There are a few old LearningOutcomeResults that have a nil artifact, and
many that have a Submission as an artifact. We want to get rid of these
because they come from bad data, and step 1 toward that goal is to stop
creating them and hide them in the UI.
The LORs with a nil artifact are very old and I believe came from a very
early incarnation of outcomes. The LORs with a Submission as an artifact
came from a combination of two code problems. The first was old code
that allowed an assignment that was aligned with an outcome but did not
have a rubric to create LORs directly based on it's submission. The
second was a bug that prevented the assignment <-> outcome link from
being destroyed when a rubric with an outcome was removed from an
assignment.
fixes CNVS-7495
fixes CNVS-7498
test plan:
- try different combinations of adding a rubric with an outcome to an
assignment.
- when you grade the assignment, the grade create a learning outcome result
(which can be seen on the outcome show page, or in the account outcome
report) if the rubric+outcome are currently attached to the assignment.
- so for example, add a rubric with an outcome, check, remove just the outcome
row, check, add a new outcome row, check, remove the whole rubric, check.
- be sure to check both the show page and the outcome report
TODO:
- datafix migration
Change-Id: I37700e3e5c08fc6cfb8fcf1cac42ea6693fcaba3
Reviewed-on: https://gerrit.instructure.com/23303
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cameron Matheson <cameron@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
Turns our we *do* want to grandfather in existing users :P
This reverts commit ae6d9033ac.
Change-Id: I7b109375a4844ef0291f0f72d89028b39d2289a0
Reviewed-on: https://gerrit.instructure.com/23384
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
fixes CNVS-7385
test plan:
1) in a console:
# grab a user of your choice
u = User.find(5)
# make it seem as if they have never accepted the terms before
u.preferences[:accepted_terms] = nil
u.save!
2) log in as that user
3) verify that you are required to accept the terms of use
Change-Id: Ibc314040f35d3d7418a3b31c7280188db86a552b
Reviewed-on: https://gerrit.instructure.com/23110
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
they were required prior to our new settings refactors. this way we don't
need to go set it in prod
test plan:
1. terms should be required when registering at /register
2. terms should be required when activing an account (via course
invitation email)
3. in the console, do Setting.set('terms_required', 'false')
4. terms should no longer be required on those pages
Change-Id: Idb13727839b847845cd4dacde4797e4e1571b42f
Reviewed-on: https://gerrit.instructure.com/22988
Reviewed-by: Mark Ericksen <marke@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
refs CNVS-6659
* move validation logic into model
* standardize api error messages
* deprecate split_group_count
* document group_limit
* actually require name (since that's what the api says)
* disallow setting self_signup when editing account categories since it
shouldn't be an option (and is totally broken)
test plan:
1. run specs
2. regression of creating/editing categories on group management page
Change-Id: Iccdd4e2e98978943f0562aad5c8ac055048d204d
Reviewed-on: https://gerrit.instructure.com/22493
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
refs CNVS-6202
test plan:
* run specs with a foreign key on user_acccount_associations(user_id)
(in a later commit, cause we're not ready to add it yet)
Change-Id: I30fc37da78232c1b18b834309f67c365a346b892
Reviewed-on: https://gerrit.instructure.com/21753
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
Product-Review: Cody Cutrer <cody@instructure.com>
QA-Review: Cody Cutrer <cody@instructure.com>
test plan:
* upload a video file
* identify the attachment id from the file's download url
(e.g. '/courses/:course_id/files/:attachment_id/download')
* set the media object's user_id to nil by
entering the following commands into the console:
id = [[INSERT ATTACHMENT ID HERE]]
mo = Attachment.find(id).media_object
mo.user = nil
mo.save!
* confirm that, as any course admin user, the 'CC'
button appears when previewing the video
fixes #CNVS-3855
Change-Id: I00b8ec4de50850cffee7be1332d811909d85932a
Reviewed-on: https://gerrit.instructure.com/21596
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Product-Review: Jeremy Stanley <jeremy@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
this was removed from the UI in Mar 2011 but was never completely ripped out.
we'd like to remove it now since it was adding extra complexity for no benefit.
closes CNVS-5929
refs #3974
test plan:
- create/update/delete an assignment from the index page, and the show page
- grade an assignment (with and without muting)
- test assignment notifications (with and without muting)
- creating an assignment
- editing an assignment
- changing a due date (after 3 hours of being edited)
- grading an assignment
Change-Id: Ie455bed41154018b5bd2c9c0e69e1e3285a0ac09
Reviewed-on: https://gerrit.instructure.com/20778
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
Product-Review: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
test plan:
* add an external tool to each of:
- context module item
- course navigation (tabs)
- assignment
* exercise the index methods for each API
* ensure a url is returned for each external tool
- this url should be to the sessionless launch API
* query the sessionless launch API with the url
- this call will return another url which allows a launch of the LTI tool in a browser not logged into Canvas
* copy/paste the url into a browser that is not logged into Canvas (incognito)
* ensure the LTI tool launches correctly
fixes #CNVS-5854
Change-Id: I6b50f965f4714e7efb9cfe0f99e1cd0b5f2055f2
Reviewed-on: https://gerrit.instructure.com/20868
QA-Review: Clare Strong <clare@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
test plan:
- as a few different students, take a quiz with at least two questions
that are file upload questions. Answer each question as each
student.
- as the teacher, you should see a "Download All Files" button on the
right on the Quiz Show Page next to "Quiz Stastics" and "Moderate
This Quiz".
- You should get a pop up that successfully downloads all the zips
(make sure you have delayed jobs running!). Make sure all the files
you submitted as the students are there, with the student's name,
user id, question number, and attachment display name in the
filename of each file.
closes CNVS-3048
Change-Id: I23cb2d4262bb0446476eeac4fdcb356e604e6a05
Reviewed-on: https://gerrit.instructure.com/20495
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Myller de Araujo <myller@instructure.com>
Reviewed-by: Eric Berry <ericb@instructure.com>
Product-Review: Stanley Stuart <stanley@instructure.com>
- update the Gemfile to be 1.9 only, and raise an exception on wrong
ruby version
- remove RUBY_VERSION checks, replacing with the applicable code
- remove the FasterCSV compatibility shim, just use CSV now
test plan: trying to bundle install on ruby 1.8 or 2.0 should raise an
exception, specs should pass, canvas should work as normal on 1.9
Change-Id: I49088e9d227c59c6d5d5acb417c2df971129474a
Reviewed-on: https://gerrit.instructure.com/19806
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Strong <clare@instructure.com>
Product-Review: Brian Palmer <brianp@instructure.com>
replaced the mailman gem with custom code with more error
handling. this will allow the incoming message processor to
continue processing messages after encountering a message with
an encoding or parsing error. the broken messages will be moved
aside to a separate folder for later inspection.
fixes CNVS-4970
test plan:
- read up on the new incoming_mail.yml configuration settings.
- configure incoming_mail.yml with the test imap accounts
using legacy settings and check for regressions.
- reconfigure incoming_mail.yml to read from a directory.
- copy some testing email files into the configured directory.
test files should be a mix of:
- emails with encoding errors
- emails with syntax errors
- normal emails
- all of the normal emails should be processed normally
- all of the error emails should be moved into the error
subdirectory
Change-Id: I0f946a56b41492f007db2775aa6da3cdfa4fdd3f
Reviewed-on: https://gerrit.instructure.com/19729
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
adds account setting and new user permission
fixes CNVS-4726
Testing Notes:
============
* To enable...
* Account Settings, check Feature
"Admins can view notifications"
* Account permission under "Account Roles"
becomes available under "Admin Tools"
group. Check "View notifications"
* appears under account "Admin Tools"
sidebar area on "View Notifications"
tab.
(EX: /accounts/[account_id]/admin_tools)
* Verify "View Notifications" tab does not
appear if either account setting or user
permission is disabled. (For AccountAdmins)
* Verify a SiteAdmin is able to access the
feature.
* Verify that notifications are returned
and displayed for a selected user
and date range.
* Verify it displays "No messages found"
when user doesn't exist or the user
exists but the date range doesn't
return data.
* Verify that the user_id is required when
searching
* Verify that the "To Date" cannot be before
the "From Date".
* Verify an invalid date like the word "couch"
gets ignored and the actually used date/time
is displayed in the overview text description.
* Verify searching by dates when either or both
are left blank and when both are used.
* Verify that the messages automatically
fetch more when you scroll down.
* Verify that before the results, it displays
the user's name and the dates used for the
results.
Change-Id: I9d2689b4760af57bbc2d15fd7d50610dcf593a7e
Reviewed-on: https://gerrit.instructure.com/18629
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Reviewed-by: Mark Ericksen <marke@instructure.com>
This can successfully load rails console and rails server. There are
many, many problems still. The idea is this won't change anything under
rails 2.3, it's all backwards compatible.
closes CNVS-4711
test plan: `touch RAILS3` in your Canvas Rails.root directory. The run
`bundle update` and verify that you get rails 3 installed. Run `bundle
exec rails c` to load console or `bundle exec rails s` to start a
webrick server. You can login, though the dashboard currently breaks.
Also jammit isn't working yet.
But more importantly, Rails 2.3 should still work same as ever. All
tests should pass, and a basic regression sanity check would be good too.
Change-Id: Idd6f35de88adde84cd2db3a650f44b71bd6e9684
Reviewed-on: https://gerrit.instructure.com/18453
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Product-Review: Bracken Mosbacker <bracken@instructure.com>
the implementation was rife with potential race conditions, and active
records query cache doesn't play nicely with threading.
Change-Id: I0e1c3d5cc05ad78e2f91f304490e6a1b5a925ab2
Reviewed-on: https://gerrit.instructure.com/18880
Reviewed-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
Product-Review: Jacob Fugal <jacob@instructure.com>
they're prone to leaving junk around, don't allow parallel specs
on the same database, and are typically slower anyway if you do
the "right" thing and truncate_all_tables in an after all
Change-Id: I2455e5c0de98c75e3748ce7fc2caf6d04a150a44
Reviewed-on: https://gerrit.instructure.com/18684
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Product-Review: Bryan Madsen <bryan@instructure.com>
QA-Review: Bryan Madsen <bryan@instructure.com>
code fix, no test plan
Change-Id: Iff01e6523fb7d77a84d8e9829c5efbb2a5306a51
Reviewed-on: https://gerrit.instructure.com/18622
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Bracken Mosbacker <bracken@instructure.com>
the dynamic attachment_fu backend changing overwrote Attachment#attachment_path_id
with a custom method to dynamically delegate to the backend. detect such methods,
and leave them alone
test plan:
* `spec spec/apis/v1/course_api_spec.rb spec/apis/v1/sis_imports_api_spec.rb`
should pass
Change-Id: I6cad3c9bbc4edfca7ab64bb4ffe239d50dde8cdf
Reviewed-on: https://gerrit.instructure.com/18685
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Bryan Madsen <bryan@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
fixes CNVS-4455
you can never have too much context
also, apparently this is the first integration spec that uses the
API from a session (not an access token), so fix API forgery
protection to respect the allow_forgery_protection option
(what's set for specs to not have to worry about forgery
protection), and clean up enabling of it in specs to use
stubbing
test plan:
* do an action that counts as participating, but wasn't a GET
(i.e. comment on a discussion)
* you should see a page view for the user in that course
Change-Id: I8714de45575123d6877e0265623e0fcaf9e7fa58
Reviewed-on: https://gerrit.instructure.com/18504
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Change-Id: I4a33904e48810c98850c763ba33c817232cb8e83
Reviewed-on: https://gerrit.instructure.com/18598
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
closes CNVS-4248
this gains us EU region support, and no longer using a forked aws-s3 gem
in the process, setting bucket_name via a plugin is no longer supported
test plan:
* should be able to upload new files via various methods
* should be able to download old and new files still
Change-Id: If32fa5f381f5a4ac493948fa32230175a695f51e
Reviewed-on: https://gerrit.instructure.com/18282
QA-Review: Clare Hetherington <clare@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
removes the need to fork/exec (and reboot rails) for specs;
also simplifies forcing a specific backend for specs
note that path_prefix in file_store.yml is now respected for
S3 as well (so that parallel spec runs that use the same bucket
don't conflict with each other), with the caveat that 'tmp/files'
is special cased to be backwards compatible for S3, and change
to 'attachments'
test plan:
* specs pass (especially selenium specs involving files)
Change-Id: I9673d454291062c958c2989788d36339ce60dfc4
Reviewed-on: https://gerrit.instructure.com/18292
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
Test Plan:
- with an existing quiz submission with bad UTF8 byte sequences,
update the quiz submission
- no errors should be raised and the version of the quiz submission
should be updated
fixes CNVS-4421
Change-Id: I5288021a3b400a0bd59c4d70437ef737058bec18
Reviewed-on: https://gerrit.instructure.com/18346
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
also fixes an issue where some dates display as "Friday at 11:59pm" instead
of just "Friday"
Also does a little bit of refactoring and spec backfilling for the
override list presenter. The override list presenter now returns a much
more friendly list of "due date" hashes to the outside world to make it
easier to consume in views. Views don't have to format the dates by
passing in a hash anymore.
test plan:
- specs should pass
- as a teacher, create an assignment with overrides using the web
form. In one of the overrides, enter a day like March 1 at 12am.
- save the overrides
- Make sure fancy midnight works for lock dates and due dates, but not
unlock dates (12:00 am unlock date should show up as 12:00 am, not
11:59 pm)
- on the assignment's show page, you should just see "Friday", meaning
that the assignment is due at 11:59 pm on March 1.
- The "fancy midnight" scheme should work correctly for
assignments,quizzes,and discussion topics, including the default due
dates.
- Be sure to check that the dates show up correctly on the
assignment,quiz, and discussion show pages.
- Be sure to make an override that has a blank due_at, lock_at, and
unlock_at, but has a default due date, lock date, and unlock date.
The overrides should not inherit from the default due date (fixes
CNVS-4216)
fixes CNVS-4216, CNVS-4004, CNVS-3890
Change-Id: I8b5e10c074eb2a237a1298cb7def0cb32d3dcb7f
Reviewed-on: https://gerrit.instructure.com/18142
QA-Review: Amber Taniuchi <amber@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
when an undated event is created on caledar2 month view with a very
long name, the name will be truncated in the undated list and will
retain the truncation when dragging the event to a date.
fixes CNVS-1256
test steps:
- create a new course
- go to calendar2
- create an undated event with a title that is > 58 charactes
- ensure that the event on the right hand side is truncated
- click and drag the event out to a date and ensure the name is
truncated
Change-Id: I94b36736d87acd7d5afb8501bfa78d02f182d2b9
Reviewed-on: https://gerrit.instructure.com/18210
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Mark Ericksen <marke@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
in messageable users. if a user has multiple enrollments in a course,
don't return multiple MessageableUser rows. also, make sure
interpretation of shard-local common context ids occur relative to the
shard the row comes from.
refs CNVS-3969
test-plan:
- create a course (course1)
- create a user (user1) that's enrolled multiple times course1 (e.g. as
a TA in one section and a student in another)
- create another user (user2) in course1 that can see both of the first
user's enrollments (e.g. a teacher without section-limited
visibility)
- call user2.messageable_users_in_context(course.global_asset_string)
- the result should contain user1
- the result should contain user1 only once
- the result for user1 should have both roles in the common_courses
Change-Id: Ic8ce5f07e5ce3a0d56998da0876d12333d97f6e6
Reviewed-on: https://gerrit.instructure.com/18238
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
fixes a race condition issue where some tests were being set to the
wrong locale.
test plan:
- specs pass
- make a spec that changes the global locale (there are several
already that exist it seems). Run that spec, then run another spec
asserting that the locale is "en" again, rather than the locale you
set.
Change-Id: I3f925f1b59e7d8c975398429824432ab9c94ef86
Reviewed-on: https://gerrit.instructure.com/18153
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Bryan Madsen <bryan@instructure.com>
* creating a new course(...) puts the Course on the shard for the
target account (default: Account.default). if it creates a new
teacher, that will also be on the course's shard
* creating a new account_admin_user(...) puts the AccountUser on the
target account's shard. if it creates a new user, that will also be
on the account's shard
* if a new course_with_user(...) creates a new user, put the user on
the same shard as the course
Change-Id: I3b9675fa0a6d4fd3793bf2a38a7c7accdacd987f
Reviewed-on: https://gerrit.instructure.com/17568
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Jacob Fugal <jacob@instructure.com>
In anticipation of adding a faster google docs listing, first
refactor the specs.
Test Plan:
- google docs should behave as before
refs CNVS-3592
Change-Id: Ic62d0cd170f491b5f36f516c0a71fde367dab0b2
Reviewed-on: https://gerrit.instructure.com/17548
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Backported from ruby 2.0 (and possibly later 1.9 patchlevels) because it
was filling our logs with many millions of warnings. The code was
backported directly, the test was backported with conversion from
minitest -> rspec.
test plan: Delayed jobs that use ruby's net libraries should still work,
such as sending messages, taking web snapshots, etc. You shouldn't see
any further lines like this in the log:
net/protocol.rb:313: warning: regexp match /.../n against to UTF-8 string
Change-Id: Ic29daa4ee9f0587fb2a1ac2968cd08a2f68365a1
Reviewed-on: https://gerrit.instructure.com/17431
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Brian Palmer <brianp@instructure.com>
fixes CNVS-1171
test plan:
* full conversations regression test
* initiate a conversation with a user from another shard
* reply to that conversation from both the sender and the
receiver
* repeat for a group conversation involving two or more
shards
* repeat for huge batch conversations with hundreds of
users and two or more shards
* known NOT working yet:
* re-using the correct cross-shard private conversation
* probably the tagging of messages with Course x,
Group y, etc.
Change-Id: I52549039875941cd518077cea4e28bfd2bc10dbf
Reviewed-on: https://gerrit.instructure.com/16523
Reviewed-by: Cody Cutrer <cody@instructure.com>
QA-Review: Clare Hetherington <clare@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
This fixes some failures that happen depending on spec ordering
Also fix a selenium spec bug that was trying to turn an Announcement
into an assignment discussion.
Change-Id: Ic252844ae348642ea66f02cfedbd735d1eeb1d53
Reviewed-on: https://gerrit.instructure.com/16582
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Bryan Madsen <bryan@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
Allows several new fields in the Assignments API to both update existing
assignments and set attributes on freshly created assignments.
test plan:
- run through the api trying each field in the generated
documentation.
- Make sure you can create assignments with every field, and update
assignments with every field available in the documentation. The
specs do this so they should pass as well.
closes #CNVS-2190
Change-Id: I0d67e379777b5a313f45289f23852122b1e61a37
Reviewed-on: https://gerrit.instructure.com/16114
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
QA-Review: Simon Williams <simon@instructure.com>
You can add enrollments with the custom roles and see who
has the roles.
Test Plan:
* Create custom roles for each enrollment type
* Test all the settings page's functionality like adding/deleting users with custom roles
* Make custom observers observe students in various combinations of custom roliness
- verify that the new observer role has the custom role
* Make sure the section limited check box shows up for custom tas/teachers by selecting those options in the new user select box
closes #cnvs-1166
Change-Id: I5f133bf1b5b1438d7f8e34297b450ff561d401d0
Reviewed-on: https://gerrit.instructure.com/16272
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
QA-Review: Jeremy Stanley <jeremy@instructure.com>
add index and show endpoints for Roles API; fixes #CNVS-2357
these endpoints add the ability to view inactive roles
remove the ability to delete and make the DELETE method
deactivate (at least until we figure out how to delete properly
with regard to account users, enrollments, and sub-accounts);
fixes #CNVS-2378
test plan:
* render the docs and examine the new actions
* test the index action (GET /api/v1/accounts/X/roles)
- make sure it lists all roles
- make sure built-in roles are 'active'
- make sure you can list inactive roles
with state[]=inactive
* test the show action (GET /api/v1/accounts/X/roles/RoleName)
- make sure it works for a built-in role
- make sure it works for a custom role
- make sure it 404s if an invalid name is given
* test the deactivate action (DELETE /api/v1/accounts/X/roles/RoleName)
- make sure it deactivates the role
Change-Id: Ic0b1e1709d2f52b17d26bc15ab7ecd60dd7ed743
Reviewed-on: https://gerrit.instructure.com/16291
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
QA-Review: Bracken Mosbacker <bracken@instructure.com>
- make course/account/user associations not load deleted grading standards
- make course copy not copy deleted grading standards
- never show more than 100 grading standards on a course/account page
fixes #CNVS-2230
test plan:
- in a course, create a grading standard
- delete it
- copy the course
- the destination course should not have that grading standard
Change-Id: I0063b5ca704667b2863f1d571c86df82c2a5cb97
Reviewed-on: https://gerrit.instructure.com/16108
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
QA-Review: Amber Taniuchi <amber@instructure.com>
refs #11982
test plan:
- no visible changes
- specs should still work (tables should still be truncated)
Change-Id: I426bd81cbfd1147f156600bd09e94066710cd876
Reviewed-on: https://gerrit.instructure.com/15627
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
We explicitly want an invalid utf-8 string here, so we have to force 1.9
to do so.
Change-Id: Idf15a8ebcdb810197c06881ece56f63c6125b407
Reviewed-on: https://gerrit.instructure.com/14944
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
simple keep-both resolutions for app/models/submission.rb and
config/routes.rb. spec/integration/learning_outcome_group_spec.rb stays
removed.
fixed path->url in outcome group api pagination to match master's new
rules.
Conflicts:
app/models/submission.rb
config/routes.rb
spec/integration/learning_outcome_group_spec.rb
Change-Id: I8dd31e1d3764970a8f683aef362f0cca06abe90e
implement background message sending in the inbox. when sending any
message, the form now unlocks right away and a progress bar appears
at the top. you can potentially have several messages sending at once,
each with its own progress bar. determinate progress bars (i.e. for
bulk private messages) will still be on the page if you reload (assuming
they haven't finished sending).
also implement client-side form validations so that users are prompted to
put in recipients and a message
progress bar should be aria compliant. refs #9237
test plan:
1. send a new message to a single recipient
2. there should be an indeterminate progress bar as it sends, and the ui
should be unlocked
3. send a new group message
4. see step 2.
5. send a bulk private message
6. there should be a determinate progress bar as it sends, and it should
move with a relatively consistent velocity. the ui should be unlocked
7. send a message on an existing conversation
8. see step 2.
9. repeat steps 1-8 with attachments
10. try sending messages without a body or recipients. you should get red
error boxes
Change-Id: I1e4641505c3e4c42f840b292d739c78cb1c2baff
Reviewed-on: https://gerrit.instructure.com/13617
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
This supports all the features of our current delayed jobs backend,
including priorities, queues, jobs scheduled for the future, strands,
periodic jobs, etc.
Atomicity is guaranteed by using the new Lua scripting features of Redis
2.6, so this requires 2.6 (which is still only a release candidate as of this
time).
It's not yet production ready (see the TODO at the top of the
redis/job.rb file), so trying to start canvas in prod with redis jobs
configured will raise an error as a safeguard.
The tests have been modified to all pass with redis configured as the
jobs backend. Some selenium specs were removed because the jobs UI lost
some functionality that I didn't think was important enough to port to
redis (listing the most popular tags for future and failed jobs, for
example).
Change-Id: Ie57b15bae1d4ba7b2b2344c872411165551d1ac8
Reviewed-on: https://gerrit.instructure.com/12120
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
* fix some invalid syntax that's snuck in recently
* fix an issue with initializing tempfiles in Canvas::HTTP
* fix some "can't modify frozen object" errors in specs
* upgrade mocha to 0.12.3
Change-Id: I6b6f25bcfff2466774e2941d35fafb7af7c50569
Reviewed-on: https://gerrit.instructure.com/13344
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
test plan:
- In a course where "Let Students attach files to Discussion Posts"
check box is checked (under "more options" when editing course details)
- Create a group and add a student to the group
- Log in as the student and create a new discussion or reply to a discussion
- Click on the choose file button and attach something
- The attachment should be saved
- Also verify that the student doesn't have the option to attach
a file when the above checkbox is not checked
Change-Id: I56f4e2e29a8350a50a85a926f8ca9493a1c3fd0c
Reviewed-on: https://gerrit.instructure.com/13365
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Bryan Madsen <bryan@instructure.com>
the shims will be removed in a later commit. that commit will need to
wait for the plugins to be fixed before it can be submitted.
test-plan:
- specs pass
Change-Id: Ifd6e2a254f0272a58d507c845cdae58b7392801c
Reviewed-on: https://gerrit.instructure.com/12798
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
A set of class functions were added to Delayed::Backend::ActiveRecord
for all the querying a updating functionality that the jobs admin needs,
so that no direct ActiveRecord queries are needed. The /jobs UI is
refactored to use these new functions.
There are a few differences in behavior: The search isn't a combined
wildcard search anymore. Instead, new "flavors" were added to the
drop-down for strand, tag, and ID. The search box searches only the
selected attribute, and it's exact match now.
Specs are being updated to use these new functions as well. Eventually,
no direct AR queries will be done against Jobs anywhere, so that non-AR
jobs backends are possible.
Also as part of this, all jobs require a queue now. Passing nil for the
queue will use the default of Delayed::Worker.queue.
test plan: Load /jobs, and verify that it works as before except where
there are differences as described above.
* Selecting flavors of jobs lists only those jobs.
* Searching by ID, strand or tag works.
* The hold/unhold/delete actions work in the various combinations of
filtering/searching.
* Linking to an individual job still works (though the query string
has changed so old links don't work)
* Running jobs and list of popular tags still works as expected.
Change-Id: Iffd5b8c7b3d6e4b128792a9dee7b97c6dfb251dc
Reviewed-on: https://gerrit.instructure.com/12632
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Reviewed-on: https://gerrit.instructure.com/13089
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jacob Fugal <jacob@instructure.com>
This list is *NOT* complete, some items may have snuck in that I forgot
to note, and/or some of the noted items may not be completely functional
yet.
Specs need to be written around a lot of this, other specs will no doubt
need to be fixed.
Some things, particularly around LearningOutcomeGroups will need data
migrations that aren't there yet.
* remove LearningOutcome.non_rubric_outcomes? and replace with false
where invoked
* remove LearningOutcome.enabled? and replace with true where invoked
* remove never-taken branches
* remove the shared/aligned_outcomes partial and it's supporting
javascript, since it's now empty
* remove js handler for add_outcome_alignment_link and supporting
method since it only occurred in never-taken branches
* mix LearningOutcomeContext into Course and Account
* replace LearningOutcomeGroup.default_for(context) with
LearningOutcomeContext#root_outcome_group
* rename LearningOutcome#content_tags to LearningOutcome#alignments
* rename LearningOutcomeGroup#content_tags to
LearningOutcomeGroup#child_links, and properly restrict
* remove ContentTag[Alignment]#rubric_association_id, add
ContentTag[Alignment]#has_rubric_association? that looks at the
presence of the content's rubric_association_id
* condition off the assignment having a rubric_association rather than
filtering tags by has_rubric_association (which just looks back at
the assignment). all or none of the assignment's alignments are
forced to have the association (via the assignment). this was true in
practice before, is now codified (and more efficient)
* rename AssessmentQuestionBank#learning_outcome_tags to
AssessmentQuestionBank#learning_outcome_alignments
* rename Assignment#learning_outcome_tags to
Assignment#learning_outcome_alignments
* rename Rubric#learning_outcome_tags to
Rubric#learning_outcome_alignments
* move/rename (Course|Account)#learning_outcome_tags to
LearningOutcomeContext#learning_outcome_links
* move/rename Account#learning_outcomes (corrected) and
Course#learning_outcomes to
LearningOutcomeContext#linked_learning_outcomes
* move/rename Account#created_learning_outcomes and
Course#created_learning_outcomes to
LearningOutcomeContext#created_learning_outcomes
* clarify and correct usage of linked_learning_outcomes vs.
created_learning_outcomes
* move/rename (Account|Account)#learning_outcome_groups to
LearningOutcomeContext#learning_outcome_groups
* remove unused Account#associated_learning_outcomes
* just remove one link to a learning outcome when deleting
* merge Account#has_outcomes?, Course#has_outcomes? and
Course#has_outcomes into LearningOutcomeContext#has_outcomes?, add a
use in Context#active_record_types
* kill LearningOutcomeGroup#root_learning_outcome_group (unused)
* rename LearningOutcomeResult#content_tag to
LearningOutcomeResult#alignment
* kill unused (and broken) OutcomesController#add_outcome_group
* kill unused OutcomesController#update_outcomes_for_asset
* kill unused OutcomesController#outcomes_for_asset
* remove unused (outside specs, correct specs)
AssessmentQuestionBank#outcomes=
* remove unused ContentTag#learning_outcome_content
* replace ContentTag.learning_outcome_tags_for(asset) (only ever called
with asset=an assignment) with call to
Assignment#learning_outcome_alignments
* remove unused ContentTag.not_rubric
* remove (now) unused ContentTag.include_outcome
* remove unused LearningOutcome#learning_outcome_group_associations
* avoid explicit use of ContentTag in outcome-related specs
* replace LearningOutcomeGroup#learning_outcome_tags with
LearningOutcomeGroup#child_outcome_links (and only use for outcome
links; not tags for child groups)
* split ContentTag#create_outcome_result into
Submission#create_outcome_result,
QuizSubmission#create_outcome_result, and
RubricAssessment#create_outcome_result. fix some bugs along the way
* refactor ContentTag.outcome_tags_for_banks and some code from
QuizSubmission#(track_outcomes|update_outcomes_for_assessment_questions)
into QuizSubmission#questions_and_alignments
* refactor RubricAssociation#update_outcome_relations and
Rubric#update_alignments into LearningOutcome.update_alignments
* don't use ContentTag#rubric_association with outcome alignments; use
the tag's content's rubric_association in its place (they should have
been equal anyways)
* refactor LearningOutcome.available_in_context and
@context.root_outcome_group.sorted_all_outcomes (only time
sorted_all_outcomes is used) into
LearningOutcomeContext#available_outcomes and
LearningOutcomeContext#available_outcome
* overhaul LearningOutcomeGroup#sorted_content and rename to
LearningOutcomeGroup#sorted_children. it not returns ContentTags
(outcome links) and LearningOutcomeGroups, vs. LearningOutcomes and
LearningOutcomeGroups; fix usages appropriately
* fix UI for arranging/deleting outcome links and groups within a group
to refer to the outcome link rather than the outcome
Change-Id: I85d99f2634f7206332cb1f5d5ea575b428988d4b
Reviewed-on: https://gerrit.instructure.com/12590
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Tested-by: Jacob Fugal <jacob@instructure.com>
This adds an alternative method for uploading files by giving Canvas a
public URL in the first step, rather than uploading the file data directly.
test plan:
- create a course file via the API upload mechanism
- make sure the return values are as documented
- make sure the file was correctly uploaded
- create a course file via the URL approach
- make sure the return values are as documented
- make sure the file status endpoint returns valid responses
- make sure the file was correctly stored in Canvas
- repeat that process with a file that has at least one redirect
- repeat that process but creating a homework submission file
- try to create a course file with a malformed URL
- confirm that the appropriate error message is returned
- try to create a course file with a relative URL
- confirm that the appropriate error message is returned
- try to create a course file with a URL that doesn't return 200
- confirm that the appropriate error message is returned
Change-Id: I2dcf711347ec4ef26d767ae1c1fa0bb056986651
Reviewed-on: https://gerrit.instructure.com/12143
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jeremy Stanley <jeremy@instructure.com>
A set of class functions were added to Delayed::Backend::ActiveRecord
for all the querying a updating functionality that the jobs admin needs,
so that no direct ActiveRecord queries are needed. The /jobs UI is
refactored to use these new functions.
There are a few differences in behavior: The search isn't a combined
wildcard search anymore. Instead, new "flavors" were added to the
drop-down for strand, tag, and ID. The search box searches only the
selected attribute, and it's exact match now.
Specs are being updated to use these new functions as well. Eventually,
no direct AR queries will be done against Jobs anywhere, so that non-AR
jobs backends are possible.
Also as part of this, all jobs require a queue now. Passing nil for the
queue will use the default of Delayed::Worker.queue.
test plan: Load /jobs, and verify that it works as before except where
there are differences as described above.
* Selecting flavors of jobs lists only those jobs.
* Searching by ID, strand or tag works.
* The hold/unhold/delete actions work in the various combinations of
filtering/searching.
* Linking to an individual job still works (though the query string
has changed so old links don't work)
* Running jobs and list of popular tags still works as expected.
Change-Id: Iffd5b8c7b3d6e4b128792a9dee7b97c6dfb251dc
Reviewed-on: https://gerrit.instructure.com/12632
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
There is an attachment spec that exercises some code that cares about the id
of the logged in pseudonym (attachment.rb:517). A mock object used to respond
to #id in 1.8 with the ruby object_id, but no longer in 1.9. We continue
emulating that behavior with the mock for the sake of tests.
Change-Id: Ife2369aa9c56b7f4303bbac4ff59ed105fff7db4
Reviewed-on: https://gerrit.instructure.com/10898
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
change the the list of recently logged in users to be loaded
asynchronously and paginated via the api.
test plan:
- navigate to /courses/:course_id/statistics;
- click on the 'Students' tab;
- verify that the most recent students have
loaded;
- in a course with > 25 users who have logged in, and some of
whom have multiple pseudonyms, view the same page
- verify that while scrolling, more students are loaded automatically
in until all the students in the course are present in the list.
Change-Id: I10ea92e0a286ce117ec0e957a91c8c347b89e751
Reviewed-on: https://gerrit.instructure.com/8404
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
since we have already "validated" the email (by virtue of them receiving
it and clicking on a link), we don't need to validate it here. fixes an
issue where users with non-email pseudonyms could not get past this page
also tweak form so that pseudonym can be specified if it needs to be set
(for example, the email was already taken by another user)
test plan:
1. as an admin create a new user with a login other than their email
address
2. check the user's /messages URL to see the email that was sent to the
user
3. copy and paste the URL that was sent in the email and navigate to it
4. the registration page should allow you to proceed and the label should
say "Login"
Change-Id: I563b53b16b950bd7f6dafc456349db74fd97b294
Reviewed-on: https://gerrit.instructure.com/12569
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
change registration flows for teachers, higher-ed students, and parents.
now users can start using canvas immediately before confirming their
email address (and setting a password). they get a nice big reminder when
they first view the dashboard, and can't edit their profile (or related
things) until they do so.
test plan:
1. go to the signup form for a teacher
2. fill it out
3. confirm that you are immediately logged in to the dashboard
4. confirm that you get a big popup when you first view the dashboard
5. confirm that you can't edit your profile
6. repeat steps 1-5 for higher-ed students (no join code)
7. repeat steps 1-5 for parents (observers)
8. confirm that students registering with a join code do not need to
verify their email address (since no email is sent)
Change-Id: I4e7e1c083d70725fffd345016f1ca1eec4aeab13
Reviewed-on: https://gerrit.instructure.com/12172
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
other changes:
- makes it possible to add a student to multiple sections in the course
- pagination of the user lists
- converted user tab js to coffee and backbone
test plan:
- as a teacher go to /courses/*/settings#tab-users
- verify that multiple students can be linked/unlinked to an observer
- verify that users can be added to and removed from multiple sections
- verify that 'Resend Invitation' and 'Remove from course' work
Change-Id: I0f64f72f1937348817990b6f13b6310185b68a73
Reviewed-on: https://gerrit.instructure.com/10865
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Joe Tanner <joe@instructure.com>
a masquerading user should not be able to see a list of the masqueradee's
google docs file. additionally, a masquerader should not have the google docs
tab as an option for file upload submission.
test plan:
- in an account with google docs enabled
- in a course with a file upload assignment
- masquerade as a student who has google docs enabled
- go to the assignment tab and click submit
- google docs should not be an option
- stop masquerading, and log in as the student
- go to the assignment tab and click submit
- you should be able to successfully commit and file from google docs
Change-Id: I31ca6e7ca4b89331c9eabca7130eb7fc47417875
Reviewed-on: https://gerrit.instructure.com/12170
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
In a group graded discussion assignment, when creating the child topics for
each group, the new discussion topics were touching their root topics, kicking
off a new job to refresh the subtopics. This created a race condition where
duplicate subtopics for the group could get created, in addition to a lot of
unnecessary jobs. This commit moves the touch to only happen when an entry in
a subtopic is updated, tightens up some conditions in the way soft-destroys
cascade between assignment and discussion, and adds a unique index on
context+root_topic to prevent this from happening in the future.
test plan:
- ensure that creating a group discussion assignment still creates all
necessary sub-topics for the groups
- in a course with many student groups, create a new group discussion
assignment.
- each group should only have one unique topic for this assignment
- delete a group discussion assignment, it should delete all associated topics
at the course and group levels
- also try initiating the delete from the root topic. the assignment and sub
topics should be deleted
Change-Id: I9b0fb79c2c2b3b9512802a781b8ea0f4364af541
Reviewed-on: https://gerrit.instructure.com/11712
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Fixes up some abstraction so that we can add other jobs backends and
specs, migrations, etc will work as expected.
Also remove some unused parameters from the Delayed::Job methods for
finding and locking jobs.
test plan: run the database migrations on a new db, and migrations
should work without error. delayed jobs should also be created and
processed by workers without error.
Change-Id: I1fe6ef5464f9780db3010fa002703fc030832f8d
Reviewed-on: https://gerrit.instructure.com/11590
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
test plan: follow a user and a group, make sure that makes you
auto-follow all the existing collections. add a new collection and
verify you're now following that new collection.
this only applies to public un-deleted collections, or all un-deleted
collections if you're a member of the group.
Change-Id: I163f26661d8537f059955cf34edb48cbeafa24b6
Reviewed-on: https://gerrit.instructure.com/11381
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
fixes#8508, refs #7561
test plan:
* create or edit a new appointment group
* add course(s) or sections from some courses
Change-Id: I8813f312fe5a36ca83ed9dce9c66cbab761d463e
Reviewed-on: https://gerrit.instructure.com/10703
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
spec updates for 1.9
* fix a syntax error
* update our html_escape backport so that rails 1.9 doesn't print
constant warnings about using the "n" regex option with a utf-8
string (as a bonus this is also a lot more efficient)
* fix using a migration class as a rspec describe context, because its
method_missing prints the method name to console so we get a ton of
"to_ary" etc printed
* fix post header checks in spec/lib
Change-Id: I634570e516252e9a2fbef9f13a55d1bae0a254cd
Reviewed-on: https://gerrit.instructure.com/10856
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Jenkins <jenkins@instructure.com>
In this first phase, we use the image url passed in, or take a snapshot
of the link if no image url is given.
test plan: using the API create a collection item without an image url.
After the job runs, the item will have a image_url returned. Then create
another item passing in an explicit image url and verify that's used
instead.
Change-Id: I2134b0014a3135ef0580461a6321d1adc99c2e9c
Reviewed-on: https://gerrit.instructure.com/10764
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
The "To Do" area of the sidebar was displaying quizzes and assignments
that are locked. This adds a named_scope called "not_locked" to Assignment
and adds it to the conditions used in User#assignments_needing_submitting.
They remain showing under "Coming Up" area.
Test Plan:
* Create a quiz that is due within the next 6 days and locked until some future time
between the due date and now.
* As a student in the course, the quiz should show up under "Coming Up"
but not in "To Do"
* If the locked until time is changed to make the quiz available, it should
now show up in the "To Do" area.
Change-Id: Ia049cabe7bd9130faf0e0a767362cb3de01763e6
Reviewed-on: https://gerrit.instructure.com/10602
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Joe Tanner <joe@instructure.com>
* add the foreigner gem so plugins can begin adding foreign keys
immediately
* add an extension to do less locking when creating foreign keys
on postgres 9.1+
* fix a few pieces of code that either don't properly clean up
foreign dependencies, or create objects in the wrong order
to maintain referential integrity
* change the specs to truncate all tables in a single command
for postgres (to avoid referential integrity errors; also
slightly faster)
test plan:
* no user visible functionality should change
Change-Id: I185e478b99fbe598d408912053c34a064aa9c461
Reviewed-on: https://gerrit.instructure.com/10580
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes two issue with the ungraded count logic:
1. the submission triggers updated the count regardless of the enrollment
status (or existence). teachers or people not even in the course could
cause the count to change (e.g. by taking/previewing a quiz)
2. the enrollment triggers did not factor in the enrollment type. so
teachers/tas (un)enrolling in the course would cause the count to
change if they had any submissions (e.g. from a quiz)
test plan:
1. create a quiz with essay questions (so that submissions will need to be
graded)
2. enroll a student in multiple sections in the course
3. take the quiz as the student
4. take the quiz as the teacher
5. take the quiz as an admin not in the course
6. confirm the ungraded count is just 1
7. unenroll the teacher
8. confirm the ungraded count is still 1
9. unenroll the student
10. confirm the ungraded count is now 0
Change-Id: I11dbf3915d79f9820267469fad8949abfa008e14
Reviewed-on: https://gerrit.instructure.com/10451
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Joe Tanner <joe@instructure.com>
fixes#8314fixes#8315
fix the interplay between submission and quiz_submission when manually grading
a quiz_submission's questions or fudge points while another version of the
quiz_submission is currently in progress. we overcorrected slightly in the last
fix.
test plan:
- on a quiz that allows multiple submissions (try with both keep-highest and
keep-latest settings)
- as a student, complete this quiz, then start taking it again and leave the
page
- as a teacher, try grading it from the quiz history page or the speedgrader.
change question points and fudge points. changes should save across reload
and the score should be in the gradebook.
- also try changing the grade directly in gradebook. and check that the change
is mirrored in the quiz history page
- as the student, finish the second attempt and start a third.
- repeat the above checks as the teacher, ensuring that the appropriate score
(highest or latest) comes through in the gradebook.
Change-Id: Id5c0b60c9d0c5f56aae625c3192bd50f93d671b8
Reviewed-on: https://gerrit.instructure.com/10373
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
closes#6832
Test plan:
- in a separate branch (master), create a new appointment group and
assign it a group category or section
- switch to this branch and migrate; the appointment group should
still be assigned to the group or section you chose earlier
- create a new appointment group and assign it some course sections
- verify that students in those sections can reserve appointments, but
not students that do not belong to those sections
Change-Id: I1662374c5e6d2e5e9f7d6b54b0bc91420f150b7a
Reviewed-on: https://gerrit.instructure.com/8765
Tested-by: Jenkins <jenkins@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
submissions that are pending_review, which right now is just quiz submissions
with essay questions, were improperly being shown as 'not submitted' in the
coming-up events list on the dashboard and course home page. this correctly
marks them as submitted.
test-plan:
- create a quiz with an essay question and a due date in the next week
- as a student verify it shows in coming up as 'not submitted' on the dashboard
- take the quiz
- it should now show as 'submitted'
- make sure other events in the coming up list show correct states.
Change-Id: I3ad8d208f6b1d3a9366e68e869652c22ab2702d6
Reviewed-on: https://gerrit.instructure.com/9948
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
allows course admins to view the course from a student perspective. this is
accessible from a button on the course/settings page. They should be able to
interact with the course as a student would, including submitting homework and
quizzes. Right now there is one student view student per course, so if the
course has multiple administrators, they will all share the same student view
student.
There are a few things that won't work in student view the way the
would for a normal student, most notably access to conversations is disabled.
Additionally, any publicly visible action that the teacher takes while in
student view will still be publicly visible -- for example if the teacher posts
a discussion topic/reply as the student view student, it will be visible to the
whole class.
test-plan:
- (the following should be tried both as a full teacher and as
a section-limited course admin)
- set up a few assignments, quizzes, discussions, and module progressions in
a course.
- enter student view from the coures settings page.
- work through the things you set up above.
- leave student view from the upper right corner of the page.
- as a teacher you should be able to grade the fake student so that they can
continue to progress.
- the student should not show up in the course users list
- the student should not show up at the account level at all:
* total user list
* statistics
Change-Id: I886a4663777f3ef2bdae594349ff6da6981e14ed
Reviewed-on: https://gerrit.instructure.com/9484
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Fixes a race condition where the view might get generated by the job
without the new entry.
test plan: this is difficult to duplicate by hand, but you could put a
breakpoint in and verify the job doesn't get inserted before the
transaction commits.
Change-Id: I6c373553dfae409adab25dd9e3bafc7126169231
Reviewed-on: https://gerrit.instructure.com/9710
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
This API abstracts away the difference between S3 uploads and local
storage uploads, while still allowing direct-to-S3 functionality to
avoid typing up Rails processes during S3 uploads.
The only concrete starting endpoint I've implemented in this changeset
is for submission file uploads. Uploads to course and user files is
coming in a subsequent changeset.
test plan:
see the api doc (generate with rake doc:api). repeat this test for both
s3 and local storage configurations.
first, post to the submission file upload endpoint, get your
upload_params back. use that to post the actual file data to the url
returned. then follow the redirect back to canvas, and verify you can
download the file from the url given in the json response. verify you
can attach the new file as part of an assignment submission.
edge cases to test:
* in local files, verify that attempts to modify the policy will fail
the request. in s3, amazon handles this.
* verify that if you do step 2 without step 3, the file isn't available.
* if you do step 1 but wait more than 30 min to do step 3, the upload
will be rejected.
* make sure you can't upload twice in the 2nd step
* make sure you can't verify twice in the 3rd step
Change-Id: I9b16b6e75defe9da551b965d9401f2cad8801f1d
Reviewed-on: https://gerrit.instructure.com/9552
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
add the ability to query enrollments for a given section with the api, and use
that api URL to load the section lists for courses/x/sections/y.
test-plan:
- in a course users split between sections
- go to /courses/x/sections/y
- make sure appropriate people are there
- no gui the creates enrollments for the section, so try posting to
/api/v1/sections/x/enrollments to create an enrollment for that section.
Change-Id: I434b10dc20e36f43e48bbad5caa8886796211b82
Reviewed-on: https://gerrit.instructure.com/9364
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
in the top bar, where it says (student x of y), y should be the correct count
of students in the course, even if students have multiple enrollments.
test-plan:
- create a course with students with multiple enrollments
- load speedgrader, check the count
Change-Id: I6efbe887cf11aef318587a9da20704e76463c673
Reviewed-on: https://gerrit.instructure.com/9239
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cameron Matheson <cameron@instructure.com>
test plan:
* use canvas and ensure that notifications work
Change-Id: Ie46f049aab5dde7167c3ea4228e503c7a686c839
Reviewed-on: https://gerrit.instructure.com/9154
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
quiz submissions that have essay questions are marked as pending_review, but
they have a grade, so the previous trigger was ignoring them when incrementing
the needs_grading counts. this changes increments the counter for
pending_review even if there is already a grade.
test-plan:
- create a quiz with an essay question
- as a student, submit the quiz
- as a teacher, your to do list should indicate that you have a quiz that needs
grading.
fixes#5326fixes#7466
Change-Id: I7cf2293bb43df882000902109124810e896e66ad
Reviewed-on: https://gerrit.instructure.com/9095
Reviewed-by: Jon Jensen <jon@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
tweak our javascript so that the rubrics controller update method knows that we
want to save the rubric association even if we can't modify the rubric. also
clean up some unused code in the rubric spec that was confusingly named
read_only, but not related to the rubric read_only property.
test-plan:
- create a rubric
- create two assignments that have the same points
- associate the rubric with the first assignment and select it be used for
grading. make sure it sticks across refresh (and the rubric is not
duplicated)
- same for the second assignment
Change-Id: I2c32d4da35eff508680f0a19c97cb1111fe4cef1
Reviewed-on: https://gerrit.instructure.com/8981
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
also fix/enable zip file uploads in group and user contexts -- they were
partially enabled, but broken. This required generalizing
UnzipAttachment to work for any context, not just courses, though that
was mostly just a matter of renaming things.
The zip file uploads in accounts are still not enabled, as the accounts
file section is not implemented yet, though it's referenced in the
routes file.
fixes#5913fixes#5728fixes#5463fixes#5012
test plan:
* upload a zip file to a course, to a group, and to a user's files. in
each case, try uploading the zip both through the button in the file
browser, and by dragging a zip file into the file browser (in a
capable web browser)
Change-Id: I6c648ef677d2bd61ae41a2b8fe0f89be43d63375
Reviewed-on: https://gerrit.instructure.com/7402
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
test plan:
1. create a quiz
2. change the type to one of the survey options
(graded survey works)
3. add a question
4. publish the survey
5. take the survey as a student
6. go the quiz summary as the teacher and click on
"show student survey results"
7. Observe the students name/email is not anywhere
on the page (page title, bread crumb in
particular)
Change-Id: I58bc62266f2e9150224cf6f8c39f1726088630c2
Reviewed-on: https://gerrit.instructure.com/8999
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
section limited ta's are correctly only able to see/change grades for students
in their section, but the reported counts of ungraded students were incorrectly
being pulled from all sections.
test-plan:
- create a course with multiple sections, and an assignment with submissions
- create students for each section, and submissions for each student
- as a section limited ta, go to /courses/x/assignments/y. you should see "n
out of m Submissions Graded"; n and m should make sense
- go to the speed-grader, at the top you should see "student n of m"; make
sure n and m make sense
Change-Id: I1f59b037c38cb4671165ac0fc201eaa7dc2e3350
Reviewed-on: https://gerrit.instructure.com/9054
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Rather than displaying the comments, we were just showing the
placeholder "the assessor will use this area to enter comments".
test plan:
* create an assignment and a rubric used for grading. on the rubric,
select the "use freeform comments" option.
* grade a student on the assignment, and enter comments on the rubric
rows. add some line breaks or urls, to test the html formatting.
* as a student, go to your course grades summary page
(/courses/X/grades), verify that when you click to show the rubric,
the comment is displayed and properly html-ified.
* as the student, do the same on the individual submission page
(/courses/X/assignments/Y/submissions/U)
Change-Id: Ic4667eda36064d3fd4d70eec0d2bd7656e543051
Reviewed-on: https://gerrit.instructure.com/8908
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
we were showing these grading schemes in the list of options you had, but we
weren't allowing them to be set. this brings into line what is
shown in the list with what can be set
test-plan:
- make a course level grading standard and an account level one
- make sure they can both be set for the course (or an assignment in the
course) both by their creator or another teacher.
Change-Id: I951e7fb6102b8b8574234d0fa201ed0b4eaa5e57
Reviewed-on: https://gerrit.instructure.com/9004
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
FileInContext (used by the zip importer) was bypassing the filename= setter
for Attachment, so when using attachment_fu, sanitize_filename was not getting
called on the filename. This resulted in us generating S3 urls with characters
in them like filename[0].txt. That normally worked fine. However, Firefox
would escape those characters when redirected to a URL like that, which would
cause a signature mismatch with S3.
This commit stops bypassing the filename= setter so files uploaded as zip
files and in migrations have escaped filenames. Because of difficulties
testing S3 attachments, the included spec is weak.
This also includes a migration that will rename attachments with []" in their
filenames, and make a copy of the S3 object to match.
There is also an unrelated spec refactor around faking out a portion of the
code about S3.
test plan:
* Enable S3
* Create a ZIP file with a file in it with a name like test[0].bin
* Upload that ZIP file to your files are, choosing to unpack the ZIP contents
* Verify that you can download the extracted file using firefox
* Also verify that the attachment's filename is escaped in the db
Change-Id: I54fc0682b64a9e0021b4b41236f8cab168a0e56e
Reviewed-on: https://gerrit.instructure.com/8875
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes#7095
This is an existing feature that just needed some UI improvements. If
the quiz submission is marked as needing grading because the quiz has
changed significantly since it was submitted, we were showing "The
following questions need review" and then an empty list of questions.
test plan:
* create a quiz, and have a student take it
* then significantly change the quiz -- change how many points it is
worth, for example, and re-publish
* the student's submission should now be marked as needing review, and
viewing the submission should show the teacher a message about the
submission needing review because the quiz has changed
significantly. It shouldn't show an empty list of questions needing
attention.
Change-Id: Ibe388a661dda34c47bcb91b5932db5d37719a01b
Reviewed-on: https://gerrit.instructure.com/8819
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Simon Williams <simon@instructure.com>
test plan:
* set a custom css for site admin
* other root accounts should pick up that custom css
immediately without restarting the server
Change-Id: Ief1356f7a67b3ea461656bc8f6a9bf1938566b91
Reviewed-on: https://gerrit.instructure.com/8522
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
We want to be able to change or delete enrollments on the course settings page,
even if there are multiple enrollments for a single student. This commit adds
this ability, and adds tests to ensure that multiple enrollments are coalesed
under a single user.
test-plan:
- create a course with three sections
- enroll a student in two of these sections (from the console)
- navigate to the course settings page, users tab
- make sure the student only shows up once, with both enrollments listed
underneath
- try changing one of these enrollments to the third section.
- try deleting one, and then both of these enrollments
Change-Id: I4bc35ac2f79fd6297b50e5217a567290eff59a92
Reviewed-on: https://gerrit.instructure.com/8364
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
test plan:
1. click on the sent filter
2. ensure you only see non-archived conversations where you have written
at least one message
3. ensure that the timestamp and preview on the left reflect your latest
message (not necessarily the latest in the conversation)
4. ensure the conversations are sorted by the timestamp of your most
recent message
5. ensure that when you delete the last message by you in a given
conversation, that conversation is removed from the ui
Change-Id: I85468d19122f1190bd2c53cb640145b7d14e2b42
Reviewed-on: https://gerrit.instructure.com/8416
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
when you add a learning outcome to a rubric, you can optionally choose to
ignore it when grading. this commit ensures that point totals acutally ignore
the line consistently across the varios places they are displayed, including
when creating the rubric, when grading from the speed grader, and when grading
from the assignment submission page.
test plan:
- create a learning outcome
- create an assignment with a rubric for grading
- make sure the rubric has at least one normal criterion for grading
- include the learning outcome, and choose ignore for grading
- make sure point totals are consistent in the rubric form
- grade the assignment with the speed_grader, make sure point totals are
consistent.
- modify the grade at /courses/c.id/assignments/a.id/submissions/user.id and
make sure point totals are still constistant.
Change-Id: I454d73897ee5d4e6413b7c653ffafa1c4ac98e2e
Reviewed-on: https://gerrit.instructure.com/8263
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
provides a role override permission for viewing discussions. primarily useful
for disallowing observers from reading discussion, although by default it is
enabled.
test plan:
- create a course
- create a discussion (d1) in that course
- create a discussion assignment (d2) in that course
- log in as an observer and make sure you can see both discussions above
- log in as an admin and revoke the read_forum permission for observers
- log back in as the observer and make sure you can't see the discussions
- also check that the assignment shows the assignment page, but does not
redirect to the associated discussion.
Change-Id: I4c6441c781c24e6aadacbfc23dcc307c772ecd2c
Reviewed-on: https://gerrit.instructure.com/8069
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Cody Cutrer <cody@instructure.com>
Hook into the redis library at a pretty low level, to try and do
everything we can to avoid erroring if redis goes down. This applies to
both redis-as-cache and redis-as-data-store.
test plan: Set up redis and caching in your local instance. Point it to
both an existing box on a port not running redis, and a non-existent IP.
In both situations, you should not see caching errors or redis data
errors. After the first error, it shouldn't attempt to hit redis again for 5
minutes.
Change-Id: I101b2d3d2123151b244eb82ba78b176ed1f4d5ad
Reviewed-on: https://gerrit.instructure.com/8097
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
ContentZipper for some reason was allowing fetching all files (as if a
teacher) when user was not specified. This fixes that and requires correct
permissions when zipping up a folder.
It also runs a migration which will delete existing folder zip files for
anonymous users, since those are cached.
test plan:
* Create a public course and put some files in it.
* Lock and hide some of those files.
* Log out and browse to the course files.
* Choose "download zip file".
* Verify that the zip file you get only has visible files in it.
Change-Id: Icf5929f7d1dbc4a7f2122337aff9ed6ae003af12
Reviewed-on: https://gerrit.instructure.com/8085
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
In the SpeedGrader, if you went past a user with > 1 submission, grading
subsequent students with only one submission would result in a page error in
the submission content iframe after the grade is saved. We were only
populating the <select> element for > 1 submissions people, and the change()
binding on it would call for everyone else, triggering badness.
test plan:
* Create 2 users in a course with an assignment.
* Submit the assignment twice as student A, and once as student B.
* In SpeedGrader for that assignment, browser to student A, then student B.
* Grade student B's submission.
* Notice that when the submission reloads in the iframe, it is not a page
error.
Change-Id: If461ecc1121fcae0549f1f451ecaa33edf2aa69e
Reviewed-on: https://gerrit.instructure.com/8046
Reviewed-by: Ryan Shaw <ryan@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
allow points in rubric criteria and ratings to have decimal values. in working
with brian, we're operating under the following assumptions:
- round to 2 decimal places
- splitting always gives you a integer by default (you can change it yourself after)
- if there's not room to split with an integer, repeat the low value
test plan
- create a new rubric
- change a criterial value to something with a decimal point
- try setting specific ratings with decimals
- try to split between a large space (ie 10.5 and 0), should be 5
- try to split between a small space (ie 0.5 and 0), should be 0
closes#5355
Change-Id: I17e26fe18dda0847fa59dd40976e4d6f38851287
Reviewed-on: https://gerrit.instructure.com/7882
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Brian Palmer <brianp@instructure.com>
Reviewed-by: Ryan Florence <ryanf@instructure.com>
* adds course url to course record
* adds avatar url to users record more globally
test plan: make api calls that return courses or users, ensure they still work
Change-Id: I1db69fe3865a39744ba7f3fcc7fc885f46c6551b
Reviewed-on: https://gerrit.instructure.com/7496
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Test Plan:
* Create a tool with api
* Edit tool with api
* Get tool with api
* List tools with api
* Delete tool with api
* Etc., etc.
closes#6589
Change-Id: I3f1adc97937588534f8005574bd0278b6f03cbde
Reviewed-on: https://gerrit.instructure.com/7612
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes#6510
Most of this is a refactor so that all API JSON generation goes through
an api_json method, in order to standardize stuff like permissions and
:include_root. The existing specs verify that this doesn't inadvertently
change any existing responses -- except the discussion topics responses,
which were returning the :permissions array in the json unintentionally.
The refactor fixes the locked assignment response as a side effect.
Change-Id: I287b366fe05ef6116f713fc52075aff93d5e87b6
Reviewed-on: https://gerrit.instructure.com/7262
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
testplan:
* make sure user models destroy transactionally
* create two users, one with a managed pseudonym and one without,
destroy both, and make sure that the failure to remove the managed
pseudonym makes the original user destroy bail
* make sure you can force delete a user with managed pseudonyms
* make sure that the account controller can destroy users with managed
pseudonyms
* make sure the users controller can destroy users with managed
pseudonyms only when the current user has permission
* also, make sure other user destruction functionality is unchanged
* make sure the users controller doesn't confirm a deletion when
the user doesn't have permission
* make sure we don't add a user destruction link when we know the
destruction will fail, but add it otherwise
Change-Id: Ie7c17de1134543fe55a3fdd03c60879925ecc50d
Reviewed-on: https://gerrit.instructure.com/6832
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
fixes the logic that determines when to display the "Customize" and
"View all courses" links in the course menu. the two problems were:
1. if all Courses were already favorited (via Customize UI), the
Customize link would no longer show up
2. if the number of active enrollments was less than 12, but with your
temporary enrollments you exceeded that, you would not see the
"Customize" or "View all courses" links
test plan:
* enroll in more than 12 courses and customize the menu so they all
appear. ensure you can still customize the menu when you reload the
page
* enroll in fewer than 12 courses and then invite yourself to a bunch of
courses so that your total exceeds twelve. ensure that you can
customize the menu and you have a "View all courses" link
* basic regression of course menu customization
Change-Id: Iaddc54fd011159a498e39c28adfd81672f87261f
Reviewed-on: https://gerrit.instructure.com/7141
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>
test plan: run the tests
Change-Id: If7fd4288520af765211a026ff0202b18249f86fe
Reviewed-on: https://gerrit.instructure.com/7254
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
When student submits a quiz with an essay question, it now
displays as ungraded in Speedgrader until the grader reviews/
grades the essay question.
test plan:
1. create a quiz with an essay question;
2. complete the quiz;
3. view the quiz assignment in speedgrader;
4. verify that assignment is marked as "not graded"
in the student dropdown menu;
5. grade the essay question;
6. verify that the assignment is now marked as "graded"
in the student dropdown menu.
Change-Id: I67ca56df2ec08380c75aa1ddf64fe8848e2b574d
Reviewed-on: https://gerrit.instructure.com/6619
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
We are now prepending all json responses with "while(1);" to protect
against browsers that allow stealing this information from a <script>
tag on third-party sites, by overriding constructors or property
getters/setters.
this loop is not prepended to API requests, unless those requests are
authenticated via a session cookie (canvas itself makes API
requests using the user's session, but we don't want third-party apps to
have to remove the loop before parsing).
fixes#6459
Change-Id: Icf00056d4d7fba198a8957892af09cdd84d55bc4
testplan:
* Do anything in the application that results in a AJAX request
returning JSON -- for instance, load your list of conversations.
* Use a web inspector to verify that the canvas is returning the JSON
response with this prepended loop, but that the javascript code
handles that and still can parse the response.
* Make API calls to Canvas, verify that nothing is prepended to the
JSON responses.
Reviewed-on: https://gerrit.instructure.com/7144
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
mocha deliberately doesn't support evaluating thunks in mocked objects,
so, that broke our usage pattern when we switched.
testplan: n/a
Change-Id: I2ae8d2e4de1249965b12659ee76a785b13f7c73d
Reviewed-on: https://gerrit.instructure.com/6654
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
This uses redis to store the nonces as locks that expire after 90
minutes. Timestamps are epoch UTC values, as per the oauth spec.
testplan: send oauth requests to the api endpoint with the same nonce
more than once, or with a too-old timestamp
refs #5892
Change-Id: Id6130c2a07e206dad716673aa6adbe9d36565a7c
Reviewed-on: https://gerrit.instructure.com/6683
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
This was already happening for a couple of the default front
pages, but this fix makes it happen for all of them
closes#5842
Change-Id: If11db2e93cdfe228a3ee9019ff68ffe97e03696f
Reviewed-on: https://gerrit.instructure.com/6601
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
refs #5948
adjust specs so that if a login does inject themselves in by adding
additonal redirects, we keep following them
Change-Id: I16e616066ea1bef1aa5ed97718cbd8ddbd2c27c5
Reviewed-on: https://gerrit.instructure.com/6536
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
fixes#5573, #5572, #5753
* communication channels are now only unique within a single user
* UserList changes
* Always resolve pseudonym#unique_ids
* Support looking up by SMS CCs
* Option to either require e-mails match an existing CC,
or e-mails that don't match a Pseudonym will always be
returned unattached (relying on better merging behavior
to not have a gazillion accounts created)
* Method to return users, creating new ones (*without* a
Pseudonym) if necessary. (can't create with a pseudonym,
since Pseudonym#unique_id is still unique, I can't have
multiple outstanding users with the same unique_id)
* EnrollmentsFromUserList is mostly gutted, now using UserList's
functionality directy.
* Use UserList for adding account admins, removing the now
unused Account#add_admin => User#find_by_email/User#assert_by_email
codepath
* Update UsersController#create to not worry about duplicate
communication channels
* Remove AccountsController#add_user, and just use
UsersController#create
* Change SIS::UserImporter to send out a merge opportunity
e-mail if a conflicting CC is found (but still create the CC)
* In /profile, don't worry about conflicting CCs (the CC confirmation
process will now allow merging)
* Remove CommunicationChannelsController#try_merge and #merge
* For the non-simple case of CoursesController#enrollment_invitation
redirect to /register (CommunicationsChannelController#confirm)
* Remove CoursesController#transfer_enrollment
* Move PseudonymsController#registration_confirmation to
CommunicationChannelsController#confirm (have to be able to
register an account without a Pseudonym yet)
* Fold the old direct confirm functionality in, if there are
no available merge opportunities
* Allow merging the new account with the currently logged in user
* Allow changing the Pseudonym#unique_id when registering a new
account (since there might be conflicts)
* Display a list of merge opportunities based on conflicting
communication channels
* Provide link(s) to log in as the other user,
redirecting back to the registration page after login is
complete (to complete the merge as the current user)
* Remove several assert_* methods that are no longer needed
* Update PseudonymSessionsController a bit to deal with the new
way of dealing with conflicting CCs (especially CCs from LDAP),
and to redirect back to the registration/confirmation page when
attempting to do a merge
* Expose the open_registration setting; use it to control if
inviting users to a course is able to create new users
Change-Id: If2f38818a71af656854d3bf8431ddbf5dcb84691
Reviewed-on: https://gerrit.instructure.com/6149
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jacob Fugal <jacob@instructure.com>
we would need a separate cache for each [@current_user,
@real_current_user] combination because the authenticity token is
included in the html here -- it's not really worth it, just skip the
cache when masquerading.
Change-Id: Ie1440a6e592ef96649467e06006520d176438a70
Reviewed-on: https://gerrit.instructure.com/6385
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
Assessment questions can be shared among multiple contexts, so we need to make
the Canvas links used inside authorized to anyone with the link.
Change-Id: I0df4907405fd518ee0efebccf1b9fb8717dca141
Reviewed-on: https://gerrit.instructure.com/6341
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
fixes#5737
There is one situation where a session is still desireable -- if the
attachment data includes links, for instance a html file attachment,
then a session will be needed to view the links from that file. The
limited safefiles session will still be created when downloading the
file, so apps can optionally use the session to support that
functionality.
Change-Id: I48558c4a3217ebea92118f8f08d1254041bd65e5
Reviewed-on: https://gerrit.instructure.com/5860
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
so that things don't asplode if you do something that auto-commits the
transaction, and then AR can neither commit or rollback the transaction
it thinks it's in
Change-Id: I9df10697a255f60155fa256d93675aa8792009be
Reviewed-on: https://gerrit.instructure.com/5943
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
notable changes:
* nothing is processed as a sis-import blocking error now. bad imports now
result in warnings, while just skipping bad data
* we no longer check for duplicates before going to the database
Change-Id: Iedc96b29d92caccdc6a71ae1de8100a1c82dd137
Reviewed-on: https://gerrit.instructure.com/5724
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Cody Cutrer <cody@instructure.com>
also streamlined conversations json and made it more consistent
Change-Id: I422d9eaf5e2e8d228c184302cb2e95d2755f50d4
Reviewed-on: https://gerrit.instructure.com/5399
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
requires :manage_courses, or :manage_sis and the course is a SIS
course, or :update (teachers) and the course is not a SIS course.
Change-Id: I198897164c5fb024fad4bc594500296200eaf4a0
Reviewed-on: https://gerrit.instructure.com/5371
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
also tweaked named_context_url to work better with UserProfile
contexts
Change-Id: If16ef16db507c8713436d0d88a1867f206ecdf48
Reviewed-on: https://gerrit.instructure.com/5225
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Jon Jensen <jon@instructure.com>
The specs didn't catch this because our user_session spec helper stubs
out PseudonymSession, so you'll have the user session available even if
you make a request to a different domain name, so the normal user
permissions were being applied. I've upgraded the specs to make sure
that the user isn't getting logged in on the safefiles
request.
Change-Id: I01b64a87bb51fbf2e947f5c2a1ae5471d1f1e216
Reviewed-on: https://gerrit.instructure.com/5244
Reviewed-by: Cody Cutrer <cody@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Refs #4952
* Fix saving role overrides for Site Admin account roles
* Add the following permissions:
* read_course_list (for listing or searching courses)
* view_statistics (for viewing account statistics)
* manage_user_notes (instead of being implied-ish by read_reports)
* Hide UI elements that provide access to features that are not
allowed
* Remove lots of not applicable stuff from Site Admin settings
Change-Id: I7414368b472ba655d04118db30c1bb46542deb37
Reviewed-on: https://gerrit.instructure.com/5054
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
* Add conference_close route for group conferences
* Pull *group* conferences, not the group's context's conferences
when showing the groups' feed
* Add the conferences tab (where appropriate) to the group sidebar,
so the conferences controller won't refuse to work
Change-Id: I37bfb546c4bf8ad4078e4c9ca7a7292bb475af2c
Reviewed-on: https://gerrit.instructure.com/4954
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
Rather than always showing the term of the course, we're going to show it if
the following conditions are met:
* it's not the "Default Term"
* the user has at least two courses with the same name in different terms
On the full list of enrollments screen, we'll always show the term if it's not
Default Term.
Change-Id: Id1424b13feb0c9cd65eed7cc48e980c3a4603f2d
Reviewed-on: https://gerrit.instructure.com/4907
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Whitmer <brian@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
refs #5029
For now we're going to continue to support api key+basic auth as an
alternative to oauth and access tokens, though eventually this will be
phased out.
This also switches all the api specs to using oauth tokens, except for
the new specs that explicitly test the old method is still supported.
There is one change: GET requests now require the api_key as well, if
using the api_key auth method.
Change-Id: I97d6c71be7afaa655da521d774930b2649961ffe
Reviewed-on: https://gerrit.instructure.com/4720
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
Concluded teachers should be able to see quiz statistics,
a read-only view of quizzes, student grades, discussions,
files (including download). They should not be able to
change any grades, however.
fixes#4059
Change-Id: Ie44a29074ec27b9d0afb908b31f51b46b0e98728
Reviewed-on: https://gerrit.instructure.com/2783
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Adds the ability for admins to configure a second LDAP server that will be
queried after the primary, assuming the user could not be found on the
primary. This is a slight refactor towards a more flexible authorization
configs model. Changes include:
* changed the authorization relationship on Account to has_many
* for backwards compat with all the code that assumes one config, added
a convenience method to Account
* refactored the auth config editing screen to send multiple configs at a
time
* modified the pseudonym to iterate over all the auth configs (when using
ldap), stopping at the first one that succeeds
Change-Id: I6bae474f542e8c7046f07d4ab2c27e7d6f64a1ce
Reviewed-on: https://gerrit.instructure.com/4108
Reviewed-by: Brian Palmer <brianp@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
This shaves a few seconds off each selenium spec in my local env
Change-Id: I73af04e18a75c5964474bf396ea7bafc8527d384
Reviewed-on: https://gerrit.instructure.com/4083
Tested-by: Hudson <hudson@instructure.com>
Tested-by: Selenium <selenium@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
In this mode, any courses, sections or enrollments that aren't
referenced in the sis import will be deleted.
This is the back-end piece, support in the UI and API are coming next.
Change-Id: Ica634f9fa7008ef7b612c4ea43163792f5d54fa5
Reviewed-on: https://gerrit.instructure.com/3768
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
This alternate url can be used for strange setups where someone wants to wrap
their CAS login in an iframe. When logging in via this method, the iframe will
be exited after returning from the CAS server.
Change-Id: I53561f824451a8b7319c4a821aaada9a459e6226
Reviewed-on: https://gerrit.instructure.com/3669
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Brian Palmer <brianp@instructure.com>
before we were recording these values but not doing
anything about it. This commit starts scheduling
delayed_jobs to activate/conclude enrollments
in the background when dates pass.
it does not conclude/publish courses/sections
automatically, though. if we want that to be
automated based on dates then I think we should
do that in a separate commit.
fixes#3356
Change-Id: Id94356fbc5b82196dd041fdb250607a7633cee9f
Reviewed-on: https://gerrit.instructure.com/2431
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
added wimba web conferencing support, moved dimdim config into plugin
settings, fixed a few web conferencing ui issues
Change-Id: I6b36b0e594a9f296d14cd35bec02186478bcbd13
Reviewed-on: https://gerrit.instructure.com/2343
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
We check responds_to?(:context) on many objects in our app, to duck type
context-owned objects. So in test mode when rspec is loaded, this causes
a lot of issues since every object ends up responding to :context.
Change-Id: I97f804e696e0e553b6fc7ef9b0700d0bdea7e9b2
Reviewed-on: https://gerrit.instructure.com/2221
Reviewed-by: Bracken Mosbacker <bracken@instructure.com>
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: JT Olds <jt@instructure.com>
Simon Williams