The specs didn't catch this because our user_session spec helper stubs
out PseudonymSession, so you'll have the user session available even if
you make a request to a different domain name, so the normal user
permissions were being applied. I've upgraded the specs to make sure
that the user isn't getting logged in on the safefiles
request.
Change-Id: I01b64a87bb51fbf2e947f5c2a1ae5471d1f1e216
Reviewed-on: https://gerrit.instructure.com/5244
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Refs #4952
* Fix saving role overrides for Site Admin account roles
* Add the following permissions:
* read_course_list (for listing or searching courses)
* view_statistics (for viewing account statistics)
* manage_user_notes (instead of being implied-ish by read_reports)
* Hide UI elements that provide access to features that are not
allowed
* Remove lots of not applicable stuff from Site Admin settings
Change-Id: I7414368b472ba655d04118db30c1bb46542deb37
Reviewed-on: https://gerrit.instructure.com/5054
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
* Add conference_close route for group conferences
* Pull *group* conferences, not the group's context's conferences
when showing the groups' feed
* Add the conferences tab (where appropriate) to the group sidebar,
so the conferences controller won't refuse to work
Change-Id: I37bfb546c4bf8ad4078e4c9ca7a7292bb475af2c
Reviewed-on: https://gerrit.instructure.com/4954
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Rather than always showing the term of the course, we're going to show it if
the following conditions are met:
* it's not the "Default Term"
* the user has at least two courses with the same name in different terms
On the full list of enrollments screen, we'll always show the term if it's not
Default Term.
Change-Id: Id1424b13feb0c9cd65eed7cc48e980c3a4603f2d
Reviewed-on: https://gerrit.instructure.com/4907
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
refs #5029
For now we're going to continue to support api key+basic auth as an
alternative to oauth and access tokens, though eventually this will be
phased out.
This also switches all the api specs to using oauth tokens, except for
the new specs that explicitly test the old method is still supported.
There is one change: GET requests now require the api_key as well, if
using the api_key auth method.
Change-Id: I97d6c71be7afaa655da521d774930b2649961ffe
Reviewed-on: https://gerrit.instructure.com/4720
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Concluded teachers should be able to see quiz statistics,
a read-only view of quizzes, student grades, discussions,
files (including download). They should not be able to
change any grades, however.
fixes#4059
Change-Id: Ie44a29074ec27b9d0afb908b31f51b46b0e98728
Reviewed-on: https://gerrit.instructure.com/2783
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Adds the ability for admins to configure a second LDAP server that will be
queried after the primary, assuming the user could not be found on the
primary. This is a slight refactor towards a more flexible authorization
configs model. Changes include:
* changed the authorization relationship on Account to has_many
* for backwards compat with all the code that assumes one config, added
a convenience method to Account
* refactored the auth config editing screen to send multiple configs at a
time
* modified the pseudonym to iterate over all the auth configs (when using
ldap), stopping at the first one that succeeds
Change-Id: I6bae474f542e8c7046f07d4ab2c27e7d6f64a1ce
Reviewed-on: https://gerrit.instructure.com/4108
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
This shaves a few seconds off each selenium spec in my local env
Change-Id: I73af04e18a75c5964474bf396ea7bafc8527d384
Reviewed-on: https://gerrit.instructure.com/4083
Tested-by: Hudson <hudson@instructure.com>
Tested-by: Selenium <selenium@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
In this mode, any courses, sections or enrollments that aren't
referenced in the sis import will be deleted.
This is the back-end piece, support in the UI and API are coming next.
Change-Id: Ica634f9fa7008ef7b612c4ea43163792f5d54fa5
Reviewed-on: https://gerrit.instructure.com/3768
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
This alternate url can be used for strange setups where someone wants to wrap
their CAS login in an iframe. When logging in via this method, the iframe will
be exited after returning from the CAS server.
Change-Id: I53561f824451a8b7319c4a821aaada9a459e6226
Reviewed-on: https://gerrit.instructure.com/3669
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
before we were recording these values but not doing
anything about it. This commit starts scheduling
delayed_jobs to activate/conclude enrollments
in the background when dates pass.
it does not conclude/publish courses/sections
automatically, though. if we want that to be
automated based on dates then I think we should
do that in a separate commit.
fixes#3356
Change-Id: Id94356fbc5b82196dd041fdb250607a7633cee9f
Reviewed-on: https://gerrit.instructure.com/2431
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
added wimba web conferencing support, moved dimdim config into plugin
settings, fixed a few web conferencing ui issues
Change-Id: I6b36b0e594a9f296d14cd35bec02186478bcbd13
Reviewed-on: https://gerrit.instructure.com/2343
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
We check responds_to?(:context) on many objects in our app, to duck type
context-owned objects. So in test mode when rspec is loaded, this causes
a lot of issues since every object ends up responding to :context.
Change-Id: I97f804e696e0e553b6fc7ef9b0700d0bdea7e9b2
Reviewed-on: https://gerrit.instructure.com/2221
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
Brian Palmer