Test plan:
add links to various course files in an assignment's description. The
description returned by graphql should return fully qualifed links
(the description should be the same as the description returned by the
REST api).
closes GQL-7
Change-Id: I189f45160697860201ec8fe6fe1fa2771e18cc35
Reviewed-on: https://gerrit.instructure.com/171990
Tested-by: Jenkins
Reviewed-by: Carl Kibler <ckibler@instructure.com>
QA-Review: Cameron Matheson <cameron@instructure.com>
Product-Review: Cameron Matheson <cameron@instructure.com>
test plan:
- have a course containing a page that embeds a course file
as an image in the page
- do an API request, via an account domain in another shard,
to retrieve the page content
(e.g., http://shard2.canvas.dev/api/v1/courses/1~1/pages/the-page)
and be sure to use token authentication
(e.g., Authorization: Bearer {{token}})
- ensure the URLs embedded in the API result:
1. point at /courses/1~1/files/1~X
2. include a valid verifier
fixes ADMIN-1303
Change-Id: I4c813eae5f18be5f1042e44762e1953fc658a1bf
Reviewed-on: https://gerrit.instructure.com/164761
Tested-by: Jenkins
Reviewed-by: Dan Minkevitch <dan@instructure.com>
Product-Review: Dan Minkevitch <dan@instructure.com>
QA-Review: Dan Minkevitch <dan@instructure.com>
Apache limits the HTTP response headers to 8KB total; with lots
of query parameters, link headers can exceed this.
so prioritize the links we include and don't exceed
(by default) 6KB in total.
(let's just pretend the earlier commit that omitted everything
except 'next' never existed)
Change-Id: I3ce25a433cbe9d06a80218a7cb77f4121994419d
Reviewed-on: https://gerrit.instructure.com/162501
Reviewed-by: Steven Burnett <sburnett@instructure.com>
Tested-by: Jenkins
QA-Review: Steven Burnett <sburnett@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
Apache gives us 8K of response headers. if we have a 1K URL
(with lots of query parameters), including all five Link
headers can easily put us over the limit. Omit all but
:next when this happens
Change-Id: I185d78197d700a81e721feac986241cab6225699
Reviewed-on: https://gerrit.instructure.com/162283
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Steven Burnett <sburnett@instructure.com>
Product-Review: Steven Burnett <sburnett@instructure.com>
Tested-by: Jenkins
refs QUIZ-4415
test plan:
- cr
- Quiz.Next CC import is not ready for test with only this patch
- regression on `Import Content`, to make sure:
1) `Qti .zip file` import works
2) `Common Catridge 1.x Package` import works
Change-Id: Iba2818a2b864020b6c59ef55e02f122b996e4c40
Reviewed-on: https://gerrit.instructure.com/149978
Reviewed-by: Andrew Butterfield <abutterfield@instructure.com>
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: David Tan <dtan@instructure.com>
Product-Review: Han Yan <hyan@instructure.com>
fixes CORE-763
test plan:
* set up two accounts, on different shards, and a user associated with both
* create a course on shard 2 and create a wiki page for the front page.
* create a module in that course
* as the content of the front page, embed an image from the course, and
link to the module
* using the domain of shard 1, go to /api/v1/courses/<id of shard 2>~<id the course>/front_page
* inspect the links in the returned body element. they should be using the
first account's domain, but should contain (short) global ids. there should
4 - the 'regular' URL for the image and the link, and a data-api-endpoint for each.
* exercise all 4 URLs. the HTML ones should redirect to account 2's domain,
and the API URLs should return a result directly
Change-Id: I10aa0fc1dc003a781d04ec5b230ede6aeba64fb9
Reviewed-on: https://gerrit.instructure.com/141664
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
test plan
- specs should pass
Change-Id: Iafc7c9b8ca64f32568e658b600e19c2e6f9045ca
Reviewed-on: https://gerrit.instructure.com/138026
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
QA-Review: Rob Orton <rob@instructure.com>
fixes CORE-651
test plan
- use sis_group_category_id:sis_id in a path
- it should work
Change-Id: I1a0b2cc769389bd19c594796e0e8218497612d55
Reviewed-on: https://gerrit.instructure.com/136853
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
Change-Id: I2f4ca4a671a0e5bdcfbeb90b4714465ec34acc9f
Reviewed-on: https://gerrit.instructure.com/120891
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
closes CNVS-36510
test plan:
- <your canvas url>/api/v1/users/uuid:<a user uuid>/profile will return a user profile
Change-Id: I771636daddab8d0a79e4b199da1e48032ca9a8b6
Reviewed-on: https://gerrit.instructure.com/111195
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Michael Hargiss <mhargiss@instructure.com>
Product-Review: Chris Wang <cwang@instructure.com>
fixes CNVS-35954
just use a two-stage query where we translate to an ID first, so that
we can keep the final output as a relation object
Change-Id: Ia5529e5382ceb8f1104e09f8d0a0c04fef0d9efa
Reviewed-on: https://gerrit.instructure.com/110403
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Tucker McKnight <tmcknight@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
it was being too conservative. there can actually be 19 digit IDs,
they just can't be greater than 2^63 - 1. Which we really don't care
to verify with a regex ... ruby properly parses and serializes those
into a Bignum, and postgres doesn't puke on the oversized ID, just
correctly returns no matching result.
Change-Id: Ic1f8d2e1355c6b61468e4494e68afc4c6db39434
Reviewed-on: https://gerrit.instructure.com/103100
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
fixes CNVS-33040
test plan:
- create a wiki page, and link to another wiki page with an absolute url
- save and inspect the value stored in the db
- it should be saved as a relative url
Change-Id: Iee325b84d6e7f93aec258ec2dce1c73d950df061
Reviewed-on: https://gerrit.instructure.com/94126
Reviewed-by: Brent Burgoyne <bburgoyne@instructure.com>
Tested-by: Jenkins
QA-Review: Benjamin Christian Nelson <bcnelson@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
back out of previous commit to make url scope rewrite work with
absolute urls, and instead strip the host from urls when the host
matches to requests host.
fixes CNVS-32091
test plan:
- create a link in the rich content editor in the following format
- http://some-other-domain/files/1
- save the content
- make sure the context was not added to the url
- i.e. /courses/1/files/1
- create link to a file
- save it
- make sure the url starts with "/" and does not include the domain
Change-Id: I5796db47b47c19a2d061a5e809a13c3b043e1f0e
Reviewed-on: https://gerrit.instructure.com/91748
Tested-by: Jenkins
Reviewed-by: Ryan Shaw <ryan@instructure.com>
QA-Review: Benjamin Christian Nelson <bcnelson@instructure.com>
Product-Review: Brent Burgoyne <bburgoyne@instructure.com>
fixes CNVS-24940
- Abstracts api_user_content html rewriter file handler
- Adds public_user_content helper, similar to api_user_content &
user_content.
test plan:
- Create or have a course that is whose syllabus is publicly available.
- Add a syllabus description that contains media; an inline image, audio
recording & video; links to some files.
- Observe that as a student logged in with access to the course, the
inline media is all visible, and that the linked media is
downloadable.
- Observe that as a user not logged in, without accces to th course,
the inline media is all visible, and that the linked media is
downloadable.
- Have a course with content that includes descriptions or text fields
that are edited via tiny mce / RCS.
- Make sure that some content includes inline media and linked files.
- Access this content via the API.
- Observe that media urls and links to media that are returned via the
API work outside the context of canvas-lms.
Change-Id: Id6ec39a92dcab29d6cc8c20d2e6db2aa5e8293d1
Reviewed-on: https://gerrit.instructure.com/83498
Reviewed-by: Rob Orton <rob@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Benjamin Christian Nelson <bcnelson@instructure.com>
Tested-by: Jenkins
Product-Review: John Corrigan <jcorrigan@instructure.com>
fixes CNVS-29618
The API pagination is supposed to put links in the headers
when responding to a request. Previously the polls controllers
along with anything still using the jsonapi pagination only
included the links inside the meta tag. Now the links are in
the headers as well, that way none of the api consumers will be
broken.
test plan:
1. Create some polls and poll sessions, and get it all hooked up
2. Make sure to have an access token to allow authorization for the
API requests.
3. Using an API request (i used postman) test the links, make sure
to have the per_page=1 parameter passed through the url
4. Inspect the headers in the response and notice that the links
now there.
5. You may also want to pass 'Accept:application/vnd.api+json' in
the headers alongside the authorization header. This will force
the use of the old jsonapi pagination.
6. In a browser, open the individual links from the response headers
and make sure the correct information is displayed.
Change-Id: I0df0bcc4b1f332b8a99885c57154865258db19d3
Reviewed-on: https://gerrit.instructure.com/82221
Reviewed-by: Bryan Petty <bpetty@instructure.com>
Tested-by: Jenkins
QA-Review: Michael Hargiss <mhargiss@instructure.com>
Product-Review: Derrick Hathaway <derrick@instructure.com>
refs CNVS-29727
Methods to convert hash keys named 'id' or that end in '_id' from ints to
strings, to avoid javascript floating point errors in javascript when
receiving the JSON representation of that hash.
test plan:
- make sure that if you pass 'application/json+canvas-string-ids' as an
accept header that ids come back as strings from the api
Change-Id: I0a1629f88eb8a50babefb06b075105bf8307ef94
Reviewed-on: https://gerrit.instructure.com/81427
Tested-by: Jenkins
Reviewed-by: John Corrigan <jcorrigan@instructure.com>
QA-Review: Benjamin Christian Nelson <bcnelson@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
fixes: CNVS-29413
test plan:
* set up an account with new ui, and upload a
custom css/js
* using something like postman,
make an api request to a wiki page
* it should include a <link> to that css file
and a <script> for that js file.
* make the same request from a mobile web browser
(you can fake your user agent string in safari
or chrome dev tools to fake this)
* it should not include that css or js file
Change-Id: I07493c8dc474231463cb1f97c0e07f2aad59ed0f
Reviewed-on: https://gerrit.instructure.com/79921
Reviewed-by: Simon Williams <simon@instructure.com>
Tested-by: Jenkins
QA-Review: Benjamin Christian Nelson <bcnelson@instructure.com>
Product-Review: Ryan Shaw <ryan@instructure.com>
Also adds basic test coverage around Api.paginate
Fixes PLAT-1357
Test Plan:
1) Create a test course and add 100 LTI tools to it:
course = Course.find(15)
(1..100).each do |n|
cet = ContextExternalTool.new(
url: "https://www.example.com",
name: "Tool ##{n}",
shared_secret:"foo",
consumer_key:"bar")
cet.context = course
cet.save!
end
2) Try to add an LTI tool to a module or as an
assignment, see that you can see all 100 tools.
Change-Id: I9c59d2286f928ad726917e9e794967dcf6ffca9d
Reviewed-on: https://gerrit.instructure.com/73680
Tested-by: Jenkins
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Matthew Wheeler <mwheeler@instructure.com>
refs #CNVS-26056
Change-Id: I082e29c642b9150260f6571f0aa8ef397c6e2cca
Reviewed-on: https://gerrit.instructure.com/70593
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins
Product-Review: James Williams <jamesw@instructure.com>
QA-Review: James Williams <jamesw@instructure.com>
fixes: CNVS-24787
fixes: CNVS-23964
fixes: CNVS-23957 - Handle parent account custom css/js for new_styles
test plan:
* set up a root account, child account, and grandchild account
* use theme editor to set a custom css/js file for each
(eg: for css `* {color:red}` and for js 'console.log("from grandchild")`
* make a course & a group in the grandchild account
* load a page in that course and group and make sure
you see grandchild account's branding, and root's,
child's, and then grandchild's css loaded on the page
(grandchild should be loaded last so you see it's css
effects override root or child's and you should see
the console.log from root then child then grandchild)
* view a page in "child". it should have root and child's
css/js but not grandchild
* as a user that only has enrollments (account associations)
in "child", go to the dashboard. you should see
css/js for both root and child but not grandchild
fixes: CNVS-25051 Opening Theme Editor for
sub-accounts shows incorrect theme preview
test plan:
* Go to a sub-account in theme editor and change
settings so the Branding is different and save.
* the preview on the right should reflect your
changes both after you "apply" and "save"
(and not just show the preview of the root
account's branding)
fixes: CNVS-23406 - global JS and CSS files are being
included when Global CSS/JavaScript includes is false
test plan:
* go to /accounts/self/, and go to theme editor and
upload a css_override
* see that that css is loaded on pages
* back in root account settings disable Global
CSS/JavaScript includes
* check that the css is no longer loaded.
* do the same thing checking a subaccount's custom css
fixes: CNVS-25558 - load whole chain of custom css/js
in native app api requests
test plan:
* make api request for a wiki page in course in a
subaccount that has custom css/js within a root
account that also has custom css/js
* you should see both the root account's css/js and
the child account's returned in the response
to test grandchild js issue jeremyp found:
* go to theme editor for a grandchild account
* choose a js override file (like: `console.log('first')`)
* preview & apply
* you should see "first" in console
* go back to theme editor, pick a new file (like: `console.log('second')`)
* preview & apply
* you should only see "second" in console. not "first"
Change-Id: I8d9047948f5da94be41e0205844629a170f980af
Reviewed-on: https://gerrit.instructure.com/68249
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Jeremy Putnam <jeremyp@instructure.com>
Tested-by: Jenkins
Product-Review: Ryan Shaw <ryan@instructure.com>
test plan:
* embed a link to a previewable media file in html content
(e.g. a wiki page)
* the media preview should work on the page
* delete the file
* the media preview should not be shown anymore
closes #CNVS-25285
Change-Id: I6e8fb5ad875ce62c51ca9ce6882df9d6239b053e
Reviewed-on: https://gerrit.instructure.com/68442
Tested-by: Jenkins
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
test plan:
* send a conversation message to another user with a media
comment, either uploaded or recorded
* on the receiving end, the media link should have a name
closes #CNVS-20036
Change-Id: I8fbc1b377883de5d8b83f30e53990e79cfd87414
Reviewed-on: https://gerrit.instructure.com/66172
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Ryan Allen <rallen@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
fixes CNVS-23835
test plan:
* use any API endpoint that takes a user id (and thus sis_login_id)
* change the case of the login id (all uppercase, etc.) in the URL
* it should still find the user
Change-Id: I0821b5d7213142aefa7e26699c26b981845a220b
Reviewed-on: https://gerrit.instructure.com/64586
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
closes CNVS-19900
test plan:
- create a brand_config for an account
- apply brand_config
- add ?mobile=1 to an api request that returns a
body (like a wiki page);
observe no additional stylesheets in the body
- go to /accounts/self/, and go to brand
config and upload a mobile_css_override
- add ?mobile=1 and check the api result again
your stylesheet should be there appended to the
body of the wiki page
- back in brand_config, remove the uploaded file
- check your source again - there should not be
an empty stylesheet tag
Change-Id: Ief728a397d185282a57f8cede0916c7ffe4a2584
Reviewed-on: https://gerrit.instructure.com/61885
Tested-by: Jenkins
Reviewed-by: Ryan Shaw <ryan@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Product-Review: Rob Orton <rob@instructure.com>
test plan:
* basic regression test the calendar events public feed api
closes #CNVS-22774
Change-Id: I0a21788d25c63b404a4c6410f5d01e785bed1ed8
Reviewed-on: https://gerrit.instructure.com/62941
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Charles Kimball <ckimball@instructure.com>
Tested-by: Jenkins
Product-Review: James Williams <jamesw@instructure.com>
test plan:
* assignments and assignment groups api index should
work as before
closes #CNVS-22864
Change-Id: I4b72f0fd5d5a8dc40a7669ee3929c60ddc401114
Reviewed-on: https://gerrit.instructure.com/62851
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Charles Kimball <ckimball@instructure.com>
Tested-by: Jenkins
Product-Review: James Williams <jamesw@instructure.com>
closes: CNVS-22394
test plan:
0. enable moderated grading in a course
1. create a moderated grading assignment
2. submit the assignment as a student
3. as a teacher, use the Grade or Comment on a Submission API endpoint
to create a provisional grade for the submission
by adding submission[provisional]=1 in addition to
submission[posted_grade]
- confirm the provisional grade is returned in the response json
in an array under submission[provisional_grades]
4. repeat step 3 as a TA, adding a different provisional grade
to the same submission
- confirm the TA's provisional grade alone is returned in the
response json
5. use the "list assignment submissions" endpoint but add
include[]=provisional_grades as both the teacher and the TA
- the teacher should receive both provisional grades in the response
- the TA should receive only the provisional grade they assigned
Change-Id: Idbf05ee74b5ef40d952ebd98d87c715312e2a136
Reviewed-on: https://gerrit.instructure.com/61000
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
so that it can be converted to eager_load instead of includes
refs CNVS-21901
Change-Id: I4a2578a328265730070d55436f2ecbb5d0ac602d
Reviewed-on: https://gerrit.instructure.com/62298
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
closes CNVS-6016
No more error reports! (soon)
this commit builds up sentry integration through the new
Canvas::Errors module, along with other things that need
to happen on every exception. ErrorReports
should now get pushed towards just being used for representing
a complaint a user filed via the get help form.
I fixed about half the things that got linted as well
while I was in here, but because this touches to much
I fear divergence from tackling too many (I think we
can safely say it's "better than we found it")
I left a lot of the infrastructure for error reports in place
until other commits for plugins can be merged
TEST PLAN:
1) setup your raven.yml config file with the dsn for our
sentry install
2) force an error to happen in a request response cycle.
3) see the error in sentry
4) force an error to happen in a job
5) see the error in sentry
6) statsd increments shoudl still fire
7) for the moment, an error report should still get created.
Change-Id: I5a9dc7214598f8d5083451fd15f0423f8f939034
Reviewed-on: https://gerrit.instructure.com/51621
Reviewed-by: Simon Williams <simon@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins
QA-Review: August Thornton <august@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
test plan:
* create a course with a public syllabus and a link to an
unlocked file in the syllabus content
* should already be able to view the syllabus and download the
file when not logged-in
* should also be able to view the syllabus and download the
files when logged-in (but not belonging to the course)
closes #CNVS-19585
Change-Id: I69adc4a8758a7deb2562229e20b057bcd0ad1971
Reviewed-on: https://gerrit.instructure.com/51353
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
and then replace it with the request host when
serving the content from the API
test plan:
- create one or more /etc/hosts file entries to point at
your canvas instance with different names
- reply to a discussion and include embedded images
and attached files in the reply
- view the discussion as a user pointing at a different
hostname. confirm that the attachments and embedded
images work.
- use the "Get the full topic" API endpoint to retrieve
the topic and replies via the API. do this with more than
one hostname. confirm that the URLs for the attached file
and embedded images match the name of the host you
are hitting the API with
fixes CNVS-17708
fixes CNVS-19125
Change-Id: I055235b3e785946e5999bf522ea4cad592f0f7f7
Reviewed-on: https://gerrit.instructure.com/50360
Tested-by: Jenkins
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Product-Review: Jon Willesen <jonw@instructure.com>
test plan:
* with kaltura/notorious enabled, add a link to a media file
(video/audio) in rich content (e.g. a wiki page)
* should show a preview thumbnail generate a preview
* lock the file
* view the page as a student
* should not show a preview thumbnail
closes #CNVS-6965
Change-Id: I3743ac7b2e54d6a3c57e9ea3338b25cce75825bb
Reviewed-on: https://gerrit.instructure.com/50927
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
test plan:
0. have an image file with id Y in course X
1. put an img tag in a wiki page such as
<img src="/courses/X/files/Y">
2. save and re-edit the wiki page. the img tag should appear as
<img src="/courses/X/files/Y/download">
3. retrieve the page content via the API. you should see
an img src that ends in "download?verifier=..."
fixes CNVS-18446
Change-Id: Ie04600041bd49125a24e294552f4673aa3445f2e
Reviewed-on: https://gerrit.instructure.com/48517
Tested-by: Jenkins
QA-Review: Clare Strong <clare@instructure.com>
Reviewed-by: James Williams <jamesw@instructure.com>
Reviewed-by: Dan Minkevitch <dan@instructure.com>
Product-Review: Dan Minkevitch <dan@instructure.com>
test plan:
* insert a link to a course file in rce content
(such as a wiki page)
* confirm that from inside canvas, the links do not
include the "verifier" parameter
* confirm that from the api using an authorization token
(e.g. using curl) it does include the verifier token in the
links
closes #CNVS-18399
Change-Id: Iad357f501e98fe5fa34ee7b20572d6f9d0b91744
Reviewed-on: https://gerrit.instructure.com/48382
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
test plan:
* create a public published course
* add a link to an unpublished file on the syllabus
* should not be accessible publicly
closes #CNVS-18404
Change-Id: I5767cd31e614ec36f1820beef8b688e98bbca4f2
Reviewed-on: https://gerrit.instructure.com/48376
Tested-by: Jenkins
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
test plan:
* create a course with a public syllabus
* add embedded images to the syllabus
* view the syllabus as a public user (not logged in)
* should still see the images
closes #CNVS-17174
Change-Id: I03ae8d2efddb7b50b7503f50e54937cf00aefe4b
Reviewed-on: https://gerrit.instructure.com/45336
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
test plan:
* open a course's settings page
* enable listing the course in the public index but not
making the course content public
* open the course home page as an unregistered user
* verify that only the course's title and description are accessible
* open root account feature flags page
* enable Course Catalog
* open your "My Courses" page
* verify that the right pane includes a "Browse more courses" link
* click the link
* verify that you can browse courses allowed in the public index
* log out
* verify that the homepage includes a "Browse courses" link
Change-Id: I44f96396859283d76bfe527672612ff71ca4ae67
Reviewed-on: https://gerrit.instructure.com/24682
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Braden Anderson <braden@instructure.com>
QA-Review: Trevor deHaan <tdehaan@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
test plan:
* create a calendar event for a private course with a link
to an unlocked attachment
* sync the calendar with an external source
* the exported calendar event should not add a verifier to
the link (and thus allow someone to bypass authentication)
* repeat for a public course
* should add a verifier this time
closes #CNVS-15352
Change-Id: I743e73dc852c204cdf68c0b8b9e3fc2d402ad855
Reviewed-on: https://gerrit.instructure.com/43288
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Jahnavi Yetukuri <jyetukuri@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
refs #CNVS-11032
This was originally part of fixing the above bug (11032)
but we sent a different patch for hotfixing that
solved the problem in place.
This is the remainder of that patch which
refactors out the html content, media tag, and link
processing into their own more focused objects
Change-Id: If2d59c09c99117ab8de798f74b4513fb628bafd5
Reviewed-on: https://gerrit.instructure.com/40395
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Steven Shepherd <sshepherd@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
fixes #CNVS-11032
If you were to use a files link that didnt start
with "/files" (like "/users/x/files/y" or a link
with a full host name), it would
still strip the verifier out, which would make the
file not appear to other users. This fixes
the problem.
TEST PLAN:
-login as a user
-go to files and upload an image to *your* folder
(rather than the folder for a course or something)
-obtain a link to that file with it's verifier param through
whatever means you prefer (simplest is to get the download
link and then use the console to get the UUID from that
Attachment record and use that as "verifer=[blah]" at
the end of the url for the file)
-post a discussion reply using that link to embed an image
in the reply.
-login as a different user and look at the discussionr reply;
you should be able to see the image in the discussion reply.
Change-Id: I2e9123f08cda0e6949e8f9a8d12ba50b98de49e0
Reviewed-on: https://gerrit.instructure.com/40430
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Hilary Scharton <hilary@instructure.com>
Reviewed-by: James Williams <jamesw@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
test plan:
* add an inlineable file to a course (e.g. a '.html' file)
* create a wiki page content and add a link to the file through
the wiki sidebar
* following the link on the saved page should take you
to a preview page for the inlined content
fixes #CNVS-14211
Change-Id: I14d2fc6d90f893086eff5498d0c670b9251fdddd
Reviewed-on: https://gerrit.instructure.com/39191
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: James Williams <jamesw@instructure.com>
fixes: PS-1538
**test plan
configure and launch lti tool, upon lti tool launch the
lti_context_id for user should be set, and if course launch
the lti_context_id on course object, if account launch, then
lti_context_id on account. Once these are set, api calls to the
corresponding object can be made using the syntax lti_context_id:id
Change-Id: Icdf02e4f99691be417c024adb2a2751ba2aa9335
Reviewed-on: https://gerrit.instructure.com/35380
Reviewed-by: Brad Humphrey <brad@instructure.com>
Reviewed-by: Rob Orton <rob@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Adam Phillipps <adam@instructure.com>
QA-Review: Adam Phillipps <adam@instructure.com>
When preparing user content for public consumption via the API, we were
hardcoding a media_type of mp4, which prevented clients using API
endpoints (specifically the mobile client) from playing audio comments
which only had mp3 sources.
This adds a new path through media_download that prefers mp3 for audio
media but falls back to the old mp4 behavior. We also maintain backwards
compatibility with other callers using the file_extension based
filtering.
NTRS-43
Test Plan:
- With both a 'wav' and an 'mp3' sample file:
- Create an announcement and upload an audio file via the RTE
- Wait for transcoding to complete in Kaltura
- The file should play properly in the web browser
- Open the same announcement in the iOS mobile app
- The audio file should play properly on the phone
Change-Id: I26735096ea4336cf1acc04eb9649d322f68fa515
Signed-off-by: Paul Hinze <paulh@instructure.com>
Reviewed-on: https://gerrit.instructure.com/33318
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Steven Shepherd <sshepherd@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Cameron Matheson