1347 lines
52 KiB
Ruby
1347 lines
52 KiB
Ruby
#
|
|
# Copyright (C) 2011 - 2012 Instructure, Inc.
|
|
#
|
|
# This file is part of Canvas.
|
|
#
|
|
# Canvas is free software: you can redistribute it and/or modify it under
|
|
# the terms of the GNU Affero General Public License as published by the Free
|
|
# Software Foundation, version 3 of the License.
|
|
#
|
|
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
|
|
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
|
|
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
|
|
# details.
|
|
#
|
|
# You should have received a copy of the GNU Affero General Public License along
|
|
# with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
#
|
|
|
|
class Account < ActiveRecord::Base
|
|
include Context
|
|
attr_accessible :name, :turnitin_account_id, :turnitin_shared_secret,
|
|
:turnitin_host, :turnitin_comments, :turnitin_pledge,
|
|
:default_time_zone, :parent_account, :settings, :default_storage_quota,
|
|
:default_storage_quota_mb, :storage_quota, :ip_filters, :default_locale,
|
|
:default_user_storage_quota_mb, :default_group_storage_quota_mb
|
|
|
|
include Workflow
|
|
belongs_to :parent_account, :class_name => 'Account'
|
|
belongs_to :root_account, :class_name => 'Account'
|
|
authenticates_many :pseudonym_sessions
|
|
has_many :courses
|
|
has_many :all_courses, :class_name => 'Course', :foreign_key => 'root_account_id'
|
|
has_many :group_categories, :as => :context, :conditions => ['deleted_at IS NULL']
|
|
has_many :all_group_categories, :class_name => 'GroupCategory', :as => :context
|
|
has_many :groups, :as => :context
|
|
has_many :all_groups, :class_name => 'Group', :foreign_key => 'root_account_id'
|
|
has_many :enrollment_terms, :foreign_key => 'root_account_id'
|
|
has_many :enrollments, :foreign_key => 'root_account_id', :conditions => ["enrollments.type != 'StudentViewEnrollment'"]
|
|
has_many :sub_accounts, :class_name => 'Account', :foreign_key => 'parent_account_id', :conditions => ['workflow_state != ?', 'deleted']
|
|
has_many :all_accounts, :class_name => 'Account', :foreign_key => 'root_account_id', :order => 'name'
|
|
has_many :account_users, :dependent => :destroy
|
|
has_many :course_sections, :foreign_key => 'root_account_id'
|
|
has_many :sis_batches
|
|
has_many :abstract_courses, :class_name => 'AbstractCourse', :foreign_key => 'account_id'
|
|
has_many :root_abstract_courses, :class_name => 'AbstractCourse', :foreign_key => 'root_account_id'
|
|
has_many :users, :through => :account_users
|
|
has_many :pseudonyms, :include => :user
|
|
has_many :role_overrides, :as => :context
|
|
has_many :course_account_associations
|
|
has_many :child_courses, :through => :course_account_associations, :source => :course, :conditions => ['course_account_associations.depth = 0']
|
|
has_many :attachments, :as => :context, :dependent => :destroy
|
|
has_many :active_assignments, :as => :context, :class_name => 'Assignment', :conditions => ['assignments.workflow_state != ?', 'deleted']
|
|
has_many :folders, :as => :context, :dependent => :destroy, :order => 'folders.name'
|
|
has_many :active_folders, :class_name => 'Folder', :as => :context, :conditions => ['folders.workflow_state != ?', 'deleted'], :order => 'folders.name'
|
|
has_many :active_folders_with_sub_folders, :class_name => 'Folder', :as => :context, :include => [:active_sub_folders], :conditions => ['folders.workflow_state != ?', 'deleted'], :order => 'folders.name'
|
|
has_many :active_folders_detailed, :class_name => 'Folder', :as => :context, :include => [:active_sub_folders, :active_file_attachments], :conditions => ['folders.workflow_state != ?', 'deleted'], :order => 'folders.name'
|
|
has_many :account_authorization_configs, :order => "position"
|
|
has_many :account_reports
|
|
has_many :grading_standards, :as => :context, :conditions => ['workflow_state != ?', 'deleted']
|
|
has_many :assessment_questions, :through => :assessment_question_banks
|
|
has_many :assessment_question_banks, :as => :context, :include => [:assessment_questions, :assessment_question_bank_users]
|
|
has_many :roles
|
|
has_many :all_roles, :class_name => 'Role', :foreign_key => 'root_account_id'
|
|
has_many :progresses, :as => :context
|
|
def inherited_assessment_question_banks(include_self = false, *additional_contexts)
|
|
sql = []
|
|
conds = []
|
|
contexts = additional_contexts + account_chain
|
|
contexts.delete(self) unless include_self
|
|
contexts.each { |c|
|
|
sql << "context_type = ? AND context_id = ?"
|
|
conds += [c.class.to_s, c.id]
|
|
}
|
|
conds.unshift(sql.join(" OR "))
|
|
AssessmentQuestionBank.where(conds)
|
|
end
|
|
|
|
include LearningOutcomeContext
|
|
include RubricContext
|
|
|
|
has_many :context_external_tools, :as => :context, :dependent => :destroy, :order => 'name'
|
|
has_many :error_reports
|
|
has_many :announcements, :class_name => 'AccountNotification'
|
|
has_many :alerts, :as => :context, :include => :criteria
|
|
has_many :user_account_associations
|
|
has_many :report_snapshots
|
|
|
|
before_validation :verify_unique_sis_source_id
|
|
before_save :ensure_defaults
|
|
before_save :set_update_account_associations_if_changed
|
|
after_save :update_account_associations_if_changed
|
|
after_create :default_enrollment_term
|
|
|
|
serialize :settings, Hash
|
|
include TimeZoneHelper
|
|
time_zone_attribute :default_time_zone, default: "America/Denver"
|
|
|
|
validates_locale :default_locale, :allow_nil => true
|
|
validates_length_of :name, :maximum => maximum_string_length, :allow_blank => true
|
|
validate :account_chain_loop, :if => :parent_account_id_changed?
|
|
validate :validate_auth_discovery_url
|
|
|
|
include StickySisFields
|
|
are_sis_sticky :name
|
|
|
|
def default_locale(recurse = false)
|
|
read_attribute(:default_locale) ||
|
|
(recurse && parent_account ? parent_account.default_locale(true) : nil)
|
|
end
|
|
|
|
cattr_accessor :account_settings_options
|
|
self.account_settings_options = {}
|
|
|
|
# I figure we're probably going to be adding more account-level
|
|
# settings in the future (and moving some of the column attributes
|
|
# to the settings hash), so it makes sense to have a general way
|
|
# of defining what settings are allowed when. Somebody please tell
|
|
# me if I'm overarchitecting...
|
|
def self.add_setting(setting, opts=nil)
|
|
self.account_settings_options[setting.to_sym] = opts || {}
|
|
if (opts && opts[:boolean] && opts.has_key?(:default))
|
|
if opts[:default]
|
|
self.class_eval "def #{setting}?; settings[:#{setting}] != false; end"
|
|
else
|
|
self.class_eval "def #{setting}?; !!settings[:#{setting}]; end"
|
|
end
|
|
end
|
|
end
|
|
|
|
# these settings either are or could be easily added to
|
|
# the account settings page
|
|
add_setting :global_includes, :root_only => true, :boolean => true, :default => false
|
|
add_setting :global_javascript, :condition => :allow_global_includes
|
|
add_setting :global_stylesheet, :condition => :allow_global_includes
|
|
add_setting :sub_account_includes, :condition => :allow_global_includes, :boolean => true, :default => false
|
|
add_setting :error_reporting, :hash => true, :values => [:action, :email, :url, :subject_param, :body_param], :root_only => true
|
|
add_setting :custom_help_links, :root_only => true
|
|
add_setting :prevent_course_renaming_by_teachers, :boolean => true, :root_only => true
|
|
add_setting :restrict_student_future_view, :boolean => true, :root_only => true, :default => false
|
|
add_setting :teachers_can_create_courses, :boolean => true, :root_only => true, :default => false
|
|
add_setting :students_can_create_courses, :boolean => true, :root_only => true, :default => false
|
|
add_setting :no_enrollments_can_create_courses, :boolean => true, :root_only => true, :default => false
|
|
add_setting :allow_sending_scores_in_emails, :boolean => true, :root_only => true
|
|
add_setting :support_url, :root_only => true
|
|
add_setting :self_enrollment
|
|
add_setting :equella_endpoint
|
|
add_setting :equella_teaser
|
|
add_setting :enable_alerts, :boolean => true, :root_only => true
|
|
add_setting :enable_eportfolios, :boolean => true, :root_only => true
|
|
add_setting :users_can_edit_name, :boolean => true, :root_only => true
|
|
add_setting :open_registration, :boolean => true, :root_only => true
|
|
add_setting :enable_scheduler, :boolean => true, :root_only => true, :default => false
|
|
add_setting :enable_draft, :boolean => true, :root_only => true, :default => false
|
|
add_setting :allow_draft, :boolean => true, :root_only => true, :default => false
|
|
add_setting :calendar2_only, :boolean => true, :root_only => true, :default => false
|
|
add_setting :show_scheduler, :boolean => true, :root_only => true, :default => false
|
|
add_setting :enable_profiles, :boolean => true, :root_only => true, :default => false
|
|
add_setting :mfa_settings, :root_only => true
|
|
add_setting :canvas_authentication, :boolean => true, :root_only => true
|
|
add_setting :admins_can_change_passwords, :boolean => true, :root_only => true, :default => false
|
|
add_setting :admins_can_view_notifications, :boolean => true, :root_only => true, :default => false
|
|
add_setting :outgoing_email_default_name
|
|
add_setting :external_notification_warning, :boolean => true, :default => false
|
|
# Terms of Use and Privacy Policy settings for the root account
|
|
add_setting :terms_changed_at, :root_only => true
|
|
# When a user is invited to a course, do we let them see a preview of the
|
|
# course even without registering? This is part of the free-for-teacher
|
|
# account perks, since anyone can invite anyone to join any course, and it'd
|
|
# be nice to be able to see the course first if you weren't expecting the
|
|
# invitation.
|
|
add_setting :allow_invitation_previews, :boolean => true, :root_only => true, :default => false
|
|
add_setting :self_registration, :boolean => true, :root_only => true, :default => false
|
|
add_setting :large_course_rosters, :boolean => true, :root_only => true, :default => false
|
|
add_setting :edit_institution_email, :boolean => true, :root_only => true, :default => true
|
|
|
|
def settings=(hash)
|
|
if hash.is_a?(Hash)
|
|
hash.each do |key, val|
|
|
if account_settings_options && account_settings_options[key.to_sym]
|
|
opts = account_settings_options[key.to_sym]
|
|
if (opts[:root_only] && !self.root_account?) || (opts[:condition] && !self.send("#{opts[:condition]}?".to_sym))
|
|
settings.delete key.to_sym
|
|
elsif opts[:boolean]
|
|
settings[key.to_sym] = (val == true || val == 'true' || val == '1' || val == 'on')
|
|
elsif opts[:hash]
|
|
new_hash = {}
|
|
if val.is_a?(Hash)
|
|
val.each do |inner_key, inner_val|
|
|
if opts[:values].include?(inner_key.to_sym)
|
|
new_hash[inner_key.to_sym] = inner_val.to_s
|
|
end
|
|
end
|
|
end
|
|
settings[key.to_sym] = new_hash.empty? ? nil : new_hash
|
|
else
|
|
settings[key.to_sym] = val.to_s
|
|
end
|
|
end
|
|
end
|
|
end
|
|
settings
|
|
end
|
|
|
|
def allow_global_includes?
|
|
self.global_includes? || self.parent_account.try(:sub_account_includes?)
|
|
end
|
|
|
|
def global_includes_hash
|
|
includes = {}
|
|
if allow_global_includes?
|
|
includes = {}
|
|
includes[:js] = settings[:global_javascript] if settings[:global_javascript].present?
|
|
includes[:css] = settings[:global_stylesheet] if settings[:global_stylesheet].present?
|
|
end
|
|
includes.present? ? includes : nil
|
|
end
|
|
|
|
def mfa_settings
|
|
settings[:mfa_settings].try(:to_sym) || :disabled
|
|
end
|
|
|
|
def canvas_authentication?
|
|
settings[:canvas_authentication] != false || !self.account_authorization_config
|
|
end
|
|
|
|
def open_registration?
|
|
!!settings[:open_registration] && canvas_authentication?
|
|
end
|
|
|
|
def self_registration?
|
|
!!settings[:self_registration] && canvas_authentication?
|
|
end
|
|
|
|
def terms_of_use_url
|
|
Setting.get_cached('terms_of_use_url', 'http://www.instructure.com/policies/terms-of-use')
|
|
end
|
|
|
|
def privacy_policy_url
|
|
Setting.get_cached('privacy_policy_url', 'http://www.instructure.com/policies/privacy-policy-instructure')
|
|
end
|
|
|
|
def terms_required?
|
|
Setting.get_cached('terms_required', 'true') == 'true'
|
|
end
|
|
|
|
def require_acceptance_of_terms?(user)
|
|
return false if !terms_required?
|
|
return true if user.nil? || user.new_record?
|
|
terms_changed_at = settings[:terms_changed_at]
|
|
last_accepted = user.preferences[:accepted_terms]
|
|
return false if terms_changed_at.nil? && user.registered? # make sure existing users are grandfathered in
|
|
return false if last_accepted && (terms_changed_at.nil? || last_accepted > terms_changed_at)
|
|
true
|
|
end
|
|
|
|
def ip_filters=(params)
|
|
filters = {}
|
|
require 'ipaddr'
|
|
params.each do |key, str|
|
|
ips = []
|
|
vals = str.split(/,/)
|
|
vals.each do |val|
|
|
ip = IPAddr.new(val) rescue nil
|
|
# right now the ip_filter column on quizzes is just a string,
|
|
# so it has a max length. I figure whatever we set it to this
|
|
# setter should at the very least limit stored values to that
|
|
# length.
|
|
ips << val if ip && val.length <= 255
|
|
end
|
|
filters[key] = ips.join(',') unless ips.empty?
|
|
end
|
|
settings[:ip_filters] = filters
|
|
end
|
|
|
|
def ensure_defaults
|
|
self.uuid ||= AutoHandle.generate_securish_uuid
|
|
self.lti_guid ||= self.uuid if self.respond_to?(:lti_guid)
|
|
end
|
|
|
|
def verify_unique_sis_source_id
|
|
return true unless self.sis_source_id
|
|
if self.root_account?
|
|
self.errors.add(:sis_source_id, t('#account.root_account_cant_have_sis_id', "SIS IDs cannot be set on root accounts"))
|
|
return false
|
|
end
|
|
|
|
root = self.root_account
|
|
existing_account = Account.find_by_root_account_id_and_sis_source_id(root.id, self.sis_source_id)
|
|
|
|
return true if !existing_account || existing_account.id == self.id
|
|
|
|
self.errors.add(:sis_source_id, t('#account.sis_id_in_use', "SIS ID \"%{sis_id}\" is already in use", :sis_id => self.sis_source_id))
|
|
false
|
|
end
|
|
|
|
def set_update_account_associations_if_changed
|
|
self.root_account_id ||= self.parent_account.root_account_id if self.parent_account
|
|
self.root_account_id ||= self.parent_account_id
|
|
self.parent_account_id ||= self.root_account_id
|
|
Account.invalidate_cache(self.id) if self.id
|
|
@should_update_account_associations = self.parent_account_id_changed? || self.root_account_id_changed?
|
|
true
|
|
end
|
|
|
|
def update_account_associations_if_changed
|
|
send_later_if_production(:update_account_associations) if @should_update_account_associations
|
|
end
|
|
|
|
def equella_settings
|
|
endpoint = self.settings[:equella_endpoint] || self.equella_endpoint
|
|
if !endpoint.blank?
|
|
OpenObject.new({
|
|
:endpoint => endpoint,
|
|
:default_action => self.settings[:equella_action] || 'selectOrAdd',
|
|
:teaser => self.settings[:equella_teaser]
|
|
})
|
|
else
|
|
nil
|
|
end
|
|
end
|
|
|
|
def settings
|
|
result = self.read_attribute(:settings)
|
|
return result if result
|
|
return write_attribute(:settings, {}) unless frozen?
|
|
{}.freeze
|
|
end
|
|
|
|
def domain
|
|
HostUrl.context_host(self)
|
|
end
|
|
|
|
def root_account?
|
|
!self.root_account_id
|
|
end
|
|
|
|
def root_account_with_self
|
|
return self if self.root_account?
|
|
root_account_without_self
|
|
end
|
|
alias_method_chain :root_account, :self
|
|
|
|
def sub_accounts_as_options(indent = 0, preloaded_accounts = nil)
|
|
unless preloaded_accounts
|
|
preloaded_accounts = {}
|
|
self.root_account.all_accounts.active.each do |account|
|
|
(preloaded_accounts[account.parent_account_id] ||= []) << account
|
|
end
|
|
end
|
|
res = [[(" " * indent).html_safe + self.name, self.id]]
|
|
if preloaded_accounts[self.id]
|
|
preloaded_accounts[self.id].each do |account|
|
|
res += account.sub_accounts_as_options(indent + 1, preloaded_accounts)
|
|
end
|
|
end
|
|
res
|
|
end
|
|
|
|
def users_visible_to(user)
|
|
self.grants_right?(user, nil, :read) ? self.all_users : self.all_users.where("?", false)
|
|
end
|
|
|
|
def users_name_like(query="")
|
|
@cached_users_name_like ||= {}
|
|
@cached_users_name_like[query] ||= self.fast_all_users.name_like(query)
|
|
end
|
|
|
|
def associated_courses
|
|
Course.shard(shard).where("EXISTS (SELECT 1 FROM course_account_associations WHERE course_id=courses.id AND account_id=?)", self)
|
|
end
|
|
|
|
def fast_course_base(opts)
|
|
columns = "courses.id, courses.name, courses.workflow_state, courses.course_code, courses.sis_source_id, courses.enrollment_term_id"
|
|
associated_courses = self.associated_courses.active
|
|
associated_courses = associated_courses.with_enrollments if opts[:hide_enrollmentless_courses]
|
|
associated_courses = associated_courses.for_term(opts[:term]) if opts[:term].present?
|
|
associated_courses = yield associated_courses if block_given?
|
|
associated_courses.limit(opts[:limit]).active_first.select(columns).all
|
|
end
|
|
|
|
def fast_all_courses(opts={})
|
|
@cached_fast_all_courses ||= {}
|
|
@cached_fast_all_courses[opts] ||= self.fast_course_base(opts)
|
|
end
|
|
|
|
def all_users(limit=250)
|
|
@cached_all_users ||= {}
|
|
@cached_all_users[limit] ||= User.of_account(self).limit(limit)
|
|
end
|
|
|
|
def fast_all_users(limit=nil)
|
|
@cached_fast_all_users ||= {}
|
|
@cached_fast_all_users[limit] ||= self.all_users(limit).active.select("users.id, users.name, users.sortable_name").order_by_sortable_name
|
|
end
|
|
|
|
def users_not_in_groups_sql(groups, opts={})
|
|
["SELECT users.id, users.name
|
|
FROM users
|
|
INNER JOIN user_account_associations uaa on uaa.user_id = users.id
|
|
WHERE uaa.account_id = ? AND users.workflow_state != 'deleted'
|
|
#{Group.not_in_group_sql_fragment(groups)}
|
|
#{"ORDER BY #{opts[:order_by]}" if opts[:order_by].present?}", self.id]
|
|
end
|
|
|
|
def users_not_in_groups(groups)
|
|
User.find_by_sql(users_not_in_groups_sql(groups))
|
|
end
|
|
|
|
def paginate_users_not_in_groups(groups, page, per_page = 15)
|
|
User.paginate_by_sql(users_not_in_groups_sql(groups, :order_by => "#{User.sortable_name_order_by_clause('users')} ASC"),
|
|
:page => page, :per_page => per_page)
|
|
end
|
|
|
|
def courses_name_like(query="", opts={})
|
|
opts[:limit] ||= 200
|
|
@cached_courses_name_like ||= {}
|
|
@cached_courses_name_like[[query, opts]] ||= self.fast_course_base(opts) {|q| q.name_like(query)}
|
|
end
|
|
|
|
def self_enrollment_course_for(code)
|
|
all_courses.
|
|
where(:self_enrollment_code => code).
|
|
first
|
|
end
|
|
|
|
def file_namespace
|
|
Shard.birth.activate { "account_#{self.root_account.id}" }
|
|
end
|
|
|
|
def self.account_lookup_cache_key(id)
|
|
['_account_lookup2', id].cache_key
|
|
end
|
|
|
|
def self.invalidate_cache(id)
|
|
Rails.cache.delete(account_lookup_cache_key(id)) if id
|
|
rescue
|
|
nil
|
|
end
|
|
|
|
def quota
|
|
Rails.cache.fetch(['current_quota', self].cache_key) do
|
|
read_attribute(:storage_quota) ||
|
|
(self.parent_account.default_storage_quota rescue nil) ||
|
|
Setting.get_cached('account_default_quota', 500.megabytes.to_s).to_i
|
|
end
|
|
end
|
|
|
|
def default_storage_quota
|
|
read_attribute(:default_storage_quota) ||
|
|
(self.parent_account.default_storage_quota rescue nil) ||
|
|
Setting.get_cached('account_default_quota', 500.megabytes.to_s).to_i
|
|
end
|
|
|
|
def default_storage_quota_mb
|
|
default_storage_quota / 1.megabyte
|
|
end
|
|
|
|
def default_storage_quota_mb=(val)
|
|
self.default_storage_quota = val.try(:to_i).try(:megabytes)
|
|
end
|
|
|
|
def default_storage_quota=(val)
|
|
val = val.to_f
|
|
val = nil if val <= 0
|
|
# If the value is the same as the inherited value, then go
|
|
# ahead and blank it so it keeps using the inherited value
|
|
if parent_account && parent_account.default_storage_quota == val
|
|
val = nil
|
|
end
|
|
write_attribute(:default_storage_quota, val)
|
|
end
|
|
|
|
def default_user_storage_quota
|
|
read_attribute(:default_user_storage_quota) ||
|
|
User.default_storage_quota
|
|
end
|
|
|
|
def default_user_storage_quota=(val)
|
|
val = val.to_i
|
|
val = nil if val == User.default_storage_quota || val <= 0
|
|
write_attribute(:default_user_storage_quota, val)
|
|
end
|
|
|
|
def default_user_storage_quota_mb
|
|
default_user_storage_quota / 1.megabyte
|
|
end
|
|
|
|
def default_user_storage_quota_mb=(val)
|
|
self.default_user_storage_quota = val.try(:to_i).try(:megabytes)
|
|
end
|
|
|
|
def default_group_storage_quota
|
|
read_attribute(:default_group_storage_quota) ||
|
|
Group.default_storage_quota
|
|
end
|
|
|
|
def default_group_storage_quota=(val)
|
|
val = val.to_i
|
|
val = nil if val == Group.default_storage_quota || val <= 0
|
|
write_attribute(:default_group_storage_quota, val)
|
|
end
|
|
|
|
def default_group_storage_quota_mb
|
|
default_group_storage_quota / 1.megabyte
|
|
end
|
|
|
|
def default_group_storage_quota_mb=(val)
|
|
self.default_group_storage_quota = val.try(:to_i).try(:megabytes)
|
|
end
|
|
|
|
def turnitin_shared_secret=(secret)
|
|
return if secret.blank?
|
|
self.turnitin_crypted_secret, self.turnitin_salt = Canvas::Security.encrypt_password(secret, 'instructure_turnitin_secret_shared')
|
|
end
|
|
|
|
def turnitin_shared_secret
|
|
return nil unless self.turnitin_salt && self.turnitin_crypted_secret
|
|
Canvas::Security.decrypt_password(self.turnitin_crypted_secret, self.turnitin_salt, 'instructure_turnitin_secret_shared')
|
|
end
|
|
|
|
def account_chain(opts = {})
|
|
res = [self]
|
|
|
|
if ActiveRecord::Base.configurations[Rails.env]['adapter'] == 'postgresql'
|
|
self.shard.activate do
|
|
res.concat Account.find_by_sql(<<-SQL) if self.parent_account_id
|
|
WITH RECURSIVE t AS (
|
|
SELECT * FROM accounts WHERE id=#{self.parent_account_id}
|
|
UNION
|
|
SELECT accounts.* FROM accounts INNER JOIN t ON accounts.id=t.parent_account_id
|
|
)
|
|
SELECT * FROM t
|
|
SQL
|
|
end
|
|
else
|
|
account = self
|
|
while account.parent_account
|
|
account = account.parent_account
|
|
res << account
|
|
end
|
|
end
|
|
res << self.root_account unless res.map(&:id).include?(self.root_account_id)
|
|
res << Account.site_admin if opts[:include_site_admin] && !self.site_admin?
|
|
res.compact
|
|
end
|
|
|
|
def account_chain_loop
|
|
# this record hasn't been saved to the db yet, so if the the chain includes
|
|
# this account, it won't point to the new parent yet, and should still be
|
|
# valid
|
|
if self.parent_account.account_chain_ids.include?(self.id)
|
|
errors.add(:parent_account_id,
|
|
"Setting account #{self.sis_source_id || self.id}'s parent to #{self.parent_account.sis_source_id || self.parent_account_id} would create a loop")
|
|
end
|
|
end
|
|
|
|
# returns all sub_accounts recursively as far down as they go, in id order
|
|
# because this uses a custom sql query for postgresql, we can't use a normal
|
|
# named scope, so we pass the limit and offset into the method instead and
|
|
# build our own query string
|
|
def sub_accounts_recursive(limit, offset)
|
|
if ActiveRecord::Base.configurations[Rails.env]['adapter'] == 'postgresql'
|
|
Account.find_by_sql([<<-SQL, self.id, limit.to_i, offset.to_i])
|
|
WITH RECURSIVE t AS (
|
|
SELECT * FROM accounts
|
|
WHERE parent_account_id = ? AND workflow_state <>'deleted'
|
|
UNION
|
|
SELECT accounts.* FROM accounts
|
|
INNER JOIN t ON accounts.parent_account_id = t.id
|
|
WHERE accounts.workflow_state <>'deleted'
|
|
)
|
|
SELECT * FROM t ORDER BY parent_account_id, id LIMIT ? OFFSET ?
|
|
SQL
|
|
else
|
|
account_descendents = lambda do |id|
|
|
as = Account.where(:parent_account_id => id).active.order(:id)
|
|
as.empty? ?
|
|
[] :
|
|
as << as.map { |a| account_descendents.call(a.id) }
|
|
end
|
|
account_descendents.call(id).flatten[offset, limit]
|
|
end
|
|
end
|
|
|
|
def associated_accounts
|
|
self.account_chain
|
|
end
|
|
|
|
def account_chain_ids(opts={})
|
|
account_chain(opts).map(&:id)
|
|
end
|
|
memoize :account_chain_ids
|
|
|
|
def membership_for_user(user)
|
|
self.account_users.find_by_user_id(user && user.id)
|
|
end
|
|
|
|
def available_custom_account_roles
|
|
account_roles = roles.for_accounts.active
|
|
account_roles |= self.parent_account.available_custom_account_roles if self.parent_account
|
|
account_roles
|
|
end
|
|
|
|
def available_account_roles
|
|
account_roles = roles.for_accounts.active.map(&:name)
|
|
account_roles |= ['AccountAdmin']
|
|
account_roles |= self.parent_account.available_account_roles if self.parent_account
|
|
account_roles
|
|
end
|
|
|
|
def available_course_roles(include_inactive=false)
|
|
available_course_roles_by_name(include_inactive).keys
|
|
end
|
|
|
|
def available_course_roles_by_name(include_inactive=false)
|
|
scope = include_inactive ? roles.for_courses.not_deleted : roles.for_courses.active
|
|
role_map = {}
|
|
scope.each { |role| role_map[role.name] = role }
|
|
role_map.reverse_merge!(parent_account.available_course_roles_by_name(include_inactive)) if parent_account
|
|
role_map
|
|
end
|
|
|
|
def get_course_role(role_name)
|
|
course_role = self.roles.for_courses.not_deleted.find_by_name(role_name)
|
|
course_role ||= self.parent_account.get_course_role(role_name) if self.parent_account
|
|
course_role
|
|
end
|
|
|
|
def has_role?(role_name)
|
|
!!roles.not_deleted.where(:roles => { :name => role_name}).first
|
|
end
|
|
|
|
def find_role(role_name)
|
|
roles.not_deleted.find_by_name(role_name) || (parent_account && parent_account.find_role(role_name))
|
|
end
|
|
|
|
def account_authorization_config
|
|
# We support multiple auth configs per account, but several places we assume there is only one.
|
|
# This is for compatibility with those areas. TODO: migrate everything to supporting multiple
|
|
# auth configs
|
|
self.account_authorization_configs.first
|
|
end
|
|
|
|
def login_handle_name_is_customized?
|
|
self.account_authorization_config && self.account_authorization_config.login_handle_name.present?
|
|
end
|
|
|
|
def login_handle_name
|
|
login_handle_name_is_customized? ? self.account_authorization_config.login_handle_name :
|
|
(self.delegated_authentication? ? AccountAuthorizationConfig.default_delegated_login_handle_name :
|
|
AccountAuthorizationConfig.default_login_handle_name)
|
|
end
|
|
|
|
def self_and_all_sub_accounts
|
|
@self_and_all_sub_accounts ||= Account.where("root_account_id=? OR parent_account_id=?", self, self).pluck(:id).uniq + [self.id]
|
|
end
|
|
|
|
workflow do
|
|
state :active
|
|
state :deleted
|
|
end
|
|
|
|
def account_users_for(user)
|
|
return [] unless user
|
|
@account_users_cache ||= {}
|
|
if self == Account.site_admin
|
|
@account_users_cache[user] ||= Rails.cache.fetch('all_site_admin_account_users', :expires_in => 30.minutes) do
|
|
self.account_users.all
|
|
end.select { |au| au.user_id == user.id }.each { |au| au.account = self }
|
|
else
|
|
@account_chain_ids ||= self.account_chain(:include_site_admin => true).map { |a| a.active? ? a.id : nil }.compact
|
|
@account_users_cache[user] ||= Shard.partition_by_shard(@account_chain_ids) do |account_chain_ids|
|
|
if account_chain_ids == [Account.site_admin.id]
|
|
Account.site_admin.account_users_for(user)
|
|
else
|
|
AccountUser.where(:account_id => account_chain_ids, :user_id => user).all
|
|
end
|
|
end
|
|
end
|
|
@account_users_cache[user] ||= []
|
|
@account_users_cache[user]
|
|
end
|
|
|
|
# returns all account users for this entire account tree
|
|
def all_account_users_for(user)
|
|
raise "must be a root account" unless self.root_account?
|
|
Shard.partition_by_shard([self, Account.site_admin].uniq) do |accounts|
|
|
AccountUser.includes(:account).joins(:account).where("user_id=? AND (root_account_id IN (?) OR account_id IN (?))", user, accounts, accounts)
|
|
end
|
|
end
|
|
|
|
set_policy do
|
|
enrollment_types = RoleOverride.enrollment_types.map { |role| role[:name] }
|
|
RoleOverride.permissions.each do |permission, details|
|
|
given { |user| self.account_users_for(user).any? { |au| au.has_permission_to?(self, permission) && (!details[:if] || send(details[:if])) } }
|
|
can permission
|
|
can :create_courses if permission == :manage_courses
|
|
|
|
next unless details[:account_only]
|
|
((details[:available_to] | details[:true_for]) & enrollment_types).each do |role|
|
|
given { |user| user && RoleOverride.permission_for(self, permission, role)[:enabled] &&
|
|
self.course_account_associations.joins('INNER JOIN enrollments ON course_account_associations.course_id=enrollments.course_id').
|
|
where("enrollments.type=? AND enrollments.workflow_state IN ('active', 'completed') AND user_id=?", role, user).first &&
|
|
(!details[:if] || send(details[:if])) }
|
|
can permission
|
|
end
|
|
end
|
|
|
|
given { |user| !self.account_users_for(user).empty? }
|
|
can :read and can :manage and can :update and can :delete and can :read_outcomes
|
|
|
|
given { |user|
|
|
result = false
|
|
|
|
if !site_admin? && user
|
|
scope = user.enrollments.where(:root_account_id => root_account).where("enrollments.workflow_state<>'deleted'")
|
|
result = root_account.teachers_can_create_courses? &&
|
|
scope.where(:type => ['TeacherEnrollment', 'DesignerEnrollment']).exists?
|
|
result ||= root_account.students_can_create_courses? &&
|
|
scope.where(:type => ['StudentEnrollment', 'ObserverEnrollment']).exists?
|
|
result ||= root_account.no_enrollments_can_create_courses? &&
|
|
!scope.exists?
|
|
end
|
|
|
|
result
|
|
}
|
|
can :create_courses
|
|
|
|
# any logged in user can read global outcomes, but must be checked against the site admin
|
|
given{ |user,session| self.site_admin? && user }
|
|
can :read_global_outcomes
|
|
|
|
# any user with an association to this account can read the outcomes in the account
|
|
given{ |user,session| user && self.user_account_associations.find_by_user_id(user.id) }
|
|
can :read_outcomes
|
|
end
|
|
|
|
alias_method :destroy!, :destroy
|
|
def destroy
|
|
self.workflow_state = 'deleted'
|
|
self.deleted_at = Time.now
|
|
save!
|
|
end
|
|
|
|
def to_atom
|
|
Atom::Entry.new do |entry|
|
|
entry.title = self.name
|
|
entry.updated = self.updated_at
|
|
entry.published = self.created_at
|
|
entry.links << Atom::Link.new(:rel => 'alternate',
|
|
:href => "/accounts/#{self.id}")
|
|
end
|
|
end
|
|
|
|
def default_enrollment_term
|
|
return @default_enrollment_term if @default_enrollment_term
|
|
if self.root_account?
|
|
@default_enrollment_term = self.enrollment_terms.active.find_or_create_by_name(EnrollmentTerm::DEFAULT_TERM_NAME)
|
|
end
|
|
end
|
|
|
|
def add_user(user, membership_type = nil)
|
|
return nil unless user && user.is_a?(User)
|
|
membership_type ||= 'AccountAdmin'
|
|
au = self.account_users.find_by_user_id_and_membership_type(user.id, membership_type)
|
|
au ||= self.account_users.create(:user => user, :membership_type => membership_type)
|
|
end
|
|
|
|
def context_code
|
|
raise "DONT USE THIS, use .short_name instead" unless Rails.env.production?
|
|
end
|
|
|
|
def short_name
|
|
name
|
|
end
|
|
|
|
# can be set/overridden by plugin to enforce email pseudonyms
|
|
attr_accessor :email_pseudonyms
|
|
|
|
def password_policy
|
|
Canvas::PasswordPolicy.default_policy.merge(settings[:password_policy] || {})
|
|
end
|
|
|
|
def password_authentication?
|
|
!!(!self.account_authorization_config || self.account_authorization_config.password_authentication?)
|
|
end
|
|
|
|
def delegated_authentication?
|
|
!canvas_authentication? || !!(self.account_authorization_config && self.account_authorization_config.delegated_authentication?)
|
|
end
|
|
|
|
def forgot_password_external_url
|
|
account_authorization_config.try(:change_password_url)
|
|
end
|
|
|
|
def cas_authentication?
|
|
!!(self.account_authorization_config && self.account_authorization_config.cas_authentication?)
|
|
end
|
|
|
|
def ldap_authentication?
|
|
self.account_authorization_configs.any? { |aac| aac.ldap_authentication? }
|
|
end
|
|
|
|
def saml_authentication?
|
|
!!(self.account_authorization_config && self.account_authorization_config.saml_authentication?) && AccountAuthorizationConfig.saml_enabled
|
|
end
|
|
|
|
def multi_auth?
|
|
self.account_authorization_configs.count > 1
|
|
end
|
|
|
|
def auth_discovery_url=(url)
|
|
self.settings[:auth_discovery_url] = url
|
|
end
|
|
|
|
def auth_discovery_url
|
|
self.settings[:auth_discovery_url]
|
|
end
|
|
|
|
def validate_auth_discovery_url
|
|
return if self.settings[:auth_discovery_url].blank?
|
|
|
|
begin
|
|
value, uri = CustomValidations.validate_url(self.settings[:auth_discovery_url])
|
|
self.auth_discovery_url = value
|
|
rescue URI::InvalidURIError, ArgumentError
|
|
errors.add(:discovery_url, t('errors.invalid_discovery_url', "The discovery URL is not valid" ))
|
|
end
|
|
end
|
|
|
|
def find_courses(string)
|
|
self.all_courses.select{|c| c.name.match(string) }
|
|
end
|
|
|
|
def find_users(string)
|
|
self.pseudonyms.map{|p| p.user }.select{|u| u.name.match(string) }
|
|
end
|
|
|
|
def self.site_admin
|
|
get_special_account(:site_admin, 'Site Admin')
|
|
end
|
|
|
|
def self.default
|
|
get_special_account(:default, 'Default Account')
|
|
end
|
|
|
|
def self.clear_special_account_cache!
|
|
@special_accounts = {}
|
|
end
|
|
|
|
# an opportunity for plugins to load some other stuff up before caching the account
|
|
def precache
|
|
end
|
|
|
|
def self.find_cached(id)
|
|
account = Rails.cache.fetch(account_lookup_cache_key(id), :expires_in => 1.hour) do
|
|
account = Account.find_by_id(id)
|
|
account.precache if account
|
|
account || :nil
|
|
end
|
|
account = nil if account == :nil
|
|
account
|
|
end
|
|
|
|
def self.get_special_account(special_account_type, default_account_name)
|
|
Shard.birth.activate do
|
|
@special_account_ids ||= {}
|
|
@special_accounts ||= {}
|
|
|
|
account = @special_accounts[special_account_type]
|
|
unless account
|
|
special_account_id = @special_account_ids[special_account_type] ||= Setting.get("#{special_account_type}_account_id", nil)
|
|
account = @special_accounts[special_account_type] = Account.find_cached(special_account_id) if special_account_id
|
|
end
|
|
# another process (i.e. selenium spec) may have changed the setting
|
|
unless account
|
|
special_account_id = Setting.get("#{special_account_type}_account_id", nil)
|
|
if special_account_id && special_account_id != @special_account_ids[special_account_type]
|
|
@special_account_ids[special_account_type] = special_account_id
|
|
account = @special_accounts[special_account_type] = Account.find_by_id(special_account_id)
|
|
end
|
|
end
|
|
if !account && default_account_name
|
|
# TODO i18n
|
|
t '#account.default_site_administrator_account_name', 'Site Admin'
|
|
t '#account.default_account_name', 'Default Account'
|
|
account = @special_accounts[special_account_type] = Account.new(:name => default_account_name)
|
|
account.save!
|
|
Setting.set("#{special_account_type}_account_id", account.id)
|
|
@special_account_ids[special_account_type] = account.id
|
|
end
|
|
account
|
|
end
|
|
end
|
|
|
|
def site_admin?
|
|
self == Account.site_admin
|
|
end
|
|
|
|
def display_name
|
|
self.name
|
|
end
|
|
|
|
# Updates account associations for all the courses and users associated with this account
|
|
def update_account_associations
|
|
self.shard.activate do
|
|
account_chain_cache = {}
|
|
all_user_ids = Set.new
|
|
|
|
# make sure to use the non-associated_courses associations
|
|
# to catch courses that didn't ever have an association created
|
|
scopes = if root_account?
|
|
[all_courses,
|
|
associated_courses.
|
|
where("root_account_id<>?", self)]
|
|
else
|
|
[courses,
|
|
associated_courses.
|
|
where("courses.account_id<>?", self)]
|
|
end
|
|
# match the "batch" size in Course.update_account_associations
|
|
scopes.each do |scope|
|
|
scope.select([:id, :account_id]).find_in_batches(:batch_size => 500) do |courses|
|
|
all_user_ids.merge Course.update_account_associations(courses, :skip_user_account_associations => true, :account_chain_cache => account_chain_cache)
|
|
end
|
|
end
|
|
|
|
# Make sure we have all users with existing account associations.
|
|
all_user_ids.merge self.user_account_associations.pluck(:user_id)
|
|
if root_account?
|
|
all_user_ids.merge self.pseudonyms.active.pluck(:user_id)
|
|
end
|
|
|
|
# Update the users' associations as well
|
|
User.update_account_associations(all_user_ids.to_a, :account_chain_cache => account_chain_cache)
|
|
end
|
|
end
|
|
|
|
# this will take an account and make it a sub_account of
|
|
# itself. Also updates all it's descendant accounts to point to
|
|
# the correct root account, and updates the pseudonyms to
|
|
# points to the new root account as well.
|
|
def consume_account(account)
|
|
account.all_accounts.each do |sub_account|
|
|
sub_account.root_account = self.root_account
|
|
sub_account.save!
|
|
end
|
|
account.parent_account = self
|
|
account.root_account = self.root_account
|
|
account.save!
|
|
account.pseudonyms.each do |pseudonym|
|
|
pseudonym.account = self.root_account
|
|
pseudonym.save!
|
|
end
|
|
end
|
|
|
|
def course_count
|
|
self.child_courses.not_deleted.count('DISTINCT course_id')
|
|
end
|
|
memoize :course_count
|
|
|
|
def sub_account_count
|
|
self.sub_accounts.active.count
|
|
end
|
|
memoize :sub_account_count
|
|
|
|
def user_count
|
|
self.user_account_associations.count
|
|
end
|
|
memoize :user_count
|
|
|
|
def current_sis_batch
|
|
if (current_sis_batch_id = self.read_attribute(:current_sis_batch_id)) && current_sis_batch_id.present?
|
|
self.sis_batches.find_by_id(current_sis_batch_id)
|
|
end
|
|
end
|
|
|
|
def turnitin_settings
|
|
if self.turnitin_account_id.present? && self.turnitin_shared_secret.present?
|
|
[self.turnitin_account_id, self.turnitin_shared_secret, self.turnitin_host]
|
|
else
|
|
self.parent_account.try(:turnitin_settings)
|
|
end
|
|
end
|
|
|
|
def closest_turnitin_pledge
|
|
if self.turnitin_pledge && !self.turnitin_pledge.empty?
|
|
self.turnitin_pledge
|
|
else
|
|
res = self.parent_account.try(:closest_turnitin_pledge)
|
|
res ||= t('#account.turnitin_pledge', "This assignment submission is my own, original work")
|
|
end
|
|
end
|
|
|
|
def closest_turnitin_comments
|
|
if self.turnitin_comments && !self.turnitin_comments.empty?
|
|
self.turnitin_comments
|
|
else
|
|
self.parent_account.try(:closest_turnitin_comments)
|
|
end
|
|
end
|
|
|
|
def self_enrollment_allowed?(course)
|
|
if !settings[:self_enrollment].blank?
|
|
!!(settings[:self_enrollment] == 'any' || (!course.sis_source_id && settings[:self_enrollment] == 'manually_created'))
|
|
else
|
|
!!(parent_account && parent_account.self_enrollment_allowed?(course))
|
|
end
|
|
end
|
|
|
|
TAB_COURSES = 0
|
|
TAB_STATISTICS = 1
|
|
TAB_PERMISSIONS = 2
|
|
TAB_SUB_ACCOUNTS = 3
|
|
TAB_TERMS = 4
|
|
TAB_AUTHENTICATION = 5
|
|
TAB_USERS = 6
|
|
TAB_OUTCOMES = 7
|
|
TAB_RUBRICS = 8
|
|
TAB_SETTINGS = 9
|
|
TAB_FACULTY_JOURNAL = 10
|
|
TAB_SIS_IMPORT = 11
|
|
TAB_GRADING_STANDARDS = 12
|
|
TAB_QUESTION_BANKS = 13
|
|
# site admin tabs
|
|
TAB_PLUGINS = 14
|
|
TAB_JOBS = 15
|
|
TAB_DEVELOPER_KEYS = 16
|
|
TAB_ADMIN_TOOLS = 17
|
|
|
|
def external_tool_tabs(opts)
|
|
tools = ContextExternalTool.active.find_all_for(self, :account_navigation)
|
|
tools.sort_by(&:id).map do |tool|
|
|
{
|
|
:id => tool.asset_string,
|
|
:label => tool.label_for(:account_navigation, opts[:language]),
|
|
:css_class => tool.asset_string,
|
|
:href => :account_external_tool_path,
|
|
:external => true,
|
|
:args => [self.id, tool.id]
|
|
}
|
|
end
|
|
end
|
|
|
|
def tabs_available(user=nil, opts={})
|
|
manage_settings = user && self.grants_right?(user, nil, :manage_account_settings)
|
|
if site_admin?
|
|
tabs = []
|
|
tabs << { :id => TAB_USERS, :label => t('#account.tab_users', "Users"), :css_class => 'users', :href => :account_users_path } if user && self.grants_right?(user, nil, :read_roster)
|
|
tabs << { :id => TAB_PERMISSIONS, :label => t('#account.tab_permissions', "Permissions"), :css_class => 'permissions', :href => :account_permissions_path } if user && self.grants_right?(user, nil, :manage_role_overrides)
|
|
tabs << { :id => TAB_SUB_ACCOUNTS, :label => t('#account.tab_sub_accounts', "Sub-Accounts"), :css_class => 'sub_accounts', :href => :account_sub_accounts_path } if manage_settings
|
|
tabs << { :id => TAB_AUTHENTICATION, :label => t('#account.tab_authentication', "Authentication"), :css_class => 'authentication', :href => :account_account_authorization_configs_path } if manage_settings
|
|
tabs << { :id => TAB_PLUGINS, :label => t("#account.tab_plugins", "Plugins"), :css_class => "plugins", :href => :plugins_path, :no_args => true } if self.grants_right?(user, nil, :manage_site_settings)
|
|
tabs << { :id => TAB_JOBS, :label => t("#account.tab_jobs", "Jobs"), :css_class => "jobs", :href => :jobs_path, :no_args => true } if self.grants_right?(user, nil, :view_jobs)
|
|
tabs << { :id => TAB_DEVELOPER_KEYS, :label => t("#account.tab_developer_keys", "Developer Keys"), :css_class => "developer_keys", :href => :developer_keys_path, :no_args => true } if self.grants_right?(user, nil, :manage_developer_keys)
|
|
else
|
|
tabs = []
|
|
tabs << { :id => TAB_COURSES, :label => t('#account.tab_courses', "Courses"), :css_class => 'courses', :href => :account_path } if user && self.grants_right?(user, nil, :read_course_list)
|
|
tabs << { :id => TAB_USERS, :label => t('#account.tab_users', "Users"), :css_class => 'users', :href => :account_users_path } if user && self.grants_right?(user, nil, :read_roster)
|
|
tabs << { :id => TAB_STATISTICS, :label => t('#account.tab_statistics', "Statistics"), :css_class => 'statistics', :href => :statistics_account_path } if user && self.grants_right?(user, nil, :view_statistics)
|
|
tabs << { :id => TAB_PERMISSIONS, :label => t('#account.tab_permissions', "Permissions"), :css_class => 'permissions', :href => :account_permissions_path } if user && self.grants_right?(user, nil, :manage_role_overrides)
|
|
if user && self.grants_right?(user, nil, :manage_outcomes)
|
|
tabs << { :id => TAB_OUTCOMES, :label => t('#account.tab_outcomes', "Outcomes"), :css_class => 'outcomes', :href => :account_outcomes_path }
|
|
tabs << { :id => TAB_RUBRICS, :label => t('#account.tab_rubrics', "Rubrics"), :css_class => 'rubrics', :href => :account_rubrics_path }
|
|
end
|
|
tabs << { :id => TAB_GRADING_STANDARDS, :label => t('#account.tab_grading_standards', "Grading Schemes"), :css_class => 'grading_standards', :href => :account_grading_standards_path } if user && self.grants_right?(user, nil, :manage_grades)
|
|
tabs << { :id => TAB_QUESTION_BANKS, :label => t('#account.tab_question_banks', "Question Banks"), :css_class => 'question_banks', :href => :account_question_banks_path } if user && self.grants_right?(user, nil, :manage_grades)
|
|
tabs << { :id => TAB_SUB_ACCOUNTS, :label => t('#account.tab_sub_accounts', "Sub-Accounts"), :css_class => 'sub_accounts', :href => :account_sub_accounts_path } if manage_settings
|
|
tabs << { :id => TAB_FACULTY_JOURNAL, :label => t('#account.tab_faculty_journal', "Faculty Journal"), :css_class => 'faculty_journal', :href => :account_user_notes_path} if self.enable_user_notes && user && self.grants_right?(user, nil, :manage_user_notes)
|
|
tabs << { :id => TAB_TERMS, :label => t('#account.tab_terms', "Terms"), :css_class => 'terms', :href => :account_terms_path } if self.root_account? && manage_settings
|
|
tabs << { :id => TAB_AUTHENTICATION, :label => t('#account.tab_authentication', "Authentication"), :css_class => 'authentication', :href => :account_account_authorization_configs_path } if self.root_account? && manage_settings
|
|
tabs << { :id => TAB_SIS_IMPORT, :label => t('#account.tab_sis_import', "SIS Import"), :css_class => 'sis_import', :href => :account_sis_import_path } if self.root_account? && self.allow_sis_import && user && self.grants_right?(user, nil, :manage_sis)
|
|
end
|
|
tabs += external_tool_tabs(opts)
|
|
tabs << { :id => TAB_ADMIN_TOOLS, :label => t('#account.tab_admin_tools', "Admin Tools"), :css_class => 'admin_tools', :href => :account_admin_tools_path } if can_see_admin_tools_tab?(user)
|
|
tabs << { :id => TAB_SETTINGS, :label => t('#account.tab_settings', "Settings"), :css_class => 'settings', :href => :account_settings_path }
|
|
tabs
|
|
end
|
|
|
|
def can_see_admin_tools_tab?(user)
|
|
return false if !user || site_admin?
|
|
admin_tool_permissions = RoleOverride.manageable_permissions(self).find_all{|p| p[1][:admin_tool]}
|
|
admin_tool_permissions.any? do |p|
|
|
self.grants_right?(user, nil, p.first)
|
|
end
|
|
end
|
|
|
|
def is_a_context?
|
|
true
|
|
end
|
|
|
|
def help_links
|
|
Canvas::Help.default_links + (settings[:custom_help_links] || [])
|
|
end
|
|
|
|
def self.allowable_services
|
|
{
|
|
:google_docs => {
|
|
:name => "Google Docs",
|
|
:description => "",
|
|
:expose_to_ui => (GoogleDocs.config ? :service : false)
|
|
},
|
|
:google_docs_previews => {
|
|
:name => "Google Docs Previews",
|
|
:description => "",
|
|
:expose_to_ui => :service
|
|
},
|
|
:facebook => {
|
|
:name => "Facebook",
|
|
:description => "",
|
|
:expose_to_ui => (Facebook.config ? :service : false)
|
|
},
|
|
:skype => {
|
|
:name => "Skype",
|
|
:description => "",
|
|
:expose_to_ui => :service
|
|
},
|
|
:linked_in => {
|
|
:name => "LinkedIn",
|
|
:description => "",
|
|
:expose_to_ui => (LinkedIn.config ? :service : false)
|
|
},
|
|
:twitter => {
|
|
:name => "Twitter",
|
|
:description => "",
|
|
:expose_to_ui => (Twitter.config ? :service : false)
|
|
},
|
|
:delicious => {
|
|
:name => "Delicious",
|
|
:description => "",
|
|
:expose_to_ui => :service
|
|
},
|
|
:diigo => {
|
|
:name => "Diigo",
|
|
:description => "",
|
|
:expose_to_ui => :service
|
|
},
|
|
# TODO: move avatars to :settings hash, it makes more sense there
|
|
# In the meantime, we leave it as a service but expose it in the
|
|
# "Features" (settings) portion of the account admin UI
|
|
:avatars => {
|
|
:name => "User Avatars",
|
|
:description => "",
|
|
:default => false,
|
|
:expose_to_ui => :setting
|
|
},
|
|
:account_survey_notifications => {
|
|
:name => "Account Surveys",
|
|
:description => "",
|
|
:default => false,
|
|
:expose_to_ui => :setting,
|
|
:expose_to_ui_proc => proc { |user, account| user && account && account.grants_right?(user, :manage_site_settings) },
|
|
},
|
|
}.merge(@plugin_services || {}).freeze
|
|
end
|
|
|
|
def self.register_service(service_name, info_hash)
|
|
@plugin_services ||= {}
|
|
@plugin_services[service_name.to_sym] = info_hash.freeze
|
|
end
|
|
|
|
def self.default_allowable_services
|
|
self.allowable_services.reject {|s, info| info[:default] == false }
|
|
end
|
|
|
|
def set_service_availability(service, enable)
|
|
service = service.to_sym
|
|
raise "Invalid Service" unless Account.allowable_services[service]
|
|
allowed_service_names = (self.allowed_services || "").split(",").compact
|
|
if allowed_service_names.count > 0 and not [ '+', '-' ].member?(allowed_service_names[0][0,1])
|
|
# This account has a hard-coded list of services, so handle accordingly
|
|
allowed_service_names.reject! { |flag| flag.match("^[+-]?#{service}$") }
|
|
allowed_service_names << service if enable
|
|
else
|
|
allowed_service_names.reject! { |flag| flag.match("^[+-]?#{service}$") }
|
|
if enable
|
|
# only enable if it is not enabled by default
|
|
allowed_service_names << "+#{service}" unless Account.default_allowable_services[service]
|
|
else
|
|
# only disable if it is not enabled by default
|
|
allowed_service_names << "-#{service}" if Account.default_allowable_services[service]
|
|
end
|
|
end
|
|
|
|
@allowed_services_hash = nil
|
|
self.allowed_services = allowed_service_names.empty? ? nil : allowed_service_names.join(",")
|
|
end
|
|
|
|
def enable_service(service)
|
|
set_service_availability(service, true)
|
|
end
|
|
|
|
def disable_service(service)
|
|
set_service_availability(service, false)
|
|
end
|
|
|
|
def allowed_services_hash
|
|
return @allowed_services_hash if @allowed_services_hash
|
|
account_allowed_services = Account.default_allowable_services
|
|
if self.allowed_services
|
|
allowed_service_names = self.allowed_services.split(",").compact
|
|
|
|
if allowed_service_names.count > 0
|
|
unless [ '+', '-' ].member?(allowed_service_names[0][0,1])
|
|
# This account has a hard-coded list of services, so we clear out the defaults
|
|
account_allowed_services = { }
|
|
end
|
|
|
|
allowed_service_names.each do |service_switch|
|
|
if service_switch =~ /\A([+-]?)(.*)\z/
|
|
flag = $1
|
|
service_name = $2.to_sym
|
|
|
|
if flag == '-'
|
|
account_allowed_services.delete(service_name)
|
|
else
|
|
account_allowed_services[service_name] = Account.allowable_services[service_name]
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
@allowed_services_hash = account_allowed_services
|
|
end
|
|
|
|
# if expose_as is nil, all services exposed in the ui are returned
|
|
# if it's :service or :setting, then only services set to be exposed as that type are returned
|
|
def self.services_exposed_to_ui_hash(expose_as = nil, current_user = nil, account = nil)
|
|
if expose_as
|
|
self.allowable_services.reject { |key, setting| setting[:expose_to_ui] != expose_as }
|
|
else
|
|
self.allowable_services.reject { |key, setting| !setting[:expose_to_ui] }
|
|
end.reject { |key, setting| setting[:expose_to_ui_proc] && !setting[:expose_to_ui_proc].call(current_user, account) }
|
|
end
|
|
|
|
def service_enabled?(service)
|
|
service = service.to_sym
|
|
case service
|
|
when :none
|
|
self.allowed_services_hash.empty?
|
|
else
|
|
self.allowed_services_hash.has_key?(service)
|
|
end
|
|
end
|
|
|
|
def self.all_accounts_for(context)
|
|
if context.respond_to?(:account)
|
|
context.account.account_chain
|
|
elsif context.respond_to?(:parent_account)
|
|
context.account_chain
|
|
else
|
|
[]
|
|
end
|
|
end
|
|
|
|
def self.serialization_excludes; [:uuid]; end
|
|
|
|
# This could be much faster if we implement a SQL tree for the account tree
|
|
# structure.
|
|
def find_child(child_id)
|
|
child_id = child_id.to_i
|
|
child_ids = self.class.connection.select_values("SELECT id FROM accounts WHERE parent_account_id = #{self.id}").map(&:to_i)
|
|
until child_ids.empty?
|
|
if child_ids.include?(child_id)
|
|
return self.class.find(child_id)
|
|
end
|
|
child_ids = self.class.connection.select_values("SELECT id FROM accounts WHERE parent_account_id IN (#{child_ids.join(",")})").map(&:to_i)
|
|
end
|
|
return false
|
|
end
|
|
|
|
def manually_created_courses_account
|
|
return self.root_account.manually_created_courses_account unless self.root_account?
|
|
display_name = t('#account.manually_created_courses', "Manually-Created Courses")
|
|
acct = manually_created_courses_account_from_settings
|
|
if acct.blank?
|
|
transaction do
|
|
lock!
|
|
acct = manually_created_courses_account_from_settings
|
|
acct ||= self.sub_accounts.find_by_name(display_name) # for backwards compatibility
|
|
acct ||= self.sub_accounts.create!(:name => display_name)
|
|
if acct.id != self.settings[:manually_created_courses_account_id]
|
|
self.settings[:manually_created_courses_account_id] = acct.id
|
|
self.save!
|
|
end
|
|
end
|
|
end
|
|
acct
|
|
end
|
|
|
|
def manually_created_courses_account_from_settings
|
|
acct_id = self.settings[:manually_created_courses_account_id]
|
|
acct = self.sub_accounts.find_by_id(acct_id) if acct_id.present?
|
|
acct = nil if acct.present? && acct.root_account_id != self.id
|
|
acct
|
|
end
|
|
private :manually_created_courses_account_from_settings
|
|
|
|
def trusted_account_ids
|
|
return [] if !root_account? || self == Account.site_admin
|
|
[ Account.site_admin.id ]
|
|
end
|
|
|
|
def user_list_search_mode_for(user)
|
|
return :preferred if self.root_account.open_registration?
|
|
return :preferred if self.root_account.grants_right?(user, :manage_user_logins)
|
|
:closed
|
|
end
|
|
|
|
scope :root_accounts, where(:root_account_id => nil)
|
|
scope :processing_sis_batch, where("accounts.current_sis_batch_id IS NOT NULL").order(:updated_at)
|
|
scope :name_like, lambda { |name|
|
|
where(wildcard('accounts.name', name))
|
|
}
|
|
scope :active, where("accounts.workflow_state<>'deleted'")
|
|
|
|
def canvas_network_enabled?
|
|
false
|
|
end
|
|
|
|
# Public: Determine if draft state is enabled for this account.
|
|
#
|
|
# Returns a boolean (default: false).
|
|
def draft_state_enabled?
|
|
root_account.settings[:enable_draft]
|
|
end
|
|
|
|
def import_from_migration(data, params, migration)
|
|
|
|
LearningOutcome.process_migration(data, migration)
|
|
|
|
migration.progress=100
|
|
migration.workflow_state = :imported
|
|
migration.save
|
|
end
|
|
|
|
def enable_draft!
|
|
root_account.settings[:enable_draft] = true
|
|
root_account.save!
|
|
end
|
|
|
|
def disable_draft!
|
|
root_account.settings[:enable_draft] = false
|
|
root_account.save!
|
|
end
|
|
end
|