also pull in course/group user so we can use it in the future
Change-Id: I34c2aea2fea9b56c988d4903fb2fcf32d96d4f10
Reviewed-on: https://gerrit.instructure.com/5190
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
optimize crosslisting itself:
* use ids where possible to avoid unnecessarily loading up objects
* Don't worry about keeping track of if we need to save; we're gonna
save anyway
* update account associations on any account change, not just root
account change (if you re-crosslist a section from one sub-account
to another sub-account, the users may no longer be associated with
the first sub-account).
optimize sis imports:
* really batch up update_account_associations
Change-Id: Ic0fbe1601afcbcd3e6540e69febc2e6a1a94157f
Reviewed-on: https://gerrit.instructure.com/5137
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
Basically, being an admin doesn't imply full access. Instead, it
only implies :read_as_admin, which only lets you see things like
course name and section names.
Add two new role overrides:
* :read_course_content implies :read on the course
* :manage_content is now a full fledge RoleOverride instead of
an internal permission implicitly given to Teachers and Admins
Actually start using :view_all_grades override so that Admins
without it won't see grades (replaces :read_as_admin that was
granted to concluded teachers; :view_all_grades is always granted to
concluded teachers, but not to Admins).
Spiffy up several helper functions to take an array of permissions,
and return if any of them are true.
Make sure not to show course tabs that the user does not have access
to.
Fix up lots of permission checks, especially around viewing users
(:read_roster, :manage_students, or :manage_admins might allow you
to see the users in a course; :read_roster only allows you to see
prior enrollments if it was granted to you as an account admin).
Change-Id: Iafcab7956649e9d28e17bd5eedcb155a9ea76af4
Reviewed-on: https://gerrit.instructure.com/5092
Reviewed-by: JT Olds <jt@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
simplifies RoleOverride lookup logic, and the query once again uses
the already existing index
Change-Id: I2b165b7debc9aa7aa6fd032d7917cbbc23b4361c
Reviewed-on: https://gerrit.instructure.com/5063
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
Conflicts:
app/controllers/context_controller.rb
config/assets.yml
spec/integration/files_spec.rb
spec/models/user_spec.rb
also removed test "ContextController GET 'inbox_item' should exclude
recipients if protect_recipients" since ContextMessage inbox items
aren't used any more on this branch.
Change-Id: I99d0e4914cb1bf9617993c1cb1afdbca0e9ba32f
Added a step to the flash upload process in the Files section to do a
preflight check to see if there are any duplicate filenames. If there are, the
user gets the option to either rename the new files, or overwrite the existing
ones. (Overwrite means deleting them - we already have code that will redirect
to new files with the same name as deleted files if they're linked directly by
id.)
Change-Id: I926631aadcebec3cae1607f818044f7cd4b74cea
Reviewed-on: https://gerrit.instructure.com/5091
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Added a step to the flash upload process in the Files section to do a
preflight check to see if there are any duplicate filenames. If there are, the
user gets the option to either rename the new files, or overwrite the existing
ones. (Overwrite means deleting them - we already have code that will redirect
to new files with the same name as deleted files if they're linked directly by
id.)
Change-Id: I926631aadcebec3cae1607f818044f7cd4b74cea
Reviewed-on: https://gerrit.instructure.com/5091
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
changed the buttons to be actual <a>s with role=button
and use aria-checked="true/false" to reflect state.
Change-Id: I083f6db51bc5b2c4900fb9b41ac2f870247aa01d
Reviewed-on: https://gerrit.instructure.com/4920
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Fixing this required some minor refactoring:
* A model can now define "filter_hash_for_user" to filter serialized data out
of the model based on user. In this case, we were sending the assignment to
the browser in json, and we wanted to strip out the description if the
assignment was locked for the user.
* The lock_explanation generator was not i18n'd before. That was fixed, and
similar code in javascript was also refactored so it can be called by
anybody. (In this case, by the assignments in the calendar.)
Change-Id: Ia606be2a16df9bd87222306445f548b3a7a78801
Reviewed-on: https://gerrit.instructure.com/5051
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
We had some routes (like /files) listed above more specific uses of them (like
/courses/files). In those cases, when we'd build a route from a hash, the
first route would be chosen, so we'd get funky looking URLs. This worked but
was ugly. They've been moved to the end, and some old routes were removed.
Change-Id: I668e2bad7fe49204ad3b042b3f2e515b8efad2ac
Reviewed-on: https://gerrit.instructure.com/5043
Tested-by: Hudson <hudson@instructure.com>
Tested-by: Selenium <selenium@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
removed with ContextMessages by accident, should definitely not be
removed
Change-Id: Iea16aadb533afff47d9b5f61d8f81f46bfc99835
Reviewed-on: https://gerrit.instructure.com/5012
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
allowing api_key to replace authenticity_token for normal cookie
sessions would open us up to a CSRF attack, by allowing a malicious user
to use the api_key without explicitly having the user credentials.
fixes#5162
Change-Id: Ia2604a6930d660dd04a8783fc983a3fe381ff48d
Reviewed-on: https://gerrit.instructure.com/5028
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
* Add conference_close route for group conferences
* Pull *group* conferences, not the group's context's conferences
when showing the groups' feed
* Add the conferences tab (where appropriate) to the group sidebar,
so the conferences controller won't refuse to work
Change-Id: I37bfb546c4bf8ad4078e4c9ca7a7292bb475af2c
Reviewed-on: https://gerrit.instructure.com/4954
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
so developers can run rake i18n:generate_js without having a dirty assets.yml
Have to be magical about merging though two using erb in the real assets.yml.
Also split _core.js into _core_en.js (committed to repo) and everything else
in _core.js (not in repo), for the same reason.
Change-Id: I4749ee5818b9e7d4e1244c6e8295790bb1235e34
Reviewed-on: https://gerrit.instructure.com/4972
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
periods were being interpreted as the beginning of a file extension,
rather than part of the sis id. fixing this meant completely changing
our routing, unfortunately, since rails resourceful routing is very
oriented on numeric ids, with format extensions.
the .json extension is now optional for api requests, in api v2 we'll
drop it completely. there is the unfortunate edge case that a sis id
ending in ".json" can't be send through the v1 api -- except...
we also now support hex encoding sis ids in the api calls. this allows
arbitrary strings to be used. in theory this could just use uri
encoding, which is also "supported", but there are bugs in various
releases of apache and the rack/rails stack that make this impossible to
use with some characters, such as "." and "/".
the api documentation has been updated as well
Change-Id: Ifa4b529dffee0f30ef5384f94c64aa6e8f8f2542
Reviewed-on: https://gerrit.instructure.com/4940
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
changes:
* a little i18n work
* show only a certain section
* show attendance
* include ungraded assigments in score
* don't wait for first xhr to fire second
* cool drop down menu thing
Change-Id: Ie93fd06e20aec399710e32441f8d35c686fbbaf2
Reviewed-on: https://gerrit.instructure.com/4868
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
This also solves the use case of requesting a course by sis id, and
getting the internal canvas id back.
Change-Id: Ie614310a3c5a2eed668e3787a2280a8ae9f89f9b
Reviewed-on: https://gerrit.instructure.com/4901
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
- fixed the link on a teacher page in a course to show the report
for that teacher for all students in the course
- added days since submitted for each ungraded assignment
- added sorting of columns
- added link to one-click to message a specific student. This link
will only appear of the current user is a teacher in the course
Change-Id: Ic39ba72fd210411def178dc69ff35006abe96043
Reviewed-on: https://gerrit.instructure.com/4707
Reviewed-by: Brian Whitmer <brian@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
a modal dialog is presented to the user that runs several tests:
connection, LDAP bind, LDAP search, and testing of arbitrary
LDAP credentials.
Change-Id: I7bf53fb856784598367e3481008b9a7be9526c62
Reviewed-on: https://gerrit.instructure.com/4485
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
in addition:
* User#move_to_user grabs conversations
* renamed trimmed context_messages.{js,css} -> context_inbox
* renamed some css classes in context/roster since it's no longer a
form in hiding
Change-Id: I6559cdb8c9bf3123b10f9d2ddfa836f99299f8c7
Reviewed-on: https://gerrit.instructure.com/4881
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
and ContextMessages out
Change-Id: I70a17794a2054b865c719114e41537927e97dc6d
Reviewed-on: https://gerrit.instructure.com/4877
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
used by message_students dialog, creates one private conversation per
student.
Change-Id: Icd64986730e25a011cd15393e380a3d735dbe1fd
Reviewed-on: https://gerrit.instructure.com/4857
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
also fixed an importer issue, and removed translated js files from
version control (we'll generate them as part of the deploy)
Change-Id: I10be3ab1f4567a1534774f514424fd9966982c62
Reviewed-on: https://gerrit.instructure.com/4686
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
* infini-scroll images tab of wiki side bar
* load file tree piecemeal in wiki_sidebar
* load folder tree only if needed
Change-Id: Ib8d5cb567df8a2ee79935ffb3f8678a7ee5427fe
Reviewed-on: https://gerrit.instructure.com/4671
Tested-by: Hudson <hudson@instructure.com>
Tested-by: Selenium <selenium@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
This was already supported for Syslog, but not for the BufferedLogger
class. Also add an option to disable the context logging.
This also fixes a bug where the session logging was always using the
default session cookie name (_normandy_session), rather than the
configured one.
refs #5094
Change-Id: I4c8389f1051a70c25a92bfe018044cd15f45422b
Reviewed-on: https://gerrit.instructure.com/4795
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
This works more seamlessly with our deploy process, and fixes
canvas:compile_assets which was now requiring a full rails environment
to be set up.
(also, it's faster)
Change-Id: I98eae23c9c75051815e70da99b32695c796c5c80
Reviewed-on: https://gerrit.instructure.com/4725
Reviewed-by: Zach Wily <zach@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
This was already a small issue if the job queue was on a different
database driver than the main database, and it'll become more important
as more AR connections are introduced.
Change-Id: I204becadd32bb935df096e8c937a04bb6962f0b2
Reviewed-on: https://gerrit.instructure.com/4601
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
the biggie here is to dup options, so that :methods doesn't keep
compounding itself when converting a collection of objects to json
Change-Id: I501cf8c257c8fa2ffa7e15d1cf2a3fe2734c8512
Reviewed-on: https://gerrit.instructure.com/4666
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
also enabled en fallbacks (this is only needed for things that don't
have an explicit default, like localize calls)
includes auto-generated js translation files
Change-Id: If246a6a96b1e9f6934f84ff6e65e0372a60d247a
Reviewed-on: https://gerrit.instructure.com/4597
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
also adds enrollments in batches, instead of one at a time via ajax.
closes#4835
Change-Id: Ic2aac24db2c4d5fb4482901daf8627419c548e37
Reviewed-on: https://gerrit.instructure.com/4584
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
uses coffeescript, slickgrid, actual canvas APIs
reachable at /courses/x/gradebook2
does not include commenting or things external
to the grid like filtering and sorting options
Change-Id: I6967c2dbdd16f7ea4d8c1ad1995511d7c498226a
Reviewed-on: https://gerrit.instructure.com/4371
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
this initializer does two things:
1. it includes the core/default en translations for things like date/time
formats
2. it includes the corresponding localization file for each bundle (if
present). these will be generated offline by an as-yet-unwritten
js translation generator
Change-Id: If588cb287b027f3de62e8113dc8fa8977f41e830
Reviewed-on: https://gerrit.instructure.com/4244
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
* updated implementation of Course.manageable_by_user
* added method User#manageable_courses
* renamed some "courses" methods and routes to "manageable_courses" to
reflect the reality of the query
* changed population of @possible_courses in
ContentImportsController#copy_course to use User#manageable_courses
like UsersController#courses was (now #manageable_courses)
* fixed the "no courses" condition in copy_course.html.erb to look at
@possible_courses for consistency
Caveat: @possible_courses in #copy_course was previously explicit about
trying to pull in courses cross-listed against the sections of the
target course... but only if they were manageable by the user. That is
no longer explicit in the new implementation, but they should still be
included implicitly, as well as other courses manageable by the user
that wouldn't have been listed before; I believe this is an enhancement,
not a regression.
Fixes#4735.
Change-Id: I38cf3e0a1b2478ad32243a0bb0d73c796fc775e0
Reviewed-on: https://gerrit.instructure.com/4117
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Also, keyboard shortcuts are borken, but that problem already existed prior
to this change.
Change-Id: I891ba4192f6a4a98613c89df10cd97b7cc762c18
Reviewed-on: https://gerrit.instructure.com/4240
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Now that that the block passed as a periodic jobs is already running as
a delayed job, it's pointless to just turn around and schedule another
delayed job inside the block.
Also make periodic jobs default to low priority and force max_attempts =
1.
Change-Id: Ib453df3cdecca2fcaddf70ee8d2ef731e7f1d65b
Reviewed-on: https://gerrit.instructure.com/4210
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Twitter recently stopped offering whitelist
exceptions for things like direct messaging. We are
trying to work around the limitations by having
a user direct message themselves instead of having
some global account user that direct messages everyone.
Also added a "short_host" method for HostUrl that
in the future we can use to generate short-ish links
to include in tweets. For now the links are somewhat
short, at least.
refs #4045
Change-Id: Iad59b979b166d572827a8ce16d3f9fcdd57d512d
Reviewed-on: https://gerrit.instructure.com/2938
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
* to apply the same one multiple times
* be safe with multiple wrappers that different only in the number
of repetitions of the same character
Change-Id: I5d86bf265b530f6e400e076a735323851d40ed9d
Reviewed-on: https://gerrit.instructure.com/4187
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
To simplify the queries done on jobs:
* failed jobs now go in a separate table
* jobs that go past their max_run_time don't immediately get re-run.
instead a periodic job goes through every 5 minutes and unlocks
expired jobs
* strand performance is much improved
* we filter out jobs that can't be run because of strand
restrictions completely in the database query now
* better indexes help with these queries and the sub-select
Change-Id: Ida494da2fcec409bff330b7676c9a6b9413b3a06
Reviewed-on: https://gerrit.instructure.com/4163
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Not just if the first arg is a symbol.
Change-Id: Id94a21e939df5468417adaf4dc31c838f016a906
Reviewed-on: https://gerrit.instructure.com/4150
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Concluded teachers should be able to see quiz statistics,
a read-only view of quizzes, student grades, discussions,
files (including download). They should not be able to
change any grades, however.
fixes#4059
Change-Id: Ie44a29074ec27b9d0afb908b31f51b46b0e98728
Reviewed-on: https://gerrit.instructure.com/2783
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Adds the ability for admins to configure a second LDAP server that will be
queried after the primary, assuming the user could not be found on the
primary. This is a slight refactor towards a more flexible authorization
configs model. Changes include:
* changed the authorization relationship on Account to has_many
* for backwards compat with all the code that assumes one config, added
a convenience method to Account
* refactored the auth config editing screen to send multiple configs at a
time
* modified the pseudonym to iterate over all the auth configs (when using
ldap), stopping at the first one that succeeds
Change-Id: I6bae474f542e8c7046f07d4ab2c27e7d6f64a1ce
Reviewed-on: https://gerrit.instructure.com/4108
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
also limit the job to one attempt
Change-Id: I65bad8ae6e7aa79e4916d4f5f03ef67d2dc683de
Reviewed-on: https://gerrit.instructure.com/3980
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Added support for oauth 2 API requests. HTTP Basic
only works for Canvas-auth and LDAP accounts, but
oauth 2 will also work with SSO accounts. Also added
ability for users to create access tokens from the
profile page.
Change-Id: I13581b4e77bfa77bf11dbb732900012dd1e50ede
Reviewed-on: https://gerrit.instructure.com/3775
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Right now this is just a data dump, pretty much.
Change-Id: I401cef17e2129556d99ca0a6547ae52712915650
Reviewed-on: https://gerrit.instructure.com/3970
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
This still logs a bunch of annoying info-level messages once a minute,
but at least they go to the defined logger now instead of stdout
Change-Id: If5dfd32f22497d2e6031005a8467aab51d40859d
Reviewed-on: https://gerrit.instructure.com/3936
Reviewed-by: Zach Wily <zach@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Now when adding ?become_user_id=XXXX to a URL, the admin will be redirected to
a page where they confirm that they want to masquerade as that user. This is
to prevent people from being able to change who an admin is logged in as with
simple img links.
It also adds a "Stop Masquerading" link to the identity bar.
Thanks to Patrick Michaud for pointing this out. Fixed gh issue 22.
Change-Id: I196f9f1412022de371da7a8f4670bcd4a1c35653
Reviewed-on: https://gerrit.instructure.com/3904
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
previous this was only supported for the main session cookie, not the
secondary psuedonym session cookie.
Change-Id: I4be70774baf49cfa1e3009ff6a83287c084a0e53
Reviewed-on: https://gerrit.instructure.com/3840
Reviewed-by: JT Olds <jt@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
- can attach a grading standard to a course
- interface for managing standards at the course
and account level
- added final grade to gradebook page
- added final grade to student grades page
- added final grade to gradebook csv export
fixes#3868
Change-Id: I555b9f66b621d8967e893e50a671748267da9373
Reviewed-on: https://gerrit.instructure.com/3025
Tested-by: Hudson <hudson@instructure.com>
Tested-by: Selenium <selenium@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
user_content will now work for any arbitrary RTE field, no matter if it
came from a column, a string nested three levels deep in a serialized
column, whatever.
let's call this technique "controlled XSS injection"
Change-Id: I56eed1f9b546ac7849dc60faa0f2b3801231131e
Reviewed-on: https://gerrit.instructure.com/3704
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
periodic jobs are no longer run as a separate worker process, and will
be processed by all job nodes. now there's no longer a concept of a
"master" job node, all job nodes are equivalent.
Change-Id: I7110872c7895453adfea5401d15db504dd73a850
Reviewed-on: https://gerrit.instructure.com/3686
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
and some work on delayed_jobs refactoring
refs #4226
Change-Id: I21a91a44368e77aef4a75e0d30cefe252a901691
Reviewed-on: https://gerrit.instructure.com/3640
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
This is permanent, if a stream item is updated it doesn't re-appear on
the dashboard. This is done by marking the stream item instance as
hidden, which means adding the hidden field to the two indexes.
Change-Id: Ifa544cef4ea2d46f4214e8317af4c9e3baed76eb
Reviewed-on: https://gerrit.instructure.com/3603
Tested-by: Hudson <hudson@instructure.com>
Tested-by: Selenium <selenium@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
This should allow open source installs to now set up
their own Facebook apps if desired. The facebooker
gem is no longer required and configuration now
happens in a plugin instead of a yml file.
fixes#4509
Change-Id: Iec76dc8c31f0ad0276e992319f368826baa4ccc5
Reviewed-on: https://gerrit.instructure.com/3545
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
the attachment has its context set to the submission, which we don't
handle as a context anywhere currently. Rather than try to shoe-horn the
submission into a context role, we allow using the /files urls without
any context at all (we still check permissions on the attachment of
course). this fixes some safefiles issues as well.
Change-Id: Iec12b02f16f01f795f70a6f4ed8a152b7661e000
Reviewed-on: https://gerrit.instructure.com/3557
Tested-by: Hudson <hudson@instructure.com>
Tested-by: Selenium <selenium@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
there was hidden brokenness that i exposed in a recent change
Change-Id: I02712d099a662bba672a2f1cc340b90d6164f177
Reviewed-on: https://gerrit.instructure.com/3529
Tested-by: Hudson <hudson@instructure.com>
Tested-by: Selenium <selenium@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
in production mode we now cast to the appropriate type and issue a warning
if it can't be cleanly cast (e.g. '' -> 0). if all arguments are nil (or
empty arrays, e.g. find_by_id([])) and we aren't in a scope, issue a
warning (sometimes we really do want nil when we're in a scope, e.g. line
216 of app/models/folder/rb).
in development/test mode, we now raise errors in the two warning scenarios
above (though that is configurable).
fixed several places in the code where specs failed due to the change, or
where inputs to dynamic finders looked problematic
Change-Id: Ifea851cb14d3e89b6df08ade8e83934579678f8b
Reviewed-on: https://gerrit.instructure.com/3434
Reviewed-by: Zach Wily <zach@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Sections can be manually cross-listed into another
course. Teachers/admins can use the search tool to
find a course, or manually enter it's id/sis_id
to select it as a destination. Cross-listed sections
and also be manually un-cross-listed.
fixes#3759
Change-Id: I65ac76c80e7cf2703ba3c5d4c63801b6b7a348a1
Reviewed-on: https://gerrit.instructure.com/3173
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
this makes it so devices without flash (eg: iThings) can
view documents inline.
Includes a few other changes:
* add UI to account/settings page to enable/disable 3rd
party services (i.e. google docs previews, twitter, linkedIn)
-- you can disable these previews there.
* use DRYer API for embedding scribd docs this also makes
them ready if/when we switch to ssl
* open documents on show_preview page in a modal window
instead of inline in the list (which would grow a
little wider every time you mouse over it) fixes#4004
* use all available screen real-estate on files#show page
(before it would only use 400px of height).
fixes#4007
Change-Id: I0bb4b10c75c2217f35e0361bef61ca0b602533a9
Reviewed-on: https://gerrit.instructure.com/2662
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
you can pass quick=true to to disable style guideline
checks and only check for syntax errors.
this will also spit out javascript style warnings using
jshint and gjslint. I have not nailed down exactly
which things we want to warn about, we can talk about
it and come to a consensus on what we care about.
I do not necessarily think that we should
use both jshint and gjslint, I just put them both
in to show what kind of things they can check for.
in order to use gjslint, you need to install
it from http://code.google.com/closure/utilities/
Make your .git/hooks/pre-commit look like:
rake canvas:check_syntax:changed quick=true
to not allow committing js with syntax errors
Change-Id: Icfc21c2d30f60dc2fafef80d5c93432b6309afdb
Reviewed-on: https://gerrit.instructure.com/2908
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
It'd be nice to have a UI for this at some point
Change-Id: I74029e709a69705eba7e16f50a7fb6d4030259d1
Reviewed-on: https://gerrit.instructure.com/3138
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
started the framework for importing the canvas flavored
common cartridge packages. There is also some minor
refactoring of the export step to allow for easy testing
of both exporting and importing
course settings, assignment groups, and external tools
are imported and tested with this commit
refs #3396
Change-Id: I4e8a2ebfc9df7e31f8859b189fea23f9584d7ef4
Reviewed-on: https://gerrit.instructure.com/3042
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
This solves a few problems.
- will make it easier to support HTML5 video playback
for systems that don't handle flash
- first step toward making it possible for canvas
installs to migrate from one kaltura instance to
another by making a place for us to put some
additional logic if necessary
- third parties getting data from us are no longer
forced to find and handle media comments in order
for them to work, since this adds a fallback url
refs #4083
Change-Id: I729aaf88378a30bda2126bfca2b2a48ec14bb386
Reviewed-on: https://gerrit.instructure.com/2901
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
* Uses Mailman gem
* Can be configured for POP3, Maildir, or stdin (push from mailserver)
* Maildir can be chained with fetchmail or similar to support IMAP
* Can be run as part of the job server, or as a separate process
Change-Id: I000000000000000000000000000001
Reviewed-on: https://gerrit.instructure.com/2971
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
store a hash of the key in the database when it's first set up, and
check it every subsequent time we load the environment, aborting if it
doesn't match. also provide a way to overwrite the hash in the db (via
env var and/or rake task)
Change-Id: I2a9f75cc850698ca247f39702a703c486fb7413d
Reviewed-on: https://gerrit.instructure.com/2972
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
Quiz statistics weren't supported for all question
types. Also added a csv export of the raw quiz
results data, with an attempt to make the data
meaningful even for complex question types.
fixes#4134
Change-Id: I55d1a21eed1cd6813fe0500190a1c0cc5fc038ab
Reviewed-on: https://gerrit.instructure.com/2850
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
proactively found and fixed varchar(255)'s where we relied on mysql's
silent truncation. added validations for places where we want to
enforce these limits
made it so you can reuse titles/urls of deleted wiki pages, and added
validations to ensure sane urls and prevent orphaned pages
Change-Id: I15bcc0c7a751efba1a0f7548e9989ad2ea1792bf
Reviewed-on: https://gerrit.instructure.com/2935
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Question banks can be aligned to outcomes that
are part of the same context. Whenever students
take a quiz with questions from the bank they'll
get evaluated for the linked outcomes based on
the points they got for each bank question.
Also fixed a bug which may or may not have existed
before this commit that unexpectedly deleted quiz
submissions when a user tried to re-take a quiz.
refs #3317
Change-Id: I744af3915672a5e260b078503e0bc648c238eca9
Reviewed-on: https://gerrit.instructure.com/2641
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
A background periodic process pulls them off the queue, consolidates
updates, and writes them to the database.
Change-Id: I854b57932e3f6e311ce8c67971ed5208034ca6a5
Reviewed-on: https://gerrit.instructure.com/2803
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Accounts can specify a destination email address or URL
endpoint that will receive messages as error reports are
created if the feedback button is enabled. This could
be configured before, but it wasn't straightforward
how to go about doing it.
fixes#3410
Change-Id: Ibd28ebf14c876fb216b14d3d56e622fc009aa2ba
Reviewed-on: https://gerrit.instructure.com/2739
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
each of these will only be enabled if the browser
supports it, if not no problem.
Change-Id: Ie481737121d515a0a5d7c89aa8d4e89e78170901
Reviewed-on: https://gerrit.instructure.com/2788
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
this'll let you run script/console and such without having to cd to the
rails root dir first.
Change-Id: Ic2ff10652afc92ac1e5dc4ebfef97a9a27059e29
Reviewed-on: https://gerrit.instructure.com/2790
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
- external tools can be added on the course/account
settings page
- external tools can be linked to from within modules
- clicking a tool in a module will load a new page
with the tool embedded in an iframe
- see context_external_tools for standard procedures
on retrieving settings for a specific link
fixes#4013
Change-Id: I8aa1934f8deac9af26d74036162b34fd1c4242e1
Reviewed-on: https://gerrit.instructure.com/2601
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
this adds rubric configuration for forum assignments
and graded quizzes
refs #3317
Change-Id: Ide6f95a934730c6742fed0a2dff98462b1fbc263
Reviewed-on: https://gerrit.instructure.com/2540
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
This avoids a slew of redirects when a logged-in user hits "/". I've
added a 301 redirect from /dashboard to / for backwards compatibility.
If they're not logged in, they'll get redirected to /login. So the
visible behavior stays the same, it'll just be snappier for already
logged in users.
Change-Id: I1074d3e1f61033c9081b77cc2441211624ee2ec2
Reviewed-on: https://gerrit.instructure.com/2656
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
Moved expire_after into the session options, so it'll work for memcache
session store too. And only run the periodic job to clean out AR
sessions if we're using AR sessions.
I also removed the created_at condition -- it was kind of redundant
anyway.
Change-Id: Ic2dc1d90d08c20851553c8eeaa814c001e76145d
Reviewed-on: https://gerrit.instructure.com/2635
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
This will allow things outside of controller actions, like the soap
endpoint, to use this information and ensure that account-specific
request settings are set properly.
refs #3760
Change-Id: I85284d42b3206ff362c4aee6a998737ab89fc4b7
Reviewed-on: https://gerrit.instructure.com/2579
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
By scoping the finds to the user, we can avoid a lot of grants_right
lookups and the associated db queries. This is especially helpful for
users who belong to a lot of groups or courses.
Change-Id: I31e22ecddf9456734d6c1297d776a8353e43a526
Reviewed-on: https://gerrit.instructure.com/2486
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
added wimba web conferencing support, moved dimdim config into plugin
settings, fixed a few web conferencing ui issues
Change-Id: I6b36b0e594a9f296d14cd35bec02186478bcbd13
Reviewed-on: https://gerrit.instructure.com/2343
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
This involved some refactoring, since we were using
ActionMailer::Base.smtp_settings[:domain] for generating "From"
addresses.
Change-Id: I6cac6d48971d396a56e07314e042b63a0081a4b6
Reviewed-on: https://gerrit.instructure.com/2398
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
round one in moving all the yml files to the plugins system instead
Change-Id: Id255c15d14d27bce232606ece6bd00eb7e094749
Reviewed-on: https://gerrit.instructure.com/2339
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
On large quizzes there were problems both while
taking and editing the quiz because of all the DOM
elements. Part of the solution was using more event
delegation, and part was rendering smaller
partials when editing quizzes with lots of questions,
and then loading the full details of only the
questions that the user wants to edit/view.
fixes#3771fixes#3817
Change-Id: I73aabe79323c1879d7fc8985d1709751271730f2
Reviewed-on: https://gerrit.instructure.com/2290
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
observers can now be linked from either the course
details page or the user details page inside a course.
Fixed some bugs in this and made the code a bit
cleaner.
refs #3315
Change-Id: I004bc11d823fffcc76ab5b74ee235979248cae4d
Reviewed-on: https://gerrit.instructure.com/2263
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
also some UI fixes for the plugin page
Change-Id: I161c458756c20e034c29d4515801fd9f6427aa53
Reviewed-on: https://gerrit.instructure.com/2093
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Ryan Shaw <ryan@instructure.com>
account admins can create "Alerts" from the account
settings page that show up as sticky messages on the
user dashboards. The alerts stay until the end_at
date, or until the user clicks the "close" link. If
you add an alert to the site_admin account then it's
considered a global alert and will go to all root
accounts.
fixes#3738
Change-Id: I47e6eaf717145af24d847d4387e0ad5c36800094
Reviewed-on: https://gerrit.instructure.com/2293
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
also added option for plugins to provide validation on
their settings page. I need this for some of the
more complex settings we'll have to put together
as we move stuff from yml files to settings.
Change-Id: I78e6e3cd423e7ef7e15eafae86db8337f605be3a
Reviewed-on: https://gerrit.instructure.com/2247
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
2 things:
1. styled the file uploads for: thing so that it
is not so ugly.
2. if anything in the file list is a swf, when
they click it embed it inline with wmode: opaque
so that it doesn't appear on to of everything
(like the students dropdown in the speedGrader)
Change-Id: Ifcc1044d5256269f1f8b5549f1fb51fde088dba8
fixes: #3497 and zendesk #4562
Reviewed-on: https://gerrit.instructure.com/2192
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
Teachers can specify an IP filter for a quiz, which
means students are only allowed to take the quiz
when their current computer's IP address matches
the specified filter. The initial request to start
taking the quiz and any subsequent requests to
backup or submit the quiz attempt must all come
from a valid IP address.
Admins can pre-define named filters
so that teachers don't have to manually enter
filters all the time. They can instead find them
from a provided list.
Change-Id: I59b6d8ddd31409fc9bd150ed695935ad2f458f86
Reviewed-on: https://gerrit.instructure.com/2167
Reviewed-by: Brian Whitmer <brian@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
- added a moderation link on the quiz page
- moderators can see current quiz results for students
- moderators can add time to a current quiz attempt
- moderators can manually unlock a quiz for a student,
which means the student can take the quiz even if
it's locked for everyone else
- moderators can give a student extra time for every
subsequent attempt of a quiz
- moderators can give a student extra attempts on a quiz
- moderators can also update these settings for multiple
students at the same time
Change-Id: I31c34097fc6e19d8c6e377a6059568e591ffbab8
Reviewed-on: https://gerrit.instructure.com/2166
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
migrations were previously limited to being on the same
job server, now the exported data is uploaded back to
canvas and downloaded again for the importing step
closes#3519
Change-Id: I24deaf4bc1811c4b66b1a2cf79f311ffc1fa9906
Reviewed-on: https://gerrit.instructure.com/2178
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
When we import quizzes from another system we leave
them all unpublished so the teacher can review
the import results before publishing. This adds
a "Publish Multiple Quizzes" button that will,
well, publish multiple quizzes -- at the same time.
fixes#3636
Change-Id: I9b762da0e938a0b2e1986e3bdb9a216dd5bc7142
Reviewed-on: https://gerrit.instructure.com/2175
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Jacob Fugal