canvas-lms/app/models/account.rb

1347 lines
52 KiB
Ruby

#
# Copyright (C) 2011 - 2012 Instructure, Inc.
#
# This file is part of Canvas.
#
# Canvas is free software: you can redistribute it and/or modify it under
# the terms of the GNU Affero General Public License as published by the Free
# Software Foundation, version 3 of the License.
#
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#
class Account < ActiveRecord::Base
include Context
attr_accessible :name, :turnitin_account_id, :turnitin_shared_secret,
:turnitin_host, :turnitin_comments, :turnitin_pledge,
:default_time_zone, :parent_account, :settings, :default_storage_quota,
:default_storage_quota_mb, :storage_quota, :ip_filters, :default_locale,
:default_user_storage_quota_mb, :default_group_storage_quota_mb
include Workflow
belongs_to :parent_account, :class_name => 'Account'
belongs_to :root_account, :class_name => 'Account'
authenticates_many :pseudonym_sessions
has_many :courses
has_many :all_courses, :class_name => 'Course', :foreign_key => 'root_account_id'
has_many :group_categories, :as => :context, :conditions => ['deleted_at IS NULL']
has_many :all_group_categories, :class_name => 'GroupCategory', :as => :context
has_many :groups, :as => :context
has_many :all_groups, :class_name => 'Group', :foreign_key => 'root_account_id'
has_many :enrollment_terms, :foreign_key => 'root_account_id'
has_many :enrollments, :foreign_key => 'root_account_id', :conditions => ["enrollments.type != 'StudentViewEnrollment'"]
has_many :sub_accounts, :class_name => 'Account', :foreign_key => 'parent_account_id', :conditions => ['workflow_state != ?', 'deleted']
has_many :all_accounts, :class_name => 'Account', :foreign_key => 'root_account_id', :order => 'name'
has_many :account_users, :dependent => :destroy
has_many :course_sections, :foreign_key => 'root_account_id'
has_many :sis_batches
has_many :abstract_courses, :class_name => 'AbstractCourse', :foreign_key => 'account_id'
has_many :root_abstract_courses, :class_name => 'AbstractCourse', :foreign_key => 'root_account_id'
has_many :users, :through => :account_users
has_many :pseudonyms, :include => :user
has_many :role_overrides, :as => :context
has_many :course_account_associations
has_many :child_courses, :through => :course_account_associations, :source => :course, :conditions => ['course_account_associations.depth = 0']
has_many :attachments, :as => :context, :dependent => :destroy
has_many :active_assignments, :as => :context, :class_name => 'Assignment', :conditions => ['assignments.workflow_state != ?', 'deleted']
has_many :folders, :as => :context, :dependent => :destroy, :order => 'folders.name'
has_many :active_folders, :class_name => 'Folder', :as => :context, :conditions => ['folders.workflow_state != ?', 'deleted'], :order => 'folders.name'
has_many :active_folders_with_sub_folders, :class_name => 'Folder', :as => :context, :include => [:active_sub_folders], :conditions => ['folders.workflow_state != ?', 'deleted'], :order => 'folders.name'
has_many :active_folders_detailed, :class_name => 'Folder', :as => :context, :include => [:active_sub_folders, :active_file_attachments], :conditions => ['folders.workflow_state != ?', 'deleted'], :order => 'folders.name'
has_many :account_authorization_configs, :order => "position"
has_many :account_reports
has_many :grading_standards, :as => :context, :conditions => ['workflow_state != ?', 'deleted']
has_many :assessment_questions, :through => :assessment_question_banks
has_many :assessment_question_banks, :as => :context, :include => [:assessment_questions, :assessment_question_bank_users]
has_many :roles
has_many :all_roles, :class_name => 'Role', :foreign_key => 'root_account_id'
has_many :progresses, :as => :context
def inherited_assessment_question_banks(include_self = false, *additional_contexts)
sql = []
conds = []
contexts = additional_contexts + account_chain
contexts.delete(self) unless include_self
contexts.each { |c|
sql << "context_type = ? AND context_id = ?"
conds += [c.class.to_s, c.id]
}
conds.unshift(sql.join(" OR "))
AssessmentQuestionBank.where(conds)
end
include LearningOutcomeContext
include RubricContext
has_many :context_external_tools, :as => :context, :dependent => :destroy, :order => 'name'
has_many :error_reports
has_many :announcements, :class_name => 'AccountNotification'
has_many :alerts, :as => :context, :include => :criteria
has_many :user_account_associations
has_many :report_snapshots
before_validation :verify_unique_sis_source_id
before_save :ensure_defaults
before_save :set_update_account_associations_if_changed
after_save :update_account_associations_if_changed
after_create :default_enrollment_term
serialize :settings, Hash
include TimeZoneHelper
time_zone_attribute :default_time_zone, default: "America/Denver"
validates_locale :default_locale, :allow_nil => true
validates_length_of :name, :maximum => maximum_string_length, :allow_blank => true
validate :account_chain_loop, :if => :parent_account_id_changed?
validate :validate_auth_discovery_url
include StickySisFields
are_sis_sticky :name
def default_locale(recurse = false)
read_attribute(:default_locale) ||
(recurse && parent_account ? parent_account.default_locale(true) : nil)
end
cattr_accessor :account_settings_options
self.account_settings_options = {}
# I figure we're probably going to be adding more account-level
# settings in the future (and moving some of the column attributes
# to the settings hash), so it makes sense to have a general way
# of defining what settings are allowed when. Somebody please tell
# me if I'm overarchitecting...
def self.add_setting(setting, opts=nil)
self.account_settings_options[setting.to_sym] = opts || {}
if (opts && opts[:boolean] && opts.has_key?(:default))
if opts[:default]
self.class_eval "def #{setting}?; settings[:#{setting}] != false; end"
else
self.class_eval "def #{setting}?; !!settings[:#{setting}]; end"
end
end
end
# these settings either are or could be easily added to
# the account settings page
add_setting :global_includes, :root_only => true, :boolean => true, :default => false
add_setting :global_javascript, :condition => :allow_global_includes
add_setting :global_stylesheet, :condition => :allow_global_includes
add_setting :sub_account_includes, :condition => :allow_global_includes, :boolean => true, :default => false
add_setting :error_reporting, :hash => true, :values => [:action, :email, :url, :subject_param, :body_param], :root_only => true
add_setting :custom_help_links, :root_only => true
add_setting :prevent_course_renaming_by_teachers, :boolean => true, :root_only => true
add_setting :restrict_student_future_view, :boolean => true, :root_only => true, :default => false
add_setting :teachers_can_create_courses, :boolean => true, :root_only => true, :default => false
add_setting :students_can_create_courses, :boolean => true, :root_only => true, :default => false
add_setting :no_enrollments_can_create_courses, :boolean => true, :root_only => true, :default => false
add_setting :allow_sending_scores_in_emails, :boolean => true, :root_only => true
add_setting :support_url, :root_only => true
add_setting :self_enrollment
add_setting :equella_endpoint
add_setting :equella_teaser
add_setting :enable_alerts, :boolean => true, :root_only => true
add_setting :enable_eportfolios, :boolean => true, :root_only => true
add_setting :users_can_edit_name, :boolean => true, :root_only => true
add_setting :open_registration, :boolean => true, :root_only => true
add_setting :enable_scheduler, :boolean => true, :root_only => true, :default => false
add_setting :enable_draft, :boolean => true, :root_only => true, :default => false
add_setting :allow_draft, :boolean => true, :root_only => true, :default => false
add_setting :calendar2_only, :boolean => true, :root_only => true, :default => false
add_setting :show_scheduler, :boolean => true, :root_only => true, :default => false
add_setting :enable_profiles, :boolean => true, :root_only => true, :default => false
add_setting :mfa_settings, :root_only => true
add_setting :canvas_authentication, :boolean => true, :root_only => true
add_setting :admins_can_change_passwords, :boolean => true, :root_only => true, :default => false
add_setting :admins_can_view_notifications, :boolean => true, :root_only => true, :default => false
add_setting :outgoing_email_default_name
add_setting :external_notification_warning, :boolean => true, :default => false
# Terms of Use and Privacy Policy settings for the root account
add_setting :terms_changed_at, :root_only => true
# When a user is invited to a course, do we let them see a preview of the
# course even without registering? This is part of the free-for-teacher
# account perks, since anyone can invite anyone to join any course, and it'd
# be nice to be able to see the course first if you weren't expecting the
# invitation.
add_setting :allow_invitation_previews, :boolean => true, :root_only => true, :default => false
add_setting :self_registration, :boolean => true, :root_only => true, :default => false
add_setting :large_course_rosters, :boolean => true, :root_only => true, :default => false
add_setting :edit_institution_email, :boolean => true, :root_only => true, :default => true
def settings=(hash)
if hash.is_a?(Hash)
hash.each do |key, val|
if account_settings_options && account_settings_options[key.to_sym]
opts = account_settings_options[key.to_sym]
if (opts[:root_only] && !self.root_account?) || (opts[:condition] && !self.send("#{opts[:condition]}?".to_sym))
settings.delete key.to_sym
elsif opts[:boolean]
settings[key.to_sym] = (val == true || val == 'true' || val == '1' || val == 'on')
elsif opts[:hash]
new_hash = {}
if val.is_a?(Hash)
val.each do |inner_key, inner_val|
if opts[:values].include?(inner_key.to_sym)
new_hash[inner_key.to_sym] = inner_val.to_s
end
end
end
settings[key.to_sym] = new_hash.empty? ? nil : new_hash
else
settings[key.to_sym] = val.to_s
end
end
end
end
settings
end
def allow_global_includes?
self.global_includes? || self.parent_account.try(:sub_account_includes?)
end
def global_includes_hash
includes = {}
if allow_global_includes?
includes = {}
includes[:js] = settings[:global_javascript] if settings[:global_javascript].present?
includes[:css] = settings[:global_stylesheet] if settings[:global_stylesheet].present?
end
includes.present? ? includes : nil
end
def mfa_settings
settings[:mfa_settings].try(:to_sym) || :disabled
end
def canvas_authentication?
settings[:canvas_authentication] != false || !self.account_authorization_config
end
def open_registration?
!!settings[:open_registration] && canvas_authentication?
end
def self_registration?
!!settings[:self_registration] && canvas_authentication?
end
def terms_of_use_url
Setting.get_cached('terms_of_use_url', 'http://www.instructure.com/policies/terms-of-use')
end
def privacy_policy_url
Setting.get_cached('privacy_policy_url', 'http://www.instructure.com/policies/privacy-policy-instructure')
end
def terms_required?
Setting.get_cached('terms_required', 'true') == 'true'
end
def require_acceptance_of_terms?(user)
return false if !terms_required?
return true if user.nil? || user.new_record?
terms_changed_at = settings[:terms_changed_at]
last_accepted = user.preferences[:accepted_terms]
return false if terms_changed_at.nil? && user.registered? # make sure existing users are grandfathered in
return false if last_accepted && (terms_changed_at.nil? || last_accepted > terms_changed_at)
true
end
def ip_filters=(params)
filters = {}
require 'ipaddr'
params.each do |key, str|
ips = []
vals = str.split(/,/)
vals.each do |val|
ip = IPAddr.new(val) rescue nil
# right now the ip_filter column on quizzes is just a string,
# so it has a max length. I figure whatever we set it to this
# setter should at the very least limit stored values to that
# length.
ips << val if ip && val.length <= 255
end
filters[key] = ips.join(',') unless ips.empty?
end
settings[:ip_filters] = filters
end
def ensure_defaults
self.uuid ||= AutoHandle.generate_securish_uuid
self.lti_guid ||= self.uuid if self.respond_to?(:lti_guid)
end
def verify_unique_sis_source_id
return true unless self.sis_source_id
if self.root_account?
self.errors.add(:sis_source_id, t('#account.root_account_cant_have_sis_id', "SIS IDs cannot be set on root accounts"))
return false
end
root = self.root_account
existing_account = Account.find_by_root_account_id_and_sis_source_id(root.id, self.sis_source_id)
return true if !existing_account || existing_account.id == self.id
self.errors.add(:sis_source_id, t('#account.sis_id_in_use', "SIS ID \"%{sis_id}\" is already in use", :sis_id => self.sis_source_id))
false
end
def set_update_account_associations_if_changed
self.root_account_id ||= self.parent_account.root_account_id if self.parent_account
self.root_account_id ||= self.parent_account_id
self.parent_account_id ||= self.root_account_id
Account.invalidate_cache(self.id) if self.id
@should_update_account_associations = self.parent_account_id_changed? || self.root_account_id_changed?
true
end
def update_account_associations_if_changed
send_later_if_production(:update_account_associations) if @should_update_account_associations
end
def equella_settings
endpoint = self.settings[:equella_endpoint] || self.equella_endpoint
if !endpoint.blank?
OpenObject.new({
:endpoint => endpoint,
:default_action => self.settings[:equella_action] || 'selectOrAdd',
:teaser => self.settings[:equella_teaser]
})
else
nil
end
end
def settings
result = self.read_attribute(:settings)
return result if result
return write_attribute(:settings, {}) unless frozen?
{}.freeze
end
def domain
HostUrl.context_host(self)
end
def root_account?
!self.root_account_id
end
def root_account_with_self
return self if self.root_account?
root_account_without_self
end
alias_method_chain :root_account, :self
def sub_accounts_as_options(indent = 0, preloaded_accounts = nil)
unless preloaded_accounts
preloaded_accounts = {}
self.root_account.all_accounts.active.each do |account|
(preloaded_accounts[account.parent_account_id] ||= []) << account
end
end
res = [[("&nbsp;&nbsp;" * indent).html_safe + self.name, self.id]]
if preloaded_accounts[self.id]
preloaded_accounts[self.id].each do |account|
res += account.sub_accounts_as_options(indent + 1, preloaded_accounts)
end
end
res
end
def users_visible_to(user)
self.grants_right?(user, nil, :read) ? self.all_users : self.all_users.where("?", false)
end
def users_name_like(query="")
@cached_users_name_like ||= {}
@cached_users_name_like[query] ||= self.fast_all_users.name_like(query)
end
def associated_courses
Course.shard(shard).where("EXISTS (SELECT 1 FROM course_account_associations WHERE course_id=courses.id AND account_id=?)", self)
end
def fast_course_base(opts)
columns = "courses.id, courses.name, courses.workflow_state, courses.course_code, courses.sis_source_id, courses.enrollment_term_id"
associated_courses = self.associated_courses.active
associated_courses = associated_courses.with_enrollments if opts[:hide_enrollmentless_courses]
associated_courses = associated_courses.for_term(opts[:term]) if opts[:term].present?
associated_courses = yield associated_courses if block_given?
associated_courses.limit(opts[:limit]).active_first.select(columns).all
end
def fast_all_courses(opts={})
@cached_fast_all_courses ||= {}
@cached_fast_all_courses[opts] ||= self.fast_course_base(opts)
end
def all_users(limit=250)
@cached_all_users ||= {}
@cached_all_users[limit] ||= User.of_account(self).limit(limit)
end
def fast_all_users(limit=nil)
@cached_fast_all_users ||= {}
@cached_fast_all_users[limit] ||= self.all_users(limit).active.select("users.id, users.name, users.sortable_name").order_by_sortable_name
end
def users_not_in_groups_sql(groups, opts={})
["SELECT users.id, users.name
FROM users
INNER JOIN user_account_associations uaa on uaa.user_id = users.id
WHERE uaa.account_id = ? AND users.workflow_state != 'deleted'
#{Group.not_in_group_sql_fragment(groups)}
#{"ORDER BY #{opts[:order_by]}" if opts[:order_by].present?}", self.id]
end
def users_not_in_groups(groups)
User.find_by_sql(users_not_in_groups_sql(groups))
end
def paginate_users_not_in_groups(groups, page, per_page = 15)
User.paginate_by_sql(users_not_in_groups_sql(groups, :order_by => "#{User.sortable_name_order_by_clause('users')} ASC"),
:page => page, :per_page => per_page)
end
def courses_name_like(query="", opts={})
opts[:limit] ||= 200
@cached_courses_name_like ||= {}
@cached_courses_name_like[[query, opts]] ||= self.fast_course_base(opts) {|q| q.name_like(query)}
end
def self_enrollment_course_for(code)
all_courses.
where(:self_enrollment_code => code).
first
end
def file_namespace
Shard.birth.activate { "account_#{self.root_account.id}" }
end
def self.account_lookup_cache_key(id)
['_account_lookup2', id].cache_key
end
def self.invalidate_cache(id)
Rails.cache.delete(account_lookup_cache_key(id)) if id
rescue
nil
end
def quota
Rails.cache.fetch(['current_quota', self].cache_key) do
read_attribute(:storage_quota) ||
(self.parent_account.default_storage_quota rescue nil) ||
Setting.get_cached('account_default_quota', 500.megabytes.to_s).to_i
end
end
def default_storage_quota
read_attribute(:default_storage_quota) ||
(self.parent_account.default_storage_quota rescue nil) ||
Setting.get_cached('account_default_quota', 500.megabytes.to_s).to_i
end
def default_storage_quota_mb
default_storage_quota / 1.megabyte
end
def default_storage_quota_mb=(val)
self.default_storage_quota = val.try(:to_i).try(:megabytes)
end
def default_storage_quota=(val)
val = val.to_f
val = nil if val <= 0
# If the value is the same as the inherited value, then go
# ahead and blank it so it keeps using the inherited value
if parent_account && parent_account.default_storage_quota == val
val = nil
end
write_attribute(:default_storage_quota, val)
end
def default_user_storage_quota
read_attribute(:default_user_storage_quota) ||
User.default_storage_quota
end
def default_user_storage_quota=(val)
val = val.to_i
val = nil if val == User.default_storage_quota || val <= 0
write_attribute(:default_user_storage_quota, val)
end
def default_user_storage_quota_mb
default_user_storage_quota / 1.megabyte
end
def default_user_storage_quota_mb=(val)
self.default_user_storage_quota = val.try(:to_i).try(:megabytes)
end
def default_group_storage_quota
read_attribute(:default_group_storage_quota) ||
Group.default_storage_quota
end
def default_group_storage_quota=(val)
val = val.to_i
val = nil if val == Group.default_storage_quota || val <= 0
write_attribute(:default_group_storage_quota, val)
end
def default_group_storage_quota_mb
default_group_storage_quota / 1.megabyte
end
def default_group_storage_quota_mb=(val)
self.default_group_storage_quota = val.try(:to_i).try(:megabytes)
end
def turnitin_shared_secret=(secret)
return if secret.blank?
self.turnitin_crypted_secret, self.turnitin_salt = Canvas::Security.encrypt_password(secret, 'instructure_turnitin_secret_shared')
end
def turnitin_shared_secret
return nil unless self.turnitin_salt && self.turnitin_crypted_secret
Canvas::Security.decrypt_password(self.turnitin_crypted_secret, self.turnitin_salt, 'instructure_turnitin_secret_shared')
end
def account_chain(opts = {})
res = [self]
if ActiveRecord::Base.configurations[Rails.env]['adapter'] == 'postgresql'
self.shard.activate do
res.concat Account.find_by_sql(<<-SQL) if self.parent_account_id
WITH RECURSIVE t AS (
SELECT * FROM accounts WHERE id=#{self.parent_account_id}
UNION
SELECT accounts.* FROM accounts INNER JOIN t ON accounts.id=t.parent_account_id
)
SELECT * FROM t
SQL
end
else
account = self
while account.parent_account
account = account.parent_account
res << account
end
end
res << self.root_account unless res.map(&:id).include?(self.root_account_id)
res << Account.site_admin if opts[:include_site_admin] && !self.site_admin?
res.compact
end
def account_chain_loop
# this record hasn't been saved to the db yet, so if the the chain includes
# this account, it won't point to the new parent yet, and should still be
# valid
if self.parent_account.account_chain_ids.include?(self.id)
errors.add(:parent_account_id,
"Setting account #{self.sis_source_id || self.id}'s parent to #{self.parent_account.sis_source_id || self.parent_account_id} would create a loop")
end
end
# returns all sub_accounts recursively as far down as they go, in id order
# because this uses a custom sql query for postgresql, we can't use a normal
# named scope, so we pass the limit and offset into the method instead and
# build our own query string
def sub_accounts_recursive(limit, offset)
if ActiveRecord::Base.configurations[Rails.env]['adapter'] == 'postgresql'
Account.find_by_sql([<<-SQL, self.id, limit.to_i, offset.to_i])
WITH RECURSIVE t AS (
SELECT * FROM accounts
WHERE parent_account_id = ? AND workflow_state <>'deleted'
UNION
SELECT accounts.* FROM accounts
INNER JOIN t ON accounts.parent_account_id = t.id
WHERE accounts.workflow_state <>'deleted'
)
SELECT * FROM t ORDER BY parent_account_id, id LIMIT ? OFFSET ?
SQL
else
account_descendents = lambda do |id|
as = Account.where(:parent_account_id => id).active.order(:id)
as.empty? ?
[] :
as << as.map { |a| account_descendents.call(a.id) }
end
account_descendents.call(id).flatten[offset, limit]
end
end
def associated_accounts
self.account_chain
end
def account_chain_ids(opts={})
account_chain(opts).map(&:id)
end
memoize :account_chain_ids
def membership_for_user(user)
self.account_users.find_by_user_id(user && user.id)
end
def available_custom_account_roles
account_roles = roles.for_accounts.active
account_roles |= self.parent_account.available_custom_account_roles if self.parent_account
account_roles
end
def available_account_roles
account_roles = roles.for_accounts.active.map(&:name)
account_roles |= ['AccountAdmin']
account_roles |= self.parent_account.available_account_roles if self.parent_account
account_roles
end
def available_course_roles(include_inactive=false)
available_course_roles_by_name(include_inactive).keys
end
def available_course_roles_by_name(include_inactive=false)
scope = include_inactive ? roles.for_courses.not_deleted : roles.for_courses.active
role_map = {}
scope.each { |role| role_map[role.name] = role }
role_map.reverse_merge!(parent_account.available_course_roles_by_name(include_inactive)) if parent_account
role_map
end
def get_course_role(role_name)
course_role = self.roles.for_courses.not_deleted.find_by_name(role_name)
course_role ||= self.parent_account.get_course_role(role_name) if self.parent_account
course_role
end
def has_role?(role_name)
!!roles.not_deleted.where(:roles => { :name => role_name}).first
end
def find_role(role_name)
roles.not_deleted.find_by_name(role_name) || (parent_account && parent_account.find_role(role_name))
end
def account_authorization_config
# We support multiple auth configs per account, but several places we assume there is only one.
# This is for compatibility with those areas. TODO: migrate everything to supporting multiple
# auth configs
self.account_authorization_configs.first
end
def login_handle_name_is_customized?
self.account_authorization_config && self.account_authorization_config.login_handle_name.present?
end
def login_handle_name
login_handle_name_is_customized? ? self.account_authorization_config.login_handle_name :
(self.delegated_authentication? ? AccountAuthorizationConfig.default_delegated_login_handle_name :
AccountAuthorizationConfig.default_login_handle_name)
end
def self_and_all_sub_accounts
@self_and_all_sub_accounts ||= Account.where("root_account_id=? OR parent_account_id=?", self, self).pluck(:id).uniq + [self.id]
end
workflow do
state :active
state :deleted
end
def account_users_for(user)
return [] unless user
@account_users_cache ||= {}
if self == Account.site_admin
@account_users_cache[user] ||= Rails.cache.fetch('all_site_admin_account_users', :expires_in => 30.minutes) do
self.account_users.all
end.select { |au| au.user_id == user.id }.each { |au| au.account = self }
else
@account_chain_ids ||= self.account_chain(:include_site_admin => true).map { |a| a.active? ? a.id : nil }.compact
@account_users_cache[user] ||= Shard.partition_by_shard(@account_chain_ids) do |account_chain_ids|
if account_chain_ids == [Account.site_admin.id]
Account.site_admin.account_users_for(user)
else
AccountUser.where(:account_id => account_chain_ids, :user_id => user).all
end
end
end
@account_users_cache[user] ||= []
@account_users_cache[user]
end
# returns all account users for this entire account tree
def all_account_users_for(user)
raise "must be a root account" unless self.root_account?
Shard.partition_by_shard([self, Account.site_admin].uniq) do |accounts|
AccountUser.includes(:account).joins(:account).where("user_id=? AND (root_account_id IN (?) OR account_id IN (?))", user, accounts, accounts)
end
end
set_policy do
enrollment_types = RoleOverride.enrollment_types.map { |role| role[:name] }
RoleOverride.permissions.each do |permission, details|
given { |user| self.account_users_for(user).any? { |au| au.has_permission_to?(self, permission) && (!details[:if] || send(details[:if])) } }
can permission
can :create_courses if permission == :manage_courses
next unless details[:account_only]
((details[:available_to] | details[:true_for]) & enrollment_types).each do |role|
given { |user| user && RoleOverride.permission_for(self, permission, role)[:enabled] &&
self.course_account_associations.joins('INNER JOIN enrollments ON course_account_associations.course_id=enrollments.course_id').
where("enrollments.type=? AND enrollments.workflow_state IN ('active', 'completed') AND user_id=?", role, user).first &&
(!details[:if] || send(details[:if])) }
can permission
end
end
given { |user| !self.account_users_for(user).empty? }
can :read and can :manage and can :update and can :delete and can :read_outcomes
given { |user|
result = false
if !site_admin? && user
scope = user.enrollments.where(:root_account_id => root_account).where("enrollments.workflow_state<>'deleted'")
result = root_account.teachers_can_create_courses? &&
scope.where(:type => ['TeacherEnrollment', 'DesignerEnrollment']).exists?
result ||= root_account.students_can_create_courses? &&
scope.where(:type => ['StudentEnrollment', 'ObserverEnrollment']).exists?
result ||= root_account.no_enrollments_can_create_courses? &&
!scope.exists?
end
result
}
can :create_courses
# any logged in user can read global outcomes, but must be checked against the site admin
given{ |user,session| self.site_admin? && user }
can :read_global_outcomes
# any user with an association to this account can read the outcomes in the account
given{ |user,session| user && self.user_account_associations.find_by_user_id(user.id) }
can :read_outcomes
end
alias_method :destroy!, :destroy
def destroy
self.workflow_state = 'deleted'
self.deleted_at = Time.now
save!
end
def to_atom
Atom::Entry.new do |entry|
entry.title = self.name
entry.updated = self.updated_at
entry.published = self.created_at
entry.links << Atom::Link.new(:rel => 'alternate',
:href => "/accounts/#{self.id}")
end
end
def default_enrollment_term
return @default_enrollment_term if @default_enrollment_term
if self.root_account?
@default_enrollment_term = self.enrollment_terms.active.find_or_create_by_name(EnrollmentTerm::DEFAULT_TERM_NAME)
end
end
def add_user(user, membership_type = nil)
return nil unless user && user.is_a?(User)
membership_type ||= 'AccountAdmin'
au = self.account_users.find_by_user_id_and_membership_type(user.id, membership_type)
au ||= self.account_users.create(:user => user, :membership_type => membership_type)
end
def context_code
raise "DONT USE THIS, use .short_name instead" unless Rails.env.production?
end
def short_name
name
end
# can be set/overridden by plugin to enforce email pseudonyms
attr_accessor :email_pseudonyms
def password_policy
Canvas::PasswordPolicy.default_policy.merge(settings[:password_policy] || {})
end
def password_authentication?
!!(!self.account_authorization_config || self.account_authorization_config.password_authentication?)
end
def delegated_authentication?
!canvas_authentication? || !!(self.account_authorization_config && self.account_authorization_config.delegated_authentication?)
end
def forgot_password_external_url
account_authorization_config.try(:change_password_url)
end
def cas_authentication?
!!(self.account_authorization_config && self.account_authorization_config.cas_authentication?)
end
def ldap_authentication?
self.account_authorization_configs.any? { |aac| aac.ldap_authentication? }
end
def saml_authentication?
!!(self.account_authorization_config && self.account_authorization_config.saml_authentication?) && AccountAuthorizationConfig.saml_enabled
end
def multi_auth?
self.account_authorization_configs.count > 1
end
def auth_discovery_url=(url)
self.settings[:auth_discovery_url] = url
end
def auth_discovery_url
self.settings[:auth_discovery_url]
end
def validate_auth_discovery_url
return if self.settings[:auth_discovery_url].blank?
begin
value, uri = CustomValidations.validate_url(self.settings[:auth_discovery_url])
self.auth_discovery_url = value
rescue URI::InvalidURIError, ArgumentError
errors.add(:discovery_url, t('errors.invalid_discovery_url', "The discovery URL is not valid" ))
end
end
def find_courses(string)
self.all_courses.select{|c| c.name.match(string) }
end
def find_users(string)
self.pseudonyms.map{|p| p.user }.select{|u| u.name.match(string) }
end
def self.site_admin
get_special_account(:site_admin, 'Site Admin')
end
def self.default
get_special_account(:default, 'Default Account')
end
def self.clear_special_account_cache!
@special_accounts = {}
end
# an opportunity for plugins to load some other stuff up before caching the account
def precache
end
def self.find_cached(id)
account = Rails.cache.fetch(account_lookup_cache_key(id), :expires_in => 1.hour) do
account = Account.find_by_id(id)
account.precache if account
account || :nil
end
account = nil if account == :nil
account
end
def self.get_special_account(special_account_type, default_account_name)
Shard.birth.activate do
@special_account_ids ||= {}
@special_accounts ||= {}
account = @special_accounts[special_account_type]
unless account
special_account_id = @special_account_ids[special_account_type] ||= Setting.get("#{special_account_type}_account_id", nil)
account = @special_accounts[special_account_type] = Account.find_cached(special_account_id) if special_account_id
end
# another process (i.e. selenium spec) may have changed the setting
unless account
special_account_id = Setting.get("#{special_account_type}_account_id", nil)
if special_account_id && special_account_id != @special_account_ids[special_account_type]
@special_account_ids[special_account_type] = special_account_id
account = @special_accounts[special_account_type] = Account.find_by_id(special_account_id)
end
end
if !account && default_account_name
# TODO i18n
t '#account.default_site_administrator_account_name', 'Site Admin'
t '#account.default_account_name', 'Default Account'
account = @special_accounts[special_account_type] = Account.new(:name => default_account_name)
account.save!
Setting.set("#{special_account_type}_account_id", account.id)
@special_account_ids[special_account_type] = account.id
end
account
end
end
def site_admin?
self == Account.site_admin
end
def display_name
self.name
end
# Updates account associations for all the courses and users associated with this account
def update_account_associations
self.shard.activate do
account_chain_cache = {}
all_user_ids = Set.new
# make sure to use the non-associated_courses associations
# to catch courses that didn't ever have an association created
scopes = if root_account?
[all_courses,
associated_courses.
where("root_account_id<>?", self)]
else
[courses,
associated_courses.
where("courses.account_id<>?", self)]
end
# match the "batch" size in Course.update_account_associations
scopes.each do |scope|
scope.select([:id, :account_id]).find_in_batches(:batch_size => 500) do |courses|
all_user_ids.merge Course.update_account_associations(courses, :skip_user_account_associations => true, :account_chain_cache => account_chain_cache)
end
end
# Make sure we have all users with existing account associations.
all_user_ids.merge self.user_account_associations.pluck(:user_id)
if root_account?
all_user_ids.merge self.pseudonyms.active.pluck(:user_id)
end
# Update the users' associations as well
User.update_account_associations(all_user_ids.to_a, :account_chain_cache => account_chain_cache)
end
end
# this will take an account and make it a sub_account of
# itself. Also updates all it's descendant accounts to point to
# the correct root account, and updates the pseudonyms to
# points to the new root account as well.
def consume_account(account)
account.all_accounts.each do |sub_account|
sub_account.root_account = self.root_account
sub_account.save!
end
account.parent_account = self
account.root_account = self.root_account
account.save!
account.pseudonyms.each do |pseudonym|
pseudonym.account = self.root_account
pseudonym.save!
end
end
def course_count
self.child_courses.not_deleted.count('DISTINCT course_id')
end
memoize :course_count
def sub_account_count
self.sub_accounts.active.count
end
memoize :sub_account_count
def user_count
self.user_account_associations.count
end
memoize :user_count
def current_sis_batch
if (current_sis_batch_id = self.read_attribute(:current_sis_batch_id)) && current_sis_batch_id.present?
self.sis_batches.find_by_id(current_sis_batch_id)
end
end
def turnitin_settings
if self.turnitin_account_id.present? && self.turnitin_shared_secret.present?
[self.turnitin_account_id, self.turnitin_shared_secret, self.turnitin_host]
else
self.parent_account.try(:turnitin_settings)
end
end
def closest_turnitin_pledge
if self.turnitin_pledge && !self.turnitin_pledge.empty?
self.turnitin_pledge
else
res = self.parent_account.try(:closest_turnitin_pledge)
res ||= t('#account.turnitin_pledge', "This assignment submission is my own, original work")
end
end
def closest_turnitin_comments
if self.turnitin_comments && !self.turnitin_comments.empty?
self.turnitin_comments
else
self.parent_account.try(:closest_turnitin_comments)
end
end
def self_enrollment_allowed?(course)
if !settings[:self_enrollment].blank?
!!(settings[:self_enrollment] == 'any' || (!course.sis_source_id && settings[:self_enrollment] == 'manually_created'))
else
!!(parent_account && parent_account.self_enrollment_allowed?(course))
end
end
TAB_COURSES = 0
TAB_STATISTICS = 1
TAB_PERMISSIONS = 2
TAB_SUB_ACCOUNTS = 3
TAB_TERMS = 4
TAB_AUTHENTICATION = 5
TAB_USERS = 6
TAB_OUTCOMES = 7
TAB_RUBRICS = 8
TAB_SETTINGS = 9
TAB_FACULTY_JOURNAL = 10
TAB_SIS_IMPORT = 11
TAB_GRADING_STANDARDS = 12
TAB_QUESTION_BANKS = 13
# site admin tabs
TAB_PLUGINS = 14
TAB_JOBS = 15
TAB_DEVELOPER_KEYS = 16
TAB_ADMIN_TOOLS = 17
def external_tool_tabs(opts)
tools = ContextExternalTool.active.find_all_for(self, :account_navigation)
tools.sort_by(&:id).map do |tool|
{
:id => tool.asset_string,
:label => tool.label_for(:account_navigation, opts[:language]),
:css_class => tool.asset_string,
:href => :account_external_tool_path,
:external => true,
:args => [self.id, tool.id]
}
end
end
def tabs_available(user=nil, opts={})
manage_settings = user && self.grants_right?(user, nil, :manage_account_settings)
if site_admin?
tabs = []
tabs << { :id => TAB_USERS, :label => t('#account.tab_users', "Users"), :css_class => 'users', :href => :account_users_path } if user && self.grants_right?(user, nil, :read_roster)
tabs << { :id => TAB_PERMISSIONS, :label => t('#account.tab_permissions', "Permissions"), :css_class => 'permissions', :href => :account_permissions_path } if user && self.grants_right?(user, nil, :manage_role_overrides)
tabs << { :id => TAB_SUB_ACCOUNTS, :label => t('#account.tab_sub_accounts', "Sub-Accounts"), :css_class => 'sub_accounts', :href => :account_sub_accounts_path } if manage_settings
tabs << { :id => TAB_AUTHENTICATION, :label => t('#account.tab_authentication', "Authentication"), :css_class => 'authentication', :href => :account_account_authorization_configs_path } if manage_settings
tabs << { :id => TAB_PLUGINS, :label => t("#account.tab_plugins", "Plugins"), :css_class => "plugins", :href => :plugins_path, :no_args => true } if self.grants_right?(user, nil, :manage_site_settings)
tabs << { :id => TAB_JOBS, :label => t("#account.tab_jobs", "Jobs"), :css_class => "jobs", :href => :jobs_path, :no_args => true } if self.grants_right?(user, nil, :view_jobs)
tabs << { :id => TAB_DEVELOPER_KEYS, :label => t("#account.tab_developer_keys", "Developer Keys"), :css_class => "developer_keys", :href => :developer_keys_path, :no_args => true } if self.grants_right?(user, nil, :manage_developer_keys)
else
tabs = []
tabs << { :id => TAB_COURSES, :label => t('#account.tab_courses', "Courses"), :css_class => 'courses', :href => :account_path } if user && self.grants_right?(user, nil, :read_course_list)
tabs << { :id => TAB_USERS, :label => t('#account.tab_users', "Users"), :css_class => 'users', :href => :account_users_path } if user && self.grants_right?(user, nil, :read_roster)
tabs << { :id => TAB_STATISTICS, :label => t('#account.tab_statistics', "Statistics"), :css_class => 'statistics', :href => :statistics_account_path } if user && self.grants_right?(user, nil, :view_statistics)
tabs << { :id => TAB_PERMISSIONS, :label => t('#account.tab_permissions', "Permissions"), :css_class => 'permissions', :href => :account_permissions_path } if user && self.grants_right?(user, nil, :manage_role_overrides)
if user && self.grants_right?(user, nil, :manage_outcomes)
tabs << { :id => TAB_OUTCOMES, :label => t('#account.tab_outcomes', "Outcomes"), :css_class => 'outcomes', :href => :account_outcomes_path }
tabs << { :id => TAB_RUBRICS, :label => t('#account.tab_rubrics', "Rubrics"), :css_class => 'rubrics', :href => :account_rubrics_path }
end
tabs << { :id => TAB_GRADING_STANDARDS, :label => t('#account.tab_grading_standards', "Grading Schemes"), :css_class => 'grading_standards', :href => :account_grading_standards_path } if user && self.grants_right?(user, nil, :manage_grades)
tabs << { :id => TAB_QUESTION_BANKS, :label => t('#account.tab_question_banks', "Question Banks"), :css_class => 'question_banks', :href => :account_question_banks_path } if user && self.grants_right?(user, nil, :manage_grades)
tabs << { :id => TAB_SUB_ACCOUNTS, :label => t('#account.tab_sub_accounts', "Sub-Accounts"), :css_class => 'sub_accounts', :href => :account_sub_accounts_path } if manage_settings
tabs << { :id => TAB_FACULTY_JOURNAL, :label => t('#account.tab_faculty_journal', "Faculty Journal"), :css_class => 'faculty_journal', :href => :account_user_notes_path} if self.enable_user_notes && user && self.grants_right?(user, nil, :manage_user_notes)
tabs << { :id => TAB_TERMS, :label => t('#account.tab_terms', "Terms"), :css_class => 'terms', :href => :account_terms_path } if self.root_account? && manage_settings
tabs << { :id => TAB_AUTHENTICATION, :label => t('#account.tab_authentication', "Authentication"), :css_class => 'authentication', :href => :account_account_authorization_configs_path } if self.root_account? && manage_settings
tabs << { :id => TAB_SIS_IMPORT, :label => t('#account.tab_sis_import', "SIS Import"), :css_class => 'sis_import', :href => :account_sis_import_path } if self.root_account? && self.allow_sis_import && user && self.grants_right?(user, nil, :manage_sis)
end
tabs += external_tool_tabs(opts)
tabs << { :id => TAB_ADMIN_TOOLS, :label => t('#account.tab_admin_tools', "Admin Tools"), :css_class => 'admin_tools', :href => :account_admin_tools_path } if can_see_admin_tools_tab?(user)
tabs << { :id => TAB_SETTINGS, :label => t('#account.tab_settings', "Settings"), :css_class => 'settings', :href => :account_settings_path }
tabs
end
def can_see_admin_tools_tab?(user)
return false if !user || site_admin?
admin_tool_permissions = RoleOverride.manageable_permissions(self).find_all{|p| p[1][:admin_tool]}
admin_tool_permissions.any? do |p|
self.grants_right?(user, nil, p.first)
end
end
def is_a_context?
true
end
def help_links
Canvas::Help.default_links + (settings[:custom_help_links] || [])
end
def self.allowable_services
{
:google_docs => {
:name => "Google Docs",
:description => "",
:expose_to_ui => (GoogleDocs.config ? :service : false)
},
:google_docs_previews => {
:name => "Google Docs Previews",
:description => "",
:expose_to_ui => :service
},
:facebook => {
:name => "Facebook",
:description => "",
:expose_to_ui => (Facebook.config ? :service : false)
},
:skype => {
:name => "Skype",
:description => "",
:expose_to_ui => :service
},
:linked_in => {
:name => "LinkedIn",
:description => "",
:expose_to_ui => (LinkedIn.config ? :service : false)
},
:twitter => {
:name => "Twitter",
:description => "",
:expose_to_ui => (Twitter.config ? :service : false)
},
:delicious => {
:name => "Delicious",
:description => "",
:expose_to_ui => :service
},
:diigo => {
:name => "Diigo",
:description => "",
:expose_to_ui => :service
},
# TODO: move avatars to :settings hash, it makes more sense there
# In the meantime, we leave it as a service but expose it in the
# "Features" (settings) portion of the account admin UI
:avatars => {
:name => "User Avatars",
:description => "",
:default => false,
:expose_to_ui => :setting
},
:account_survey_notifications => {
:name => "Account Surveys",
:description => "",
:default => false,
:expose_to_ui => :setting,
:expose_to_ui_proc => proc { |user, account| user && account && account.grants_right?(user, :manage_site_settings) },
},
}.merge(@plugin_services || {}).freeze
end
def self.register_service(service_name, info_hash)
@plugin_services ||= {}
@plugin_services[service_name.to_sym] = info_hash.freeze
end
def self.default_allowable_services
self.allowable_services.reject {|s, info| info[:default] == false }
end
def set_service_availability(service, enable)
service = service.to_sym
raise "Invalid Service" unless Account.allowable_services[service]
allowed_service_names = (self.allowed_services || "").split(",").compact
if allowed_service_names.count > 0 and not [ '+', '-' ].member?(allowed_service_names[0][0,1])
# This account has a hard-coded list of services, so handle accordingly
allowed_service_names.reject! { |flag| flag.match("^[+-]?#{service}$") }
allowed_service_names << service if enable
else
allowed_service_names.reject! { |flag| flag.match("^[+-]?#{service}$") }
if enable
# only enable if it is not enabled by default
allowed_service_names << "+#{service}" unless Account.default_allowable_services[service]
else
# only disable if it is not enabled by default
allowed_service_names << "-#{service}" if Account.default_allowable_services[service]
end
end
@allowed_services_hash = nil
self.allowed_services = allowed_service_names.empty? ? nil : allowed_service_names.join(",")
end
def enable_service(service)
set_service_availability(service, true)
end
def disable_service(service)
set_service_availability(service, false)
end
def allowed_services_hash
return @allowed_services_hash if @allowed_services_hash
account_allowed_services = Account.default_allowable_services
if self.allowed_services
allowed_service_names = self.allowed_services.split(",").compact
if allowed_service_names.count > 0
unless [ '+', '-' ].member?(allowed_service_names[0][0,1])
# This account has a hard-coded list of services, so we clear out the defaults
account_allowed_services = { }
end
allowed_service_names.each do |service_switch|
if service_switch =~ /\A([+-]?)(.*)\z/
flag = $1
service_name = $2.to_sym
if flag == '-'
account_allowed_services.delete(service_name)
else
account_allowed_services[service_name] = Account.allowable_services[service_name]
end
end
end
end
end
@allowed_services_hash = account_allowed_services
end
# if expose_as is nil, all services exposed in the ui are returned
# if it's :service or :setting, then only services set to be exposed as that type are returned
def self.services_exposed_to_ui_hash(expose_as = nil, current_user = nil, account = nil)
if expose_as
self.allowable_services.reject { |key, setting| setting[:expose_to_ui] != expose_as }
else
self.allowable_services.reject { |key, setting| !setting[:expose_to_ui] }
end.reject { |key, setting| setting[:expose_to_ui_proc] && !setting[:expose_to_ui_proc].call(current_user, account) }
end
def service_enabled?(service)
service = service.to_sym
case service
when :none
self.allowed_services_hash.empty?
else
self.allowed_services_hash.has_key?(service)
end
end
def self.all_accounts_for(context)
if context.respond_to?(:account)
context.account.account_chain
elsif context.respond_to?(:parent_account)
context.account_chain
else
[]
end
end
def self.serialization_excludes; [:uuid]; end
# This could be much faster if we implement a SQL tree for the account tree
# structure.
def find_child(child_id)
child_id = child_id.to_i
child_ids = self.class.connection.select_values("SELECT id FROM accounts WHERE parent_account_id = #{self.id}").map(&:to_i)
until child_ids.empty?
if child_ids.include?(child_id)
return self.class.find(child_id)
end
child_ids = self.class.connection.select_values("SELECT id FROM accounts WHERE parent_account_id IN (#{child_ids.join(",")})").map(&:to_i)
end
return false
end
def manually_created_courses_account
return self.root_account.manually_created_courses_account unless self.root_account?
display_name = t('#account.manually_created_courses', "Manually-Created Courses")
acct = manually_created_courses_account_from_settings
if acct.blank?
transaction do
lock!
acct = manually_created_courses_account_from_settings
acct ||= self.sub_accounts.find_by_name(display_name) # for backwards compatibility
acct ||= self.sub_accounts.create!(:name => display_name)
if acct.id != self.settings[:manually_created_courses_account_id]
self.settings[:manually_created_courses_account_id] = acct.id
self.save!
end
end
end
acct
end
def manually_created_courses_account_from_settings
acct_id = self.settings[:manually_created_courses_account_id]
acct = self.sub_accounts.find_by_id(acct_id) if acct_id.present?
acct = nil if acct.present? && acct.root_account_id != self.id
acct
end
private :manually_created_courses_account_from_settings
def trusted_account_ids
return [] if !root_account? || self == Account.site_admin
[ Account.site_admin.id ]
end
def user_list_search_mode_for(user)
return :preferred if self.root_account.open_registration?
return :preferred if self.root_account.grants_right?(user, :manage_user_logins)
:closed
end
scope :root_accounts, where(:root_account_id => nil)
scope :processing_sis_batch, where("accounts.current_sis_batch_id IS NOT NULL").order(:updated_at)
scope :name_like, lambda { |name|
where(wildcard('accounts.name', name))
}
scope :active, where("accounts.workflow_state<>'deleted'")
def canvas_network_enabled?
false
end
# Public: Determine if draft state is enabled for this account.
#
# Returns a boolean (default: false).
def draft_state_enabled?
root_account.settings[:enable_draft]
end
def import_from_migration(data, params, migration)
LearningOutcome.process_migration(data, migration)
migration.progress=100
migration.workflow_state = :imported
migration.save
end
def enable_draft!
root_account.settings[:enable_draft] = true
root_account.save!
end
def disable_draft!
root_account.settings[:enable_draft] = false
root_account.save!
end
end