as an account admin).
Change-Id: Iafcab7956649e9d28e17bd5eedcb155a9ea76af4
Reviewed-on: https://gerrit.instructure.com/5092
Reviewed-by: JT Olds <jt@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
in production mode we now cast to the appropriate type and issue a warning
if it can't be cleanly cast (e.g. '' -> 0). if all arguments are nil (or
empty arrays, e.g. find_by_id([])) and we aren't in a scope, issue a
warning (sometimes we really do want nil when we're in a scope, e.g. line
216 of app/models/folder/rb).
in development/test mode, we now raise errors in the two warning scenarios
above (though that is configurable).
fixed several places in the code where specs failed due to the change, or
where inputs to dynamic finders looked problematic
Change-Id: Ifea851cb14d3e89b6df08ade8e83934579678f8b
Reviewed-on: https://gerrit.instructure.com/3434
Reviewed-by: Zach Wily <zach@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Sections can be manually cross-listed into another
course. Teachers/admins can use the search tool to
find a course, or manually enter it's id/sis_id
to select it as a destination. Cross-listed sections
and also be manually un-cross-listed.
fixes#3759
Change-Id: I65ac76c80e7cf2703ba3c5d4c63801b6b7a348a1
Reviewed-on: https://gerrit.instructure.com/3173
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
James Williams