accepts a redirect_uri to return the code to, in addition to the OOB uri
support. matches the redirect_uri domain host against the one stored on
the developer key.
this doesn't yet include a UI for registering developer keys.
Change-Id: I6fbfe6ff3dbd6ebea9c2f9fc5ce3e45447a1cbc8
Reviewed-on: https://gerrit.instructure.com/4963
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
only accepts the first result from the ldap connection, then exits.
Change-Id: I49f1db7bb3c1bbef8e24a09ead088141b775c66c
Reviewed-on: https://gerrit.instructure.com/5197
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
also pull in course/group user so we can use it in the future
Change-Id: I34c2aea2fea9b56c988d4903fb2fcf32d96d4f10
Reviewed-on: https://gerrit.instructure.com/5190
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
optimize crosslisting itself:
* use ids where possible to avoid unnecessarily loading up objects
* Don't worry about keeping track of if we need to save; we're gonna
save anyway
* update account associations on any account change, not just root
account change (if you re-crosslist a section from one sub-account
to another sub-account, the users may no longer be associated with
the first sub-account).
optimize sis imports:
* really batch up update_account_associations
Change-Id: Ic0fbe1601afcbcd3e6540e69febc2e6a1a94157f
Reviewed-on: https://gerrit.instructure.com/5137
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
* Attempt to cache the course/section between rows
* On section change, calculate the new account associations *once*,
and use the new User#update_account_associations incremental mode
for strictly new enrollments
* Keep the account_assocations account_chain cache intact between
calls
* Fall back to global update_account_associations if too few
enrollments in the section, if not a strictly new enrollment, or
if the user is already going to be globally updated
Change-Id: I884a394aef4f4b81f4472ee3a57f89c1f72ae371
Reviewed-on: https://gerrit.instructure.com/5136
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
* Manually cache account chains (query cache gets dumped after every
update or delete)
* Use batch queries and preloads to make the number of queries
constant wrt how many users are getting updated
* Simplify calculation - find the root account ids, and merge the
account chains together
* Fix depth to be defined as the minimum depth to reach that account
(rather than whichever path happened to be processed last)
* Add incremental mode to only add accounts, rather than re-calculate
all associations (only for User)
* Don't auto-create the default section during
update_account_associations; it costs a query and possibly an
insert, causes angst with schools that don't want it, etc.
Instead, always create associations against a 'nil' section so
that a course has the proper associations.
Change-Id: I7d476d45f41d9c3e382fac9b5c0c0aaa5369b956
Reviewed-on: https://gerrit.instructure.com/5135
Tested-by: Hudson <hudson@instructure.com>
Tested-by: Selenium <selenium@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
Basically, being an admin doesn't imply full access. Instead, it
only implies :read_as_admin, which only lets you see things like
course name and section names.
Add two new role overrides:
* :read_course_content implies :read on the course
* :manage_content is now a full fledge RoleOverride instead of
an internal permission implicitly given to Teachers and Admins
Actually start using :view_all_grades override so that Admins
without it won't see grades (replaces :read_as_admin that was
granted to concluded teachers; :view_all_grades is always granted to
concluded teachers, but not to Admins).
Spiffy up several helper functions to take an array of permissions,
and return if any of them are true.
Make sure not to show course tabs that the user does not have access
to.
Fix up lots of permission checks, especially around viewing users
(:read_roster, :manage_students, or :manage_admins might allow you
to see the users in a course; :read_roster only allows you to see
prior enrollments if it was granted to you as an account admin).
Change-Id: Iafcab7956649e9d28e17bd5eedcb155a9ea76af4
Reviewed-on: https://gerrit.instructure.com/5092
Reviewed-by: JT Olds <jt@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
fixes an issue where replying to a deleted conversation from the
dashboard resulted in an error page
Change-Id: Iad772a939ce94a84417c764e5fda361db744a89c
Reviewed-on: https://gerrit.instructure.com/5151
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
simplifies RoleOverride lookup logic, and the query once again uses
the already existing index
Change-Id: I2b165b7debc9aa7aa6fd032d7917cbbc23b4361c
Reviewed-on: https://gerrit.instructure.com/5063
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
Conflicts:
app/controllers/context_controller.rb
config/assets.yml
spec/integration/files_spec.rb
spec/models/user_spec.rb
also removed test "ContextController GET 'inbox_item' should exclude
recipients if protect_recipients" since ContextMessage inbox items
aren't used any more on this branch.
Change-Id: I99d0e4914cb1bf9617993c1cb1afdbca0e9ba32f
* remove permissions that are never checked (or never checked on
Courses
* allow concluded teachers to continue to read faculty journals
* re-order the "teacher" and "admin" lines in Course so they are
easier to compare
Change-Id: I5c031ac1104904d1be74071ca86c9f899bd9d5af
Reviewed-on: https://gerrit.instructure.com/5077
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Added a step to the flash upload process in the Files section to do a
preflight check to see if there are any duplicate filenames. If there are, the
user gets the option to either rename the new files, or overwrite the existing
ones. (Overwrite means deleting them - we already have code that will redirect
to new files with the same name as deleted files if they're linked directly by
id.)
Change-Id: I926631aadcebec3cae1607f818044f7cd4b74cea
Reviewed-on: https://gerrit.instructure.com/5091
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Added a step to the flash upload process in the Files section to do a
preflight check to see if there are any duplicate filenames. If there are, the
user gets the option to either rename the new files, or overwrite the existing
ones. (Overwrite means deleting them - we already have code that will redirect
to new files with the same name as deleted files if they're linked directly by
id.)
Change-Id: I926631aadcebec3cae1607f818044f7cd4b74cea
Reviewed-on: https://gerrit.instructure.com/5091
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Basically, change from using recursive calls to a single flattened call.
Interestingly, this change caught a bug in the become user spec, so
apparently the old code wasn't quite working as intended.
Change-Id: I20fce8dbc5ca7c4797a4f8bd929202aaf8a96f9c
Reviewed-on: https://gerrit.instructure.com/5062
Tested-by: Hudson <hudson@instructure.com>
Tested-by: Selenium <selenium@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Refs #4952
* Fix saving role overrides for Site Admin account roles
* Add the following permissions:
* read_course_list (for listing or searching courses)
* view_statistics (for viewing account statistics)
* manage_user_notes (instead of being implied-ish by read_reports)
* Hide UI elements that provide access to features that are not
allowed
* Remove lots of not applicable stuff from Site Admin settings
Change-Id: I7414368b472ba655d04118db30c1bb46542deb37
Reviewed-on: https://gerrit.instructure.com/5054
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
* Remove the show_create_course_button helper, and refactor into
Account's set_policy block
* Don't implicitly give any admin :manage_courses rights (since it
can be revoked)
* Check for the correct permission on the correct account in the
GettingStartedController and CoursesController#copy
Change-Id: I6769d20c299d7e34ea83a79cdb6fab0d588122dc
Reviewed-on: https://gerrit.instructure.com/5027
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Fixing this required some minor refactoring:
* A model can now define "filter_hash_for_user" to filter serialized data out
of the model based on user. In this case, we were sending the assignment to
the browser in json, and we wanted to strip out the description if the
assignment was locked for the user.
* The lock_explanation generator was not i18n'd before. That was fixed, and
similar code in javascript was also refactored so it can be called by
anybody. (In this case, by the assignments in the calendar.)
Change-Id: Ia606be2a16df9bd87222306445f548b3a7a78801
Reviewed-on: https://gerrit.instructure.com/5051
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
closes#4623
also fixes the UI for "what-if" score showing when you really can't
use them
Change-Id: I19a5f41512e0d162a78c10b0c7c23f22624b6af0
Reviewed-on: https://gerrit.instructure.com/5030
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
- some users were showing up even though they had no avatar set
- there was a trailing " on each row
- set a max-height for avatar images
Change-Id: I0a5c36a722da13a12d06f38384434474b68bce31
Reviewed-on: https://gerrit.instructure.com/5044
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Brian Palmer