fixes CNVS-39004
this was allowed before, but was disallowed because it broke I18n
(see CNVS-37038). we will use the same technique we used with
the menu name in CNVS-38421 to allow link text and subtext to be
customized, or localized if it isn't customized; namely, we will
not store the saved value if it matches the default value from
the code in the locale of the user saving it.
test plan:
0. enable help links by doing the following in a Rails console:
Setting.set("show_feedback_link", "true")
1. still in the Rails console, clear existing custom link
definitions, if present, as follows:
a = Account.default
a.settings.delete(:custom_help_links)
a.save!
2. start your server with RAILS_LOAD_ALL_LOCALES=1
3. go to /accounts/1/settings and edit the text of one of
the default help links (note the URL is still immutable).
Save account settings.
4. change your language to Spanish.
5. go back to /accounts/1/settings, and the link text you
edited should be what you set it to. the other links
should be displayed in Spanish.
6. edit another link and save.
7. switch back to English. the two links you edited should
remain edited; the others should now show in English.
Change-Id: I44bd407c57f88166562b7e0745560133e78ad4ea
Reviewed-on: https://gerrit.instructure.com/126948
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins
QA-Review: Heath Hales <hhales@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
test plan:
0. enable help links by doing the following in a Rails console:
Setting.set("show_feedback_link", "true")
1. still in the Rails console, clear an existing custom help
link name, if present, as follows:
a = Account.default
a.settings[:help_link_name] = nil
a.save!
2. start your server with RAILS_LOAD_ALL_LOCALES=1
3. go to /accounts/1/settings, and you should see under
"Help menu options", a Name of "Help"
4. leave the name alone but change something else (such as the
icon). Save account settings.
5. change your language to Spanish.
6. go back to /accounts/1/settings, and the help menu name
should be "Ayuda" instead of "Help"
7. change the name to something else, such as "Hippopotamus".
8. change your language back to the default.
9. go back to /accounts/1/settings, and the custom help
menu name should still be what you set it to in step 7
fixes CNVS-38421
Change-Id: If78a9eadc398077403fe11afb46f4576996f54b8
Reviewed-on: https://gerrit.instructure.com/125671
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Reviewed-by: Venk Natarajan <vnatarajan@instructure.com>
QA-Review: David Tan <dtan@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
If account B cross lists a section into a course owned by
account A, then the course in account A would show up in account
B's list. This is not desired -- we only want courses
*actually made within* account B to show up in account B's list.
This will *NOT* fix the analytics routes; the changes needed
to fix that are in a different repository.
Refs CNVS-38415.
Test Plan:
* Have an account with two sub-accounts, call them A and B
* Create a course in each sub account, and put a section in
the course in account B.
* Publish these courses, and add them to the public index (in
the settings for each course).
* Crosslist the section in the course in account B into the
course in account A.
* Go to account B's page and ensure that the course in account
A is *not* there.
* Also, go to /api/v1/accounts/#/courses for each account and
check that only courses that *originated* in each account
show up in the JSON response.
Change-Id: I4db30d8b2228fee37bd53957d200a6a6d0805e7f
Reviewed-on: https://gerrit.instructure.com/124003
Tested-by: Jenkins
Reviewed-by: Mysti Sadler <mysti@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Deepeeca Soundarrajan <dsoundarrajan@instructure.com>
Product-Review: Venk Natarajan <vnatarajan@instructure.com>
add the option to course search to search either by "Course"
(as it was before), or "Teacher"
closes CNVS-33426
test plan:
- turn on Account Course and User Search feature flag
- go to /accounts/1/search/courses
- make sure course searching works as before
- make sure courses are searchable by teacher when that
option is selected
- make sure keyboard navigation/a11y are good
Change-Id: I9b4cf51e0fa29d6fd0d5dd6e28ac7ed90e9582f6
Reviewed-on: https://gerrit.instructure.com/121070
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Jenkins
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Ryan Shaw <ryan@instructure.com>
Fixes: SIS-2914
Test plan:
- Enable all post to sis feature options
- Enable the max name length setting
- Do not set a value
- Update the account settings
- Navigate to a course
- Create an assignment with post to sis checked
- Confirm that you can save an assignment with a name up to 255
characters
Change-Id: I4d4abcf93adaa97a636cef837c1fdc7f55f7600c
Reviewed-on: https://gerrit.instructure.com/122629
Reviewed-by: Brad Humphrey <brad@instructure.com>
Product-Review: Brad Humphrey <brad@instructure.com>
Tested-by: Jenkins
QA-Review: Mark McDermott <mmcdermott@instructure.com>
fixes CNVS-38231
test plan
- delete an admin
- admin should be gone from every where
- admin should not have permissions to do stuff
Change-Id: I56c90a12b2be879c5d646c1ab6980693ff161673
Reviewed-on: https://gerrit.instructure.com/119220
Reviewed-by: Tyler Pickett <tpickett@instructure.com>
Tested-by: Rob Orton <rob@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
adds sorting to the 'Courses' and 'SIS ID' columns of the Courses tab
and the 'Name' and 'Last Login' columns of the People tab
closes CNVS-33425
test plan:
- turn on Account Course and User Search feature flag
- go to /accounts/1/search/courses
- make sure Courses and SIS ID columns are clickable and sortable
- make sure that keyboard interaction and a11y looks good
- go to /accounts/1/search/people
- do the same for the Name and Last Login columns of the People tab
add sorting by Teacher column in courses
add sorting by first alphabetical teacher to
the 'Teacher' column of the Courses tab
test plan:
- turn on Account Course and User Search feature flag
- go to /accounts/1/search/courses
- make sure the Teacher column is clickable and sortable
- make sure that keyboard interaction and a11y look good
add sorting by Enrollments column in courses
add sorting by number of students enrolled to
the 'Enrollments' column of the courses tab
test plan:
- turn on Account Course and User Search feature flag
- go to /accounts/1/search/courses
- make sure the Enrollment column is clickable and sortable
- make sure that keyboard interaction and a11y look good
add sorting by Email and SIS ID columns in People
add sorting by 'Email' and 'SIS ID' columns of
'People' search tab
test plan:
- turn on Account Course and User Search feature flag
- go to /accounts/1/search/people
- make sure the Email column is clickable and sortable
- make sure the SIS ID column is clickable and sortable
- make sure that keyboard interaction and a11y look good
change UserPane to extend React.Component
change UserPane.js to be a class that extends React.Component
instead of using the old React.createClass
test plan:
- go to /accounts/1/search/people
- make sure the user search feature works the same as before
fix queries and lint warnings
fix SQL queries based on Tyler's suggestions
and fix some lint warnings throughout
test plan:
- go to /accounts/1/search/courses
- make sure sorts still work
- make sure queries are as correct and efficient
- go to /accounts/1/search/people
- do the same
- make sure Gergich is relatively happy
sort teachers in course and lint fixes
change course search so that teachers are sorted alphabetically
within a course (if it has multiple teachers). also a few lint
fixes here and there.
test plan:
- go /accounts/1/search/courses
- make sure that teachers are sorted within a course
Change-Id: I710878bd8ce98ba2fa4eb0c357721864df338939
add a sortable column for subaccounts to course search
add a new column to course search for subaccount
make it sortable like the other columns
test plan:
- turn on Account Course and User Search feature flag
- go to /accounts/1/search/courses
- make sure the correct subaccounts are showing
- make sure the subaccount column is clickable and sortable
- make sure that keyboard interaction and a11y look good
Change-Id: Ic8b8f258c27c16982a450286f6b715c9e04d425e
fix focus for keyboard navigation in Course Search sorting
prevent the CoursesList from rerendering sometimes on sorts
so that it doesn't lose focus
test plan:
- turn on Account Course and User Search feature flag
- go to /accounts/1/search/courses
- make sure keyboard interaction doesn't lose focus
Change-Id: I6236c92f6e71596d3dc38ef756e6ac808e9e99c2
fix invalid email sorting in User Search
fix the sorting of invalid emails in User Search
so that invalid emails (that don't show up) come last
test plan:
- turn on Account Course and User Search feature flag
- go to /accounts/1/search/courses
- make sure that invalid blank emails are sorted last
Change-Id: I56e6b1e57a1d494e7667c3cfc7b14a10976ec52e
fix invalid emails showing in User Search
fix User Search so that invalid emails don't display when
the "Load More..." button is pressed
test plan:
- turn on Account Course and User Search feature flag
- go to /accounts/1/search/courses
- have more than 10 users so "Load More..." is there
- click "Load More..." and make sure invalid emails don't display
for the newly-loaded users
Change-Id: I5bc23c616ae88da73f8632699c3bde1bffee994d
fix IE11 User Search sorting issue
fix User sorting in IE11 so that it doesn't go back to the
Courses tab when trying to sort
test plan:
- use IE11
- turn on Account Course and User Search feature flag
- go to /accounts/1/search/people
- make sure sorting works (doesn't take you to Courses tab)
Change-Id: I63491ca0b08812e21ed0ed2eb2f8a4bd1b791b89
fix add user in User Search bug where email doesn't show up
fix User Search so that when a user is added, their email
shows up without refreshing the page
test plan:
- turn on Account Course and User Search feature flag
- go to /accounts/1/search/people
- add a new user with a valid email
- make sure it displays before refreshing
Change-Id: Ib339bab3ea858c7c1ab18a6065ef4936941cb24b
remove debugger
Change-Id: Ibf88893ea35d795d8966c7580100ac135c8cfe93
Reviewed-on: https://gerrit.instructure.com/120294
Tested-by: Jenkins
Reviewed-by: Ryan Shaw <ryan@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Andrew Katsanevas <akatsanevas@instructure.com>
Change-Id: I26f1ee84fb6e8652b330ca377de6b776cf9d0928
Reviewed-on: https://gerrit.instructure.com/120075
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
test plan:
* create a course with accepted student enrollments
* in the rails console, set the course to a 'created'
state:
Course.find(id).update_attribute(:workflow_state, 'created')
* the student count in the accounts course index should
not be 0
closes #CNVS-36420
Change-Id: Ibb5e8c2ce2b2db38e73bf6e72d4041eabf6b5821
Reviewed-on: https://gerrit.instructure.com/117889
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: David Tan <dtan@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
test plan:
* create a course and invite a teacher
* reject the invitation
* the rejected user should not show in the list of "Teachers"
on the account-level course list
closes #CNVS-36830
Change-Id: I1ced8d37631aed1208c4781507abb090b3290443
Reviewed-on: https://gerrit.instructure.com/111472
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: David Tan <dtan@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
fixes CNVS-33224
test plan:
* create an account on a separate shard, but without its own domain
* you should still be able to view its settings page following the
link from site admin
Change-Id: If181662c83cc78e52d17ac372afb2add596dd153
Reviewed-on: https://gerrit.instructure.com/100718
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
test plan: sanity check sorting courses on the Accounts page.
The actual issue this commit fixes cannot be reproduced except
in production-like environments with master/slave databases.
fixes CNVS-34303
Change-Id: I92211a766600bcf811bbc268c95b92b0924a67cb
Reviewed-on: https://gerrit.instructure.com/99524
Reviewed-by: James Williams <jamesw@instructure.com>
QA-Review: Heath Hales <hhales@instructure.com>
Tested-by: Jenkins
Product-Review: Jeremy Stanley <jeremy@instructure.com>
Adding a flag to the Account.settings that determines if turnitin is
enabled. The ability to set or remove this flag has been changed to
only be available to site admins. Once the flag is set to on, the
account admins will have the ability to configure the turnitin
settings. Turning this flag off will disable turnitin for the
account.
closes CNVS-33937
test plan:
- As an account admin, visit the account settings page and note there
is no turnitin checkbox nor the turnitin settings dialog.
- As a site admin, visit the account settings page and note the
turnitin checkbox.
- As the site admin, check the turnitin checkbox and save the
settings.
- Note on page reload the turniting settings dialog appeared.
- As an account admin, visit the account settings page and note the
settings dialog is present.
- As an account admin, fill in the settings dialog and save the
settings.
- As a site admin, visit the account settings page and uncheck the
turnitin checkbox and save the settings.
- Note on page reload the turnitin dialog is gone.
- As a site admin, check the turnitin checkbox and save the settings.
- Note the turnitin settings dialog appears and contains the previous
info.
Change-Id: I06e0add066794d56be27cb13250ccfa79d095e26
Reviewed-on: https://gerrit.instructure.com/98765
Reviewed-by: Spencer Olson <solson@instructure.com>
Reviewed-by: Derek Bender <djbender@instructure.com>
Tested-by: Jenkins
QA-Review: Anju Reddy <areddy@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Christi Wruck
test plan:
- go to the account course index
- enter a search term in the "Find a Course" box and click "Go"
(the term must match more than one course name)
- the "Sort" box (just above the search term on the sidebar)
should still function like it does when first entering
the page and no search term has been queried
fixes CNVS-33759
Change-Id: I3dc645afa43a2ca6fade1011cdfa20d12fd2c5de
Reviewed-on: https://gerrit.instructure.com/97549
Tested-by: Jenkins
Reviewed-by: James Williams <jamesw@instructure.com>
QA-Review: David Tan <dtan@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
Fixes CNVS-32575
Test Plan:
* As an admin, go to an account that contains multiple courses
(e.g. /accounts/1)
* There should be a "Sort:" dropdown menu on the right sidebar
under "Course Filtering"
* Changing the sort dropdown and clicking "Filter" should sort
the course list by the sort order specified
Change-Id: Iefa7adec5f02a754910a740dce06765df65d35b2
Reviewed-on: https://gerrit.instructure.com/93598
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: David Tan <dtan@instructure.com>
Product-Review: Chris Ward <cward@instructure.com>
fixes CNVS-26856
test plan
- hit api/v1/accounts/self/courses with an admin
that does not have "View the list of courses”
- it should 401
- give permission and it should work
Change-Id: Ib70361fc4c9f894fa5562d9e447e632858f31b6a
Reviewed-on: https://gerrit.instructure.com/71069
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Ethan Vizitei <evizitei@instructure.com>
Tested-by: Jenkins
Product-Review: Rob Orton <rob@instructure.com>
updated_at was off often off by 1s because we're re-serializing
Change-Id: I116cbfb042f43a63c770d3372821a59b4967c19a
Reviewed-on: https://gerrit.instructure.com/70299
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
fixes CNVS-21483
test plan:
- get "api/v1/accounts/:id/courses" with
an include[]=section param
- it is a success BUT does not return section info
- the endpoint properly responds without
the sections as well
Change-Id: Ib5c9939e7417f9907cbff35fb0132bc71107a44b
Reviewed-on: https://gerrit.instructure.com/58940
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins
Product-Review: Cosme Salazar <cosme@instructure.com>
refs #CNVS-21596
Change-Id: Ieeac300d152c512b9186aa3553b27ddc1ed449c4
Reviewed-on: https://gerrit.instructure.com/58759
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
fixes CNVS-20394
split it into appropriate concerns. main points are:
* /login never renders a login form - it redirects forward to the
default auth controller based on the first account
authorization config (or discovery url on the account)
* /login/canvas is the new home of the old login form. this form is
never rendered in-situ anymore - other places that used to render
it now redirect to /login (and then forward to here), reducing
their knowledge of SSO
* /login/ldap ends up at the same place (cause LDAP auth is handled
transparently)
* /login/cas and /login/saml redirect forward to the first SSO
configuration of the appropriate type. /login/:auth_type/:id can
be used to select a specific one
* if an SSO fails, it redirects back to /login with flash[:error]
set. this can forward to the discovery url appropriately, or
render an error page appropriately (the old no_auto=1, but now
it's not layered on top of the login partial that didn't show a
login form)
* ?canvas_login=1 is deprecated. just go directly to /login/canvas
* /saml_consume, /saml_logout are deprecated. they are processed
directly by /login/saml and /login/saml/logout
* /login/:id is deprecated - it forwards to /login/:auth_type/:id
as appropriate (presumably only saml, since that was the only
one that previously should have been using these links)
* OTP has been split into its own controller, and separated into
multiple actions instead of one all-in-one action
* /logout has been vastly simplified. the login controller should
set session[:login_aac], and on logout it will check with that
AAC for a url to redirect to after logout, instead of /login.
SSO logout is handled by each controller if they support it
test plan:
* regression test the following functionality -
* login with canvas auth
* login with LDAP auth
* login with SAML auth - and multiple SAMLs
* login with CAS auth
* MFA (configure, using, auto-setup)
* Canvas as OAuth Provider flow
* redirects to the login page when you're not
logged in
* failure of SAML/CAS (i.e. can't find user)
show a decent error page and allows retry
* "sticky" site admin auth (site admin is CAS/SAML,
going directly to another domain logs you in with
site admin)
Change-Id: I1bb9d81a101939f812cbd5020e20749e883fdc0f
Reviewed-on: https://gerrit.instructure.com/53220
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins
Reviewed-by: Ethan Vizitei <evizitei@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
this helps plugins not need to load Account in order to register a service
Change-Id: I0655f14798f5af018c5e498adc0e59013d9a2d5b
Reviewed-on: https://gerrit.instructure.com/51954
Tested-by: Jenkins
Reviewed-by: Ethan Vizitei <evizitei@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
refs: CNVS-16643
Adds a setting to root accounts for trusted referers. The field is
setup to allow a comma delimited list of hosts to trust for the account.
Test Plan:
- Edit and save the account trusted referers.
- Should show only for root accounts.
- Should format the referers according to the following rules when it
is saved.
- If the scheme is https and the port is provided it will strip
off the port.
- If the scheme is http and the port is provided it will strip
off the port.
- It will remove the path part of the url.
Change-Id: Ie916339162748cf88259ac566036fc5fa2f5d08e
Reviewed-on: https://gerrit.instructure.com/45779
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Blake Simkins <bsimkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: August Thornton <august@instructure.com>
refs: CNVS-16627
First part is to add the framework for tracking external keys. This
commit handles the ability to add multiple types easily to the
external_integration_keys with custom rights per type of key.
Test Plan:
- Make sure the section for External Integration Keys does not display
when no types are set.
- Add a few custom types to the external integration keys with all
combinations of write and read rights.
- Make sure you can edit the appropriate keys inside the account
settings page and that they are persistent.
- Remove a value from a key and it should delete the appropriate
record.
- If the user does not have access to any keys the section should not
display.
Change-Id: I37d56c3ee1bf44876c220e9d5a1ae80a22ac1289
Reviewed-on: https://gerrit.instructure.com/44161
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Colleen Palmer <colleen@instructure.com>
fixes CNVS-1552
any time the UI/API tries to "delete" a user, it should only be trying
to remove it from some root account (the @domain_root_account if not
otherwise specified). if that root account was the last root account the
user was associated with, then the remnants of the user are fully
deleted, but only then. leave User#destroy as a short-cut to delete the
user from all their accounts at once, but should not be invoked directly
from any UI/API actions.
test-plan:
PERMISSIONS
being able to remove a user from an account entails being able to:
- DELETE http://accounts-domain/users/:user
- DELETE /accounts/:account/users/:user
both should fail or succeed together
* given
- Sally who's an admin with the :manage_user_logins
permission on one account (Account1) and a student on another
account (Account2)
- Bob who's a student on both accounts
- Alice who's an admin on Account1 with greater permissions than
Sally
* Sally should:
- see "Delete My Account" on her Account1 profile
- not see "Delete My Account" on her Account2 profile
- not see "Delete My Account" on Bob's Account1 profile
- not see "Delete My Account" on Alice's Account1 profile
- see "Delete from Account1" at /users/:sally
- see "Delete from Account1" at /users/:bob
- not see "Delete from Account2" at /users/:sally
- not see "Delete from Account2" at /users/:bob
- not see "Delete from Account1" at /users/:alice
- be able to remove herself from Account1
- be able to remove Bob from Account1
- not be able to remove herself from Account2
- not be able to remove Bob from Account2
- not be able to remove Alice from Account1
* given Sally's Account1 pseudonym has a SIS ID but her Account2
pseudonym doesn't, Sally should:
- no longer see "Delete My Account" on her Account1 profile
- no longer see "Delete from Account1" at /users/:sally
- still see "Delete from Account1" at /users/:bob
- no longer be able to remove herself from Account1
- still be able to remove Bob from Account1
EFFECTS
* as Sally, remove Bob from Account1 via
DELETE http://account1-domain/users/:bob
- Bob's pseudonyms, enrollments, etc. in Account1 should be removed
- Bob's pseudonyms, enrollments, etc. in Account2 should be untouched
* repeat using DELETE /accounts/:account1/users/:bob, with the same
expectations
Change-Id: Ib7612f95d1c7e4cca36d8486950565ec096b4ab1
Reviewed-on: https://gerrit.instructure.com/41591
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
refactor everything that used to use strings for roles
to use actual role_ids
the apis should be backwards compatible so we don't need
to update (most of) the UI's right away in this commit
test plan:
* regression tests for permissions, role overrides,
alerts (for account roles), enrolling users,
adding account admins, etc.
refs #CNVS-15481
Change-Id: Id57fd3104c5c518b6fbf180609950dcddcdd474d
Reviewed-on: https://gerrit.instructure.com/41208
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Steven Shepherd <sshepherd@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
refs CNVS-15830
test plan:
* courses list for root account should still show student count and
teacher names
Change-Id: Ib65af09e3e06f7a0176fcc517d579b3ae4204053
Reviewed-on: https://gerrit.instructure.com/41804
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Reviewed-by: Nick Cloward <ncloward@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
fixes CNVS-13351
test plan:
* created an admin role that has permission to create other admins,
but that's it
* as an admin in that role, it should only show that role as one
to choose for new admins
* you should only be able to delete admins in that role
* verify both of the above are enforced via the API
Change-Id: I11459567ab184d787ee02af55280e0f4f76d47e8
Reviewed-on: https://gerrit.instructure.com/35672
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
refs CNVS-3134
test plan
- go to /accounts/self/settings#tab-reports
- titles should be translatable
Change-Id: I32d47572929a729e1d5f9dc0a2f20a229005fcca
Reviewed-on: https://gerrit.instructure.com/35827
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
test plan:
1. have two root accounts, with no trust links between them,
each with an account admin who is not a site admin
2. as a site admin, go to Account 1's settings page,
Admins tab, and inspect the element of the (X) icon that
would delete the user. you will see a URL like this:
https://<site>/accounts/1/account_users/1234
3. as the admin of Account 2, go to Account 2's settings page
and inspect the element of the (X) icon that would remove
an admin (any admin, doesn't matter which).
it should look like
https://<site>/accounts/2/account_users/5678
4. edit the page to change the last number in the URL found
in step 3, to that found in step 2, then click the X
e.g., https://<site>/accounts/2/account_users/1234
5. you should get a page error. the admin from Account 2
should not be able to demote the admin from Account 1
Note that an actual attacker probably doesn't know the
AccountUser ID of anyone in particular, but they could just
enumerate starting at 1 and ruin the day for a whole lot of
people (including us).
fixes CNVS-13032
Change-Id: If5436b10ec986f1b17635cb8cae46c951cb9ff83
Reviewed-on: https://gerrit.instructure.com/34859
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
fixes CNVS-12331
before you check out
- configure some accounts to not use calendar2
- configure some users to prefer calendar1
test plan
- ensure that everyone gets calendar2, all the time, even if they
specifically checked a box saying they don't want to use it
Change-Id: Ibe1eb6b86ccc1c9489b166c138c87a288eb91ac1
Reviewed-on: https://gerrit.instructure.com/34339
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Trevor deHaan <tdehaan@instructure.com>
Reviewed-by: Braden Anderson <banderson@instructure.com>
Product-Review: Joel Hough <joel@instructure.com>
refs CNVS-11420
test plan:
* run an account report
* refresh the settings page
* it should show that it ran
Change-Id: Ie60570db1ceaff51a4dadd0c30357c333dcabf1c
Reviewed-on: https://gerrit.instructure.com/30995
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
in preparation for rails 3
Change-Id: Ib752c02b8eb63093648843dca696f17fcc7f62ef
Reviewed-on: https://gerrit.instructure.com/26976
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
fixes CNVS-6280
refactors User#time_zone and Account#default_time_zone to return actual
time zone objects instead of strings.
Assignments to the fields accept both forms; reading the field prefers
to return a Rails friendly name, but the IANA name is easily accessible
from that object. Continue to use Rails names for the UI, but use
IANA names for the API.
test plan:
* in the UI, ensure that you can change timezones and it persists
correctly in the following locations:
* user profile as the user
* root account settings
* user page as an admin
* check the API responses for /api/v1/users/self/profile and
/api/v1/accounts/self; the time zone should be listed as an
IANA name (i.e. America/Denver, not Mountain Time)
* Update an account (PUT /api/v1/accounts/self) to change the
default time zone; ensure both friendly names and IANA names
are accepted on input, but on output the IANA name is returned
Change-Id: Ib976e7e1b2dde2639ff6fd478a59b38fdb0d07c0
Reviewed-on: https://gerrit.instructure.com/22563
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
closes CNVS-5992
test plan:
- make sure existing turnitin still works
- go to account settings, leave turnitin host blank, save
- it should still work
- change it to api.turnitin.com
- it should still work
- change it to another valid turnitin endpoint
- it should still work
Change-Id: I442871d35f3a8440f49485252cf88dd4cd441ec2
Reviewed-on: https://gerrit.instructure.com/21969
Reviewed-by: Cameron Sutter <csutter@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
Special survey account notifications (announcements) can be set up on the
site_admin account. These survey notifications will only appear for
accounts that have the "Account Surveys" setting enabled in their
account settings, and they'll only show up for 1/N users in
those accounts each month. N is configurable, defaults to 9.
closes CNVS-6036
test plan:
* On a regular account, create an announcement in account settings.
There shouldn't be any options related to surveys available.
* On the site admin account, create an announcement. Select to make it a
survey. You can leave N at 9 or change it.
* Verify that the survey doesn't show up for any users on accounts
that don't have "Account Surveys" enabled.
* Enable the "Account Surveys" setting on an account. Verify that the
survey shows up for (roughly) 1 out of every N users in the account,
on their dashboard. Change the time on the computer running canvas
to another month. Verify that the survey shows up for a different
set of 1/N users in the account.
Change-Id: If11467d2153acee24a010ba45d516b0b320a4634
Reviewed-on: https://gerrit.instructure.com/21432
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
test plan:
* in account settings - quotas tab,
set the default group storage quota
* attempt to upload files to a new group (without a set
quota) until the quota is hit or exceeded, confirming
that the set default is in effect
refs #CNVS-271
Change-Id: Ia4cbd84da19eb07d188dcc85c81c6b45bc2fa7ce
Reviewed-on: https://gerrit.instructure.com/21191
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
For instance, this allows for account services that can only be enabled
in the UI by site admins, that kind of thing.
closes CNVS-6140
test plan: specs, this doesn't add any new services yet
Change-Id: Ie330c79b75a0cf4b755d73bba57dffc64c5e6447
Reviewed-on: https://gerrit.instructure.com/21262
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
adds account setting and new user permission
fixes CNVS-4726
Testing Notes:
============
* To enable...
* Account Settings, check Feature
"Admins can view notifications"
* Account permission under "Account Roles"
becomes available under "Admin Tools"
group. Check "View notifications"
* appears under account "Admin Tools"
sidebar area on "View Notifications"
tab.
(EX: /accounts/[account_id]/admin_tools)
* Verify "View Notifications" tab does not
appear if either account setting or user
permission is disabled. (For AccountAdmins)
* Verify a SiteAdmin is able to access the
feature.
* Verify that notifications are returned
and displayed for a selected user
and date range.
* Verify it displays "No messages found"
when user doesn't exist or the user
exists but the date range doesn't
return data.
* Verify that the user_id is required when
searching
* Verify that the "To Date" cannot be before
the "From Date".
* Verify an invalid date like the word "couch"
gets ignored and the actually used date/time
is displayed in the overview text description.
* Verify searching by dates when either or both
are left blank and when both are used.
* Verify that the messages automatically
fetch more when you scroll down.
* Verify that before the results, it displays
the user's name and the dates used for the
results.
Change-Id: I9d2689b4760af57bbc2d15fd7d50610dcf593a7e
Reviewed-on: https://gerrit.instructure.com/18629
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Reviewed-by: Mark Ericksen <marke@instructure.com>
refs CNVS-4782
test plan:
- BEFORE applying database migrations, create two account
roles, one that enables "Manage account level settings",
and one that disables it.
- ... apply database migrations ...
- an account setting "Manage storage quotas" should appear
and should be enabled for roles that have "Manage account
level settings", and disabled otherwise
- ensure the following values cannot be changed
(are not editable on the web forms) if
"Manage storage quotas" permission is revoked:
in Account Settings:
- Default Course File Quota
- Default User File Quota
in Course Settings:
- File Storage
- also ensure that a user lacking this permission
cannot set a course quota via the courses API
(creating or updating a course). the value should
be ignored if the user does not have permission
to set it.
NOTE: This permission applies to accounts and courses.
There are also quotas for entire sites (for users,
course files, and media files), but these are managed
by a plugin and are not affected by this commit.
Change-Id: I4a3b0b332a5a4e74596f167360db37e2653eab70
Reviewed-on: https://gerrit.instructure.com/18887
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
closes CNVS-2351
Test plan:
* try hitting /api/v1/accounts/N/sub_accounts
* it should return the children of accounts
* hit /api/v1/accounts/N/sub_accounts?recursive=true
* it should return all descendants of the account
* don't forget to check pagination
Change-Id: I49ae54840c0bf39f1c52304a8317733eba021ae4
Reviewed-on: https://gerrit.instructure.com/17776
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
test plan:
* configure CAS or SAML on an account
* log out
* go to /accounts/self/settings?canvas_login=1
* it should render a login page with login form
* configure LDAP, disable Canvas Authentication on the settings
page
* log out
* go to /accounts/self/settings
* it should render a login page with login form
Change-Id: I40008821707a8dfde777b77b5f5e2be22aebf713
Reviewed-on: https://gerrit.instructure.com/15765
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Jeremy Stanley