spec/controllers/quizzes/quizzes_controller_spec.rb

#
# Copyright (C) 2011 Instructure, Inc.
#
# This file is part of Canvas.
#
# Canvas is free software: you can redistribute it and/or modify it under
# the terms of the GNU Affero General Public License as published by the Free
# Software Foundation, version 3 of the License.
#
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#

require File.expand_path(File.dirname(__FILE__) + '/../../spec_helper')

describe Quizzes::QuizzesController do
  def course_quiz(active=false)
    @quiz = @course.quizzes.create
    @quiz.workflow_state = "available" if active
    @quiz.save!
    @quiz
  end

  def quiz_question
    @quiz.quiz_questions.create
  end

  def quiz_group
    @quiz.quiz_groups.create
  end

  def temporary_user_code(generate=true)
    if generate
      session[:temporary_user_code] ||= "tmp_#{Digest::MD5.hexdigest("#{Time.now.to_i.to_s}_#{rand.to_s}")}"
    else
      session[:temporary_user_code]
    end
  end

  def logged_out_survey_with_submission(user, questions, &block)
    course_with_teacher_logged_in(:active_all => true)

    @assignment = @course.assignments.create(:title => "Test Assignment")
    @assignment.workflow_state = "available"
    @assignment.submission_types = "online_quiz"
    @assignment.save
    @quiz = Quizzes::Quiz.find_by_assignment_id(@assignment.id)
    @quiz.anonymous_submissions = false
    @quiz.quiz_type = "survey"

    @questions = questions.map { |q| @quiz.quiz_questions.create!(q) }
    @quiz.generate_quiz_data
    @quiz.save!

    @quiz_submission = @quiz.generate_submission(user)
    @quiz_submission.mark_completed
    @quiz_submission.submission_data = yield if block_given?
    Quizzes::SubmissionGrader.new(@quiz_submission).grade_submission
    @quiz_submission.save!
  end

  def ember_urls
    CanvasEmberUrl::UrlMappings.new(
      :course_quizzes => fabulous_quizzes_course_quizzes_url
    )
  end

  describe "GET 'index'" do
    it "should require authorization" do
      course_with_teacher(:active_all => true)
      get 'index', :course_id => @course.id
      assert_unauthorized
    end

    it "should redirect 'disabled', if disabled by the teacher" do
      course_with_student_logged_in(:active_all => true)
      @course.update_attribute(:tab_configuration, [{'id'=>4,'hidden'=>true}])
      get 'index', :course_id => @course.id
      response.should be_redirect
      flash[:notice].should match(/That page has been disabled/)
    end

    it "should assign variables" do
      course_with_teacher_logged_in(:active_all => true)
      get 'index', :course_id => @course.id
      assigns[:quizzes].should_not be_nil
      assigns[:unpublished_quizzes].should_not be_nil
      assigns[:submissions_hash].should_not be_nil
    end

    it "should retrieve quizzes" do
      course_with_teacher_logged_in(:active_all => true)
      course_quiz(!!:active)

      get 'index', :course_id => @course.id
      assigns[:quizzes].should_not be_nil
      assigns[:quizzes].should_not be_empty
      assigns[:quizzes][0].should eql(@quiz)
    end
  end

  describe "GET 'index' with draft state enabled" do
    before do
      Account.default.enable_feature! :draft_state
    end

    it "should assign variables" do
      course_with_teacher_logged_in(:active_all => true)
      get 'index', :course_id => @course.id
      assigns[:assignment_json].should_not be_nil
      assigns[:open_json].should_not be_nil
      assigns[:surveys_json].should_not be_nil
      assigns[:quiz_options].should_not be_nil
    end

    it "should filter out unpublished quizzes for student" do
      course_with_student_logged_in(:active_all => true)
      course_quiz
      course_quiz(active = true)

      get 'index', :course_id => @course.id

      assigns[:quizzes].length.should eql 1
      assigns[:quizzes].map do |quiz|
        quiz.published?.should be_true
      end
    end
  end

  describe "GET 'index' without fabulous quizzes enabled" do
    before :each do
      a = Account.default
      a.disable_fabulous_quizzes!
      a.save!
    end

    after :each do
      a = Account.default
      a.enable_fabulous_quizzes!
      a.save!
    end

    it "should not redirect" do
      course_with_teacher_logged_in(:active_all => true)
      course_quiz(active = true)
      a = Account.default
      a.enable_fabulous_quizzes?.should eql false
      get 'index', :course_id => @course.id
      assert_response(:success)
    end
  end

  describe "GET 'index' with fabulous quizzes enabled" do
    before :each do
      a = Account.default
      a.enable_fabulous_quizzes!
      a.save!
    end

    after :each do
      a = Account.default
      a.disable_fabulous_quizzes!
      a.save!
    end

    it "should redirect to fabulous quizzes app" do
      course_with_teacher_logged_in(:active_all => true)
      course_quiz(active = true)
      a = Account.default
      a.enable_fabulous_quizzes?.should eql true
      get 'index', :course_id => @course.id
      assert_redirected_to ember_urls.course_quizzes_url
    end
  end

  describe "GET 'fabulous_quizzes' without fabulous quizzes enabled" do
    it "should redirect to index" do
      a = Account.default
      a.disable_fabulous_quizzes!
      a.save!
      course_with_teacher_logged_in(:active_all => true)
      course_quiz(active = true)
      a = Account.default
      a.enable_fabulous_quizzes?.should eql false
      get 'fabulous_quizzes', :course_id => @course.id
      assert_redirected_to(:controller => "quizzes", :action => "index")
    end
  end

  describe "GET 'new'" do
    it "should require authorization" do
      course_with_teacher(:active_all => true)
      get 'new', :course_id => @course.id
      assert_unauthorized
    end

    it "should assign variables" do
      course_with_teacher_logged_in(:active_all => true)
      get 'new', :course_id => @course.id
      assigns[:quiz].should_not be_nil
      q = assigns[:quiz]
    end

    it "subsequent requests should return the same quiz unless ?fresh=1" do
      course_with_teacher_logged_in(:active_all => true)
      get 'new', :course_id => @course.id
      assigns[:quiz].should_not be_nil
      q = assigns[:quiz]

      get 'new', :course_id => @course.id
      assigns[:quiz].should_not be_nil
      assigns[:quiz].should_not eql(q)

      get 'new', :course_id => @course.id, :fresh => 1
      # Quizzes::Quiz.find_by_id(q.id).should be_deleted
      assigns[:quiz].should_not be_nil
      assigns[:quiz].should_not eql(q)
    end
  end

  describe "GET 'edit'" do
    it "should require authorization" do
      course_with_teacher(:active_all => true)
      course_quiz
      get 'edit', :course_id => @course.id, :id => @quiz.id
      assert_unauthorized
      assigns[:quiz].should_not be_nil
    end

    it "should assign variables" do
      course_with_teacher_logged_in(:active_all => true)
      course_quiz
      regrade = @quiz.quiz_regrades.create!(:user_id => @teacher.id, quiz_version: @quiz.version_number)
      q = @quiz.quiz_questions.create!
      regrade.quiz_question_regrades.create!(:quiz_question_id => q.id,:regrade_option => 'no_regrade')
      get 'edit', :course_id => @course.id, :id => @quiz.id
      assigns[:quiz].should_not be_nil
      assigns[:quiz].should eql(@quiz)
      assigns[:js_env][:REGRADE_OPTIONS].should == {q.id => 'no_regrade' }
      response.should render_template("new")
    end
  end

  describe "GET 'show'" do
    it "should require authorization" do
      course_with_teacher(:active_all => true)
      course_quiz
      get 'show', :course_id => @course.id, :id => @quiz.id
      assert_unauthorized
      assigns[:quiz].should_not be_nil
      assigns[:quiz].should eql(@quiz)
    end

    it "should assign variables" do
      course_with_teacher_logged_in(:active_all => true)
      course_quiz
      get 'show', :course_id => @course.id, :id => @quiz.id
      assigns[:quiz].should_not be_nil
      assigns[:quiz].should eql(@quiz)
      assigns[:question_count].should eql(@quiz.question_count)
      assigns[:just_graded].should eql(false)
      assigns[:stored_params].should_not be_nil
    end

    it "should set the submission count variables" do
      course(:active_all => 1)
      @section = @course.course_sections.create!(:name => 'section 2')
      @user2 = user_with_pseudonym(:active_all => true, :name => 'Student2', :username => 'student2@instructure.com')
      @section.enroll_user(@user2, 'StudentEnrollment', 'active')
      @user1 = user_with_pseudonym(:active_all => true, :name => 'Student1', :username => 'student1@instructure.com')
      @course.enroll_student(@user1)
      @ta1 = user_with_pseudonym(:active_all => true, :name => 'TA1', :username => 'ta1@instructure.com')
      @course.enroll_ta(@ta1).update_attribute(:limit_privileges_to_course_section, true)
      course_quiz
      @sub1 = @quiz.generate_submission(@user1)
      @sub2 = @quiz.generate_submission(@user2)
      @sub2.start_grading
      @sub2.update_attribute(:workflow_state, 'pending_review')

      user_session @teacher
      get 'show', :course_id => @course.id, :id => @quiz.id
      assigns[:submitted_student_count].should == 2
      assigns[:any_submissions_pending_review].should == true

      controller.js_env.clear

      user_session @ta1
      get 'show', :course_id => @course.id, :id => @quiz.id
      assigns[:submitted_student_count].should == 1
      assigns[:any_submissions_pending_review].should == false
    end

    it "should allow forcing authentication on public quiz pages" do
      course_with_student :active_all => 1
      @course.update_attribute :is_public, true
      course_quiz !!:active
      get 'show', :course_id => @course.id, :id => @quiz.id, :force_user => 1
      response.should be_redirect
      response.location.should match /login/
    end

    it "should set session[headless_quiz] if persist_headless param is sent" do
      course_with_student_logged_in :active_all => 1
      course_quiz !!:active
      get 'show', :course_id => @course.id, :id => @quiz.id, :persist_headless => 1
      controller.session[:headless_quiz].should be_true
      assigns[:headers].should be_false
    end

    it "should not render headers if session[:headless_quiz] is set" do
      course_with_student_logged_in :active_all => 1
      course_quiz !!:active
      controller.session[:headless_quiz] = true
      get 'show', :course_id => @course.id, :id => @quiz.id
      assigns[:headers].should be_false
    end

    it "assigns js_env for attachments if submission is present" do
      require 'action_controller_test_process'
      course_with_student_logged_in :active_all => true
      course_quiz !!:active
      submission = @quiz.generate_submission @user
      create_attachment_for_file_upload_submission!(submission)
      get 'show', :course_id => @course.id, :id => @quiz.id
      attachment = submission.attachments.first

      attach = assigns[:js_env][:ATTACHMENTS][attachment.id]
      attach[:id].should == attachment.id
      attach[:display_name].should == attachment.display_name
    end

    it "assigns js_env for versions if submission is present" do
      require 'action_controller_test_process'
      course_with_student_logged_in :active_all => true
      course_quiz !!:active
      submission = @quiz.generate_submission @user
      create_attachment_for_file_upload_submission!(submission)
      get 'show', :course_id => @course.id, :id => @quiz.id

      path = "courses/#{@course.id}/quizzes/#{@quiz.id}/submission_versions"
      assigns[:js_env][:SUBMISSION_VERSIONS_URL].should include(path)
    end

    it "doesn't show unpublished quizzes to students with draft state" do
      course_with_student_logged_in(active_all: true)
      course_quiz(active=true)
      Account.default.enable_feature!(:draft_state)
      @quiz.unpublish!
      get 'show', course_id: @course.id, id: @quiz.id
      response.should_not be_success
    end

    it 'logs a single asset access entry with an action level of "view"' do
      Setting.set('enable_page_views', 'db')

      course_with_teacher_logged_in(:active_all => true)
      course_quiz
      get 'show', :course_id => @course.id, :id => @quiz.id
      assigns[:access].should_not be_nil
      assigns[:accessed_asset].should_not be_nil
      assigns[:accessed_asset][:level].should == 'view'
      assigns[:access].view_score.should == 1
    end
  end

  describe "GET 'show' with fabulous quizzes enabled" do
    before :each do
      a = Account.default
      a.enable_feature! :draft_state
      a.enable_fabulous_quizzes!
      a.save!

      course_with_teacher_logged_in(:active_all => true)
      course_quiz
    end

    it "should redirect to fabulous quizzes app" do
      a = Account.default
      a.enable_fabulous_quizzes?.should eql true
      get 'show', :course_id => @course.id, :id => @quiz.id
      assert_redirected_to ember_urls.course_quiz_url(@quiz.id)
    end
  end

  describe "GET 'managed_quiz_data'" do
    it "should respect section privilege limitations" do
      course(:active_all => 1)
      @section = @course.course_sections.create!(:name => 'section 2')
      @user2 = user_with_pseudonym(:active_all => true, :name => 'Student2', :username => 'student2@instructure.com')
      @section.enroll_user(@user2, 'StudentEnrollment', 'active')
      @user1 = user_with_pseudonym(:active_all => true, :name => 'Student1', :username => 'student1@instructure.com')
      @course.enroll_student(@user1)
      @ta1 = user_with_pseudonym(:active_all => true, :name => 'TA1', :username => 'ta1@instructure.com')
      @course.enroll_ta(@ta1).update_attribute(:limit_privileges_to_course_section, true)
      course_quiz
      @sub1 = @quiz.generate_submission(@user1)
      @sub2 = @quiz.generate_submission(@user2)
      user_session @teacher
      get 'managed_quiz_data', :course_id => @course.id, :quiz_id => @quiz.id
      assigns[:submissions_from_users][@sub1.user_id].should == @sub1
      assigns[:submissions_from_users][@sub2.user_id].should == @sub2
      assigns[:submitted_students].sort_by(&:id).should == [@user1, @user2].sort_by(&:id)

      user_session @ta1
      get 'managed_quiz_data', :course_id => @course.id, :quiz_id => @quiz.id
      assigns[:submissions_from_users][@sub1.user_id].should == @sub1
      assigns[:submitted_students].should == [@user1]
    end

    it "should include survey results from logged out users in a public course" do
      #logged out user
      user = temporary_user_code

      #make questions
      questions = [{:question_data => { :name => "test 1" }},
        {:question_data => { :name => "test 2" }},
        {:question_data => { :name => "test 3" }},
        {:question_data => { :name => "test 4" }}]

      logged_out_survey_with_submission user, questions

      get 'managed_quiz_data', :course_id => @course.id, :quiz_id => @quiz.id

      assigns[:submissions_from_logged_out].should == [@quiz_submission]
      assigns[:submissions_from_users].should == {}
    end

    it "should include survey results from a logged-in user in a public course" do
      course_with_teacher_logged_in(:active_all => true)

      @user1 = user_with_pseudonym(:active_all => true, :name => 'Student1', :username => 'student1@instructure.com')
      @course.enroll_student(@user1)

      questions = [{:question_data => { :name => "test 1" }},
        {:question_data => { :name => "test 2" }},
        {:question_data => { :name => "test 3" }},
        {:question_data => { :name => "test 4" }}]

      @assignment = @course.assignments.create(:title => "Test Assignment")
      @assignment.workflow_state = "available"
      @assignment.submission_types = "online_quiz"
      @assignment.save
      @quiz = Quizzes::Quiz.find_by_assignment_id(@assignment.id)
      @quiz.anonymous_submissions = true
      @quiz.quiz_type = "survey"

      @questions = questions.map { |q| @quiz.quiz_questions.create!(q) }
      @quiz.generate_quiz_data
      @quiz.save!

      @quiz_submission = @quiz.generate_submission(@user1)
      @quiz_submission.mark_completed

      get 'managed_quiz_data', :course_id => @course.id, :quiz_id => @quiz.id

      assigns[:submissions_from_users][@quiz_submission.user_id].should == @quiz_submission
      assigns[:submitted_students].should == [@user1]
    end
  end

  describe "GET 'moderate'" do
    it "should require authorization" do
      course_with_teacher(:active_all => true)
      course_quiz
      get 'moderate', :course_id => @course.id, :quiz_id => @quiz.id
      assert_unauthorized
    end

    it "should assign variables" do
      @student = course_with_student(:active_all => true).user
      course_with_teacher_logged_in(:course => @course, :active_all => true)
      course_quiz
      @sub = @quiz.generate_submission(@student)
      get 'moderate', :course_id => @course.id, :quiz_id => @quiz.id
      assigns[:quiz].should == @quiz
      assigns[:students].should == [@student]
      assigns[:submissions].should == [@sub]
    end

    it "should respect section privilege limitations" do
      course_with_teacher(:active_all => 1)
      @section = @course.course_sections.create!(:name => 'section 2')
      @user2 = user_with_pseudonym(:active_all => true, :name => 'Student2', :username => 'student2@instructure.com')
      @section.enroll_user(@user2, 'StudentEnrollment', 'active')
      @user1 = user_with_pseudonym(:active_all => true, :name => 'Student1', :username => 'student1@instructure.com')
      @course.enroll_student(@user1)
      @ta1 = user_with_pseudonym(:active_all => true, :name => 'TA1', :username => 'ta1@instructure.com')
      @course.enroll_ta(@ta1).update_attribute(:limit_privileges_to_course_section, true)
      course_quiz
      @sub1 = @quiz.generate_submission(@user1)
      @sub2 = @quiz.generate_submission(@user2)

      user_session @teacher
      get 'moderate', :course_id => @course.id, :quiz_id => @quiz.id
      assigns[:students].sort_by(&:id).should == [@user1, @user2].sort_by(&:id)
      assigns[:submissions].sort_by(&:id).should == [@sub1, @sub2].sort_by(&:id)

      user_session @ta1
      get 'moderate', :course_id => @course.id, :quiz_id => @quiz.id
      assigns[:students].should == [@user1]
      assigns[:submissions].should == [@sub1]
    end
  end

  describe "GET 'moderate' with fabulous quizzes enabled" do
    before :each do
      a = Account.default
      a.enable_feature! :draft_state
      a.enable_fabulous_quizzes!
      a.save!

      course_with_teacher_logged_in(:active_all => true)
      course_quiz
    end

    it "should redirect to fabulous quizzes app" do
      a = Account.default
      a.enable_fabulous_quizzes?.should eql true
      get 'moderate', :course_id => @course.id, :quiz_id => @quiz.id
      assert_redirected_to ember_urls.course_quiz_moderate_url(@quiz.id)
    end
  end

  describe "POST 'take'" do
    it "should require authorization" do
      course_with_student(:active_all => true)
      course_quiz(true)
      post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
      assert_unauthorized
    end

    it "should allow taking the quiz" do
      course_with_student_logged_in(:active_all => true)
      course_quiz(true)
      post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
      response.should redirect_to("/courses/#{@course.id}/quizzes/#{@quiz.id}/take")
    end

    context 'asset access logging' do
      before :each do
        Setting.set('enable_page_views', 'db')

        course_with_teacher_logged_in(:active_all => true)
        course_quiz
      end

      it 'should log a single entry with an action level of "participate"' do
        post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
        assigns[:access].should_not be_nil
        assigns[:accessed_asset].should_not be_nil
        assigns[:accessed_asset][:level].should == 'participate'
        assigns[:access].participate_score.should == 1
      end

      it 'should not log entries when resuming the quiz' do
        post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
        assigns[:access].should_not be_nil
        assigns[:accessed_asset].should_not be_nil
        assigns[:accessed_asset][:level].should == 'participate'
        assigns[:access].participate_score.should == 1

        # Since the second request we will make is handled by the same controller
        # instance, @accessed_asset must be reset otherwise
        # ApplicationController#log_page_view will use it to log another entry.
        controller.instance_variable_set('@accessed_asset', nil)
        controller.js_env.clear

        post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
        assigns[:access].participate_score.should == 1
      end
    end

    context 'verification' do
      before do
        course_with_student_logged_in(:active_all => true)
        course_quiz(true)
        @quiz.access_code = 'bacon'
        @quiz.save!
      end

      it "should render verification page if password required" do
        post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
        response.should render_template('access_code')
      end

      it "shouldn't let you in on a bad access code" do
        post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1', :access_code => 'wrongpass'
        response.should_not be_redirect
        response.should render_template('access_code')
      end

      it "should send you to take with the right access code" do
        post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1', :access_code => 'bacon'
        response.should redirect_to("/courses/#{@course.id}/quizzes/#{@quiz.id}/take")
      end


      it "should not ask for the access code again if you reload the quiz" do
        get 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1', :access_code => 'bacon'
        response.should_not be_redirect
        response.should_not render_template('access_code')

        controller.js_env.clear

        get 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
        response.should_not render_template('access_code')
      end
    end

    it "should not let them take the quiz if it's locked" do
      course_with_student_logged_in(:active_all => true)
      course_quiz(true)
      @quiz.locked = true
      @quiz.save!
      post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
      response.should render_template('show')
      assigns[:locked].should_not be_nil
    end

    it "should let them take the quiz if it's locked but unlocked by an override" do
      course_with_student_logged_in(:active_all => true)
      course_quiz(true)
      @quiz.lock_at = Time.now
      @quiz.save!
      override = AssignmentOverride.new
      override.title = "ADHOC quiz override"
      override.quiz = @quiz
      override.lock_at = Time.now + 1.day
      override.lock_at_overridden = true
      override.save!
      override_student = override.assignment_override_students.build
      override_student.user = @user
      override_student.save!
      post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
      response.should redirect_to("/courses/#{@course.id}/quizzes/#{@quiz.id}/take")
    end

    it "should let them take the quiz if it's locked but they've been explicitly unlocked" do
      course_with_student_logged_in(:active_all => true)
      course_quiz(true)
      @quiz.locked = true
      @quiz.save!
      @sub = Quizzes::SubmissionManager.new(@quiz).find_or_create_submission(@user, nil, 'settings_only')
      @sub.manually_unlocked = true
      @sub.save!
      post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
      response.should redirect_to("/courses/#{@course.id}/quizzes/#{@quiz.id}/take")
    end

    it "should use default duration if no extensions specified" do
      course_with_student_logged_in(:active_all => true)
      course_quiz(true)
      @quiz.time_limit = 60
      @quiz.save!
      post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
      response.should redirect_to("/courses/#{@course.id}/quizzes/#{@quiz.id}/take")
      assigns[:submission].should_not be_nil
      assigns[:submission].user.should eql(@user)
      (assigns[:submission].end_at - assigns[:submission].started_at).to_i.should eql(60.minutes.to_i)
    end

    it "should give user more time if specified" do
      course_with_student_logged_in(:active_all => true)
      course_quiz(true)
      @quiz.time_limit = 60
      @quiz.save!
      @sub = Quizzes::SubmissionManager.new(@quiz).find_or_create_submission(@user, nil, 'settings_only')
      @sub.extra_time = 30
      @sub.save!
      post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
      response.should redirect_to("/courses/#{@course.id}/quizzes/#{@quiz.id}/take")
      assigns[:submission].should_not be_nil
      assigns[:submission].user.should eql(@user)
      (assigns[:submission].end_at - assigns[:submission].started_at).to_i.should eql(90.minutes.to_i)
    end

    it "should render ip_filter page if ip_filter doesn't match" do
      course_with_student_logged_in(:active_all => true)
      course_quiz(true)
      @quiz.ip_filter = '123.123.123.123'
      @quiz.save!
      post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
      response.should render_template('invalid_ip')
    end

    it "should let the user take the quiz if the ip_filter matches" do
      course_with_student_logged_in(:active_all => true)
      course_quiz(true)
      @quiz.ip_filter = '123.123.123.123'
      @quiz.save!
      request.env['REMOTE_ADDR'] = '123.123.123.123'
      post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
      response.should redirect_to("/courses/#{@course.id}/quizzes/#{@quiz.id}/take")
    end

    it "should work without a user for non-graded quizzes in public courses" do
      course_with_student :active_all => true
      @course.update_attribute :is_public, true
      course_quiz :active
      @quiz.update_attribute :quiz_type, 'practice_quiz'
      post 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
      response.should redirect_to("/courses/#{@course.id}/quizzes/#{@quiz.id}/take")
    end
  end

  describe "GET 'take'" do
    it "should require authorization" do
      course_with_student(:active_all => true)
      course_quiz(true)
      get 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
      assert_unauthorized
    end

    it "should render the quiz page if the user hasn't started the quiz" do
      course_with_student_logged_in(:active_all => true)
      course_quiz(true)
      get 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
      response.should render_template('show')
    end

    it "should render ip_filter page if the ip_filter stops matching" do
      course_with_student_logged_in(:active_all => true)
      course_quiz(true)
      @quiz.ip_filter = '123.123.123.123'
      @quiz.save!
      @quiz.generate_submission(@user)

      get 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
      response.should render_template('invalid_ip')
    end

    it "should allow taking the quiz" do
      course_with_student_logged_in(:active_all => true)
      course_quiz(true)
      @quiz.generate_submission(@user)

      get 'show', :course_id => @course, :quiz_id => @quiz.id, :take => '1'
      response.should render_template('take_quiz')
      assigns[:submission].should_not be_nil
      assigns[:submission].user.should eql(@user)
    end

    context "when the ID of a question is passed in" do
      before do
        course_with_student_logged_in(:active_all => true)
        course_quiz(true)
        @quiz.generate_submission(@user)
      end

      context "a valid question" do
        it "renders take_quiz" do
          Quizzes::QuizzesController.any_instance.stubs(:valid_question?).returns(true)
          get 'show', :course_id => @course, :quiz_id => @quiz.id, :question_id => '1', :take => '1'
          response.should render_template('take_quiz')
        end
      end

      context "a question not in this quiz" do
        it "redirects to the main quiz page" do
          Quizzes::QuizzesController.any_instance.stubs(:valid_question?).returns(false)
          get 'show', :course_id => @course, :quiz_id => @quiz.id, :question_id => '1', :take => '1'
          response.should redirect_to course_quiz_url(@course, @quiz)
        end
      end
    end

    describe "valid_question?" do
      let(:submission) { mock }

      context "when the passed in question ID is in the submission" do
        it "returns true" do
          submission.stubs(:has_question?).with(1).returns(true)
          controller.send(:valid_question?, submission, 1).should be_true
        end
      end

      context "when the question ID isn't part of the submission" do
        it "returns false" do
          submission.stubs(:has_question?).with(1).returns(false)
          controller.send(:valid_question?, submission, 1).should be_false
        end
      end
    end
  end

  describe "GET 'history'" do
    it "should require authorization" do
      course_with_teacher(:active_all => true)
      course_quiz
      get 'history', :course_id => @course.id, :quiz_id => @quiz.id
      assert_unauthorized
    end

    it "should redirect if there are no submissions for the user" do
      course_with_student_logged_in(:active_all => true)
      course_quiz
      get 'history', :course_id => @course.id, :quiz_id => @quiz.id
      response.should be_redirect
      response.should redirect_to("/courses/#{@course.id}/quizzes/#{@quiz.id}")
    end

    it "should assign variables" do
      course_with_student_logged_in(:active_all => true)
      course_quiz
      @submission = @quiz.generate_submission(@user)
      get 'history', :course_id => @course.id, :quiz_id => @quiz.id

      response.should be_success
      assigns[:user].should_not be_nil
      assigns[:user].should eql(@user)
      assigns[:quiz].should_not be_nil
      assigns[:quiz].should eql(@quiz)
      assigns[:submission].should_not be_nil
      assigns[:submission].should eql(@submission)
    end

    it "should find the observed submissions" do
      course_with_student(:active_all => true)
      course_quiz
      @submission = @quiz.generate_submission(@student)
      @observer = user
      @enrollment = @course.enroll_user(@observer, 'ObserverEnrollment', :enrollment_state => 'active')
      @enrollment.update_attribute(:associated_user, @student)
      user_session(@observer)
      get 'history', :course_id => @course.id, :quiz_id => @quiz.id, :user_id => @student.id

      response.should be_success
      assigns[:user].should_not be_nil
      assigns[:user].should eql(@student)
      assigns[:quiz].should_not be_nil
      assigns[:quiz].should eql(@quiz)
      assigns[:submission].should_not be_nil
      assigns[:submission].should eql(@submission)
    end

    it "should not allow viewing other submissions if not a teacher" do
      u = user(:active_all => true)
      course_with_student_logged_in(:active_all => true)
      course_quiz
      s = @quiz.generate_submission(u)
      @submission = @quiz.generate_submission(@user)
      get 'history', :course_id => @course.id, :quiz_id => @quiz.id, :user_id => u.id
      response.should_not be_success
    end

    it "should allow viewing other submissions if a teacher" do
      u = user(:active_all => true)
      course_with_teacher_logged_in(:active_all => true)
      @course.enroll_student(u)
      course_quiz
      s = @quiz.generate_submission(u)
      @submission = @quiz.generate_submission(@user)
      get 'history', :course_id => @course.id, :quiz_id => @quiz.id, :user_id => u.id

      response.should be_success
      assigns[:user].should_not be_nil
      assigns[:user].should eql(u)
      assigns[:quiz].should_not be_nil
      assigns[:quiz].should eql(@quiz)
      assigns[:submission].should_not be_nil
      assigns[:submission].should eql(s)
    end

    it "should not allow student viewing if the assignment is muted" do
      u = user(:active_all => true)
      course_with_student_logged_in(:active_all => true)
      course_quiz
      @quiz.generate_quiz_data
      @quiz.workflow_state = 'available'
      @quiz.published_at = Time.now
      @quiz.save

      @quiz.assignment.should_not be_nil
      @quiz.assignment.mute!
      s = @quiz.generate_submission(u)
      @submission = @quiz.generate_submission(@user)
      get 'history', :course_id => @course.id, :quiz_id => @quiz.id, :user_id => u.id

      response.should be_redirect
      response.should redirect_to("/courses/#{@course.id}/quizzes/#{@quiz.id}")
      flash[:notice].should match(/You cannot view the quiz history while the quiz is muted/)
    end

    it "should allow teacher viewing if the assignment is muted" do
      u = user(:active_all => true)
      course_with_teacher_logged_in(:active_all => true)
      @course.enroll_student(u)

      course_quiz
      @quiz.generate_quiz_data
      @quiz.workflow_state = 'available'
      @quiz.published_at = Time.now
      @quiz.save

      @quiz.assignment.should_not be_nil
      @quiz.assignment.mute!
      s = @quiz.generate_submission(u)
      @submission = @quiz.generate_submission(@user)
      get 'history', :course_id => @course.id, :quiz_id => @quiz.id, :user_id => u.id

      response.should be_success
    end
  end

  describe "POST 'create'" do
    it "should require authorization" do
      course_with_teacher(:active_all => true)
      post 'create', :course_id => @course.id
      assert_unauthorized
    end

    it "should not allow students to create quizzes" do
      course_with_student_logged_in(:active_all => true)
      post 'create', :course_id => @course.id, :quiz => {:title => "some quiz"}
      assert_unauthorized
    end

    it "should create quiz" do
      course_with_teacher_logged_in(:active_all => true)
      post 'create', :course_id => @course.id, :quiz => {:title => "some quiz"}
      assigns[:quiz].should_not be_nil
      assigns[:quiz].title.should eql("some quiz")
      response.should be_success
    end

    it "creates quizzes with overrides" do
      course_with_teacher_logged_in(:active_all => true)
      section = @course.course_sections.create!
      course_due_date = 3.days.from_now.iso8601
      section_due_date = 5.days.from_now.iso8601
      post 'create', :course_id => @course.id,
        :quiz => {
          :title => "overridden quiz",
          :due_at => course_due_date,
          :assignment_overrides => [{
            :course_section_id => section.id,
            :due_at => section_due_date,
          }]
        }
      response.should be_success
      quiz = assigns[:quiz].overridden_for(@user)
      overrides = quiz.overrides_visible_to(@user)
      overrides.length.should == 1
      overrides.first[:due_at].iso8601.should == section_due_date
    end
  end

  describe "PUT 'update'" do
    it "should require authorization" do
      course_with_teacher(:active_all => true)
      course_quiz
      put 'update', :course_id => @course.id, :id => @quiz.id, :quiz => {:title => "test"}
      assert_unauthorized
    end

    it "should not allow students to update quizzes" do
      course_with_student_logged_in(:active_all => true)
      course_quiz
      post 'update', :course_id => @course.id, :id => @quiz.id, :quiz => {:title => "some quiz"}
      assert_unauthorized
    end

    it "should update quizzes" do
      course_with_teacher_logged_in(:active_all => true)
      course_quiz
      post 'update', :course_id => @course.id, :id => @quiz.id, :quiz => {:title => "some quiz"}
      assigns[:quiz].should_not be_nil
      assigns[:quiz].should eql(@quiz)
      assigns[:quiz].title.should eql("some quiz")
    end

    it "should be able to change ungraded survey to quiz without error" do
      # aka should handle the case where the quiz's assignment is nil/not present.
      course_with_teacher_logged_in(active_all: true)
      course_quiz
      @quiz.update_attributes(quiz_type: 'ungraded_survey')
      # make sure the assignment doesn't exist
      @quiz.assignment = nil if @quiz.context.feature_enabled?(:draft_state)
      @quiz.assignment.should_not be_present
      post 'update', course_id: @course.id, id: @quiz.id, activate: true,
        quiz: {quiz_type: 'assignment'}
      response.should be_redirect
      @quiz.reload.quiz_type.should == 'assignment'
      @quiz.should be_available
      @quiz.assignment.should be_present
    end

    it "should lock and unlock without removing assignment" do
      course_with_teacher_logged_in(:active_all => true)
      a = @course.assignments.create!(:title => "some assignment", :points_possible => 5)
      a.points_possible.should eql(5.0)
      a.submission_types.should_not eql("online_quiz")
      @quiz = @course.quizzes.build(:assignment_id => a.id, :title => "some quiz", :points_possible => 10)
      @quiz.workflow_state = 'available'
      @quiz.save
      post 'update', :course_id => @course.id, :id => @quiz.id, :quiz => {"locked" => "true"}
      @quiz.reload
      @quiz.assignment.should_not be_nil
      post 'update', :course_id => @course.id, :id => @quiz.id, :quiz => {"locked" => "false"}
      @quiz.reload
      @quiz.assignment.should_not be_nil
    end

    it "updates overrides for a quiz" do
      course_with_teacher_logged_in(:active_all => true)
      quiz = @course.quizzes.build( :title => "Update Overrides Quiz")
      quiz.save!
      section = @course.course_sections.build
      section.save!
      course_due_date = 3.days.from_now.iso8601
      section_due_date = 5.days.from_now.iso8601
      quiz.save!
      post 'update', :course_id => @course.id,
        :id => quiz.id,
        :quiz => {
          :title => "overridden quiz",
          :due_at => course_due_date,
          :assignment_overrides => [{
            :course_section_id => section.id,
            :due_at => section_due_date,
            :due_at_overridden => true
          }]
        }
      quiz = quiz.reload.overridden_for(@user)
      overrides = quiz.overrides_visible_to(@user)
      overrides.length.should == 1
    end

    it "deletes overrides for a quiz if assignment_overrides params is 'false'" do
      course_with_teacher_logged_in(:active_all => true)
      quiz = @course.quizzes.build(:title => "Delete overrides!")
      quiz.save!
      section = @course.course_sections.create!(:name => "VDD Course Section")
      override = AssignmentOverride.new
      override.set_type = 'CourseSection'
      override.set = section
      override.due_at = Time.zone.now
      override.quiz = quiz
      override.save!
      course_due_date = 3.days.from_now.iso8601
      post 'update', :course_id => @course.id,
        :id => quiz.id,
        :quiz => {
          :title => "overridden quiz",
          :due_at => course_due_date,
          :assignment_overrides => "false"
        }
      quiz.reload.assignment_overrides.active.should be_empty
    end

    it 'updates the quiz with the correct times for fancy midnight' do
      time = Time.local(2013,3,13,0,0).in_time_zone
      course_with_teacher_logged_in(:active_all => true)
      quiz = @course.quizzes.build(:title => "Test that fancy midnight, baby!")
      quiz.save!
      post :update, :course_id => @course.id,
        :id => quiz.id,
        :quiz => {
          :due_at => time,
          :lock_at => time,
          :unlock_at => time
        }
      quiz.reload
      quiz.due_at.to_i.should == CanvasTime.fancy_midnight(time).to_i
      quiz.lock_at.to_i.should == CanvasTime.fancy_midnight(time).to_i
      quiz.unlock_at.to_i.should == time.to_i
    end

    context 'notifications' do
      before do
        @notification = Notification.create(:name => 'Assignment Due Date Changed')

        course_with_teacher_logged_in(:active_all => true)
        @section = @course.course_sections.create!

        student_in_course(:active_all => true)
        @student.communication_channels.create(:path => "student@instructure.com").confirm!
        @student.email_channel.notification_policies.
          find_or_create_by_notification_id(@notification.id).
          update_attribute(:frequency, 'immediately')

        course_quiz
        @quiz.generate_quiz_data
        @quiz.workflow_state = 'available'
        @quiz.published_at = Time.now
        @quiz.save!

        @quiz.update_attribute(:created_at, 1.day.ago)
        @quiz.assignment.update_attribute(:created_at, 1.day.ago)

      end

      it "should send due date changed if notify_of_update is set" do
        course_due_date = 2.days.from_now
        section_due_date = 3.days.from_now
        post 'update', :course_id => @course.id,
          :id => @quiz.id,
          :quiz => {
            :title => "overridden quiz",
            :due_at => course_due_date.iso8601,
            :assignment_overrides => [{
              :course_section_id => @section.id,
              :due_at => section_due_date.iso8601,
              :due_at_overridden => true
            }],
            :notify_of_update => true
          }
        @student.messages.detect{|m| m.notification_id == @notification.id}.should_not be_nil
      end

      it "should send due date changed if notify_of_update is not set" do
        course_due_date = 2.days.from_now
        section_due_date = 3.days.from_now
        post 'update', :course_id => @course.id,
          :id => @quiz.id,
          :quiz => {
            :title => "overridden quiz",
            :due_at => course_due_date.iso8601,
            :assignment_overrides => [{
              :course_section_id => @section.id,
              :due_at => section_due_date.iso8601,
              :due_at_overridden => true
            }]
          }

        @student.messages.detect{ |m| m.notification_id == @notification.id }.should_not be_nil
      end
    end
  end

  describe "GET 'statistics'" do
    it "should allow concluded teachers to see a quiz's statistics" do
      course_with_teacher_logged_in(:active_all => true)
      course_quiz
      @enrollment.conclude
      get 'statistics', :course_id => @course.id, :quiz_id => @quiz.id
      response.should be_success
      response.should render_template('statistics')
    end

    context "logged out submissions" do
      integrate_views

      it "should include logged_out users' submissions in a public course" do
        #logged_out user
        user = temporary_user_code

        #make questions
        questions = [{:question_data => { :name => "test 1" }},
          {:question_data => { :name => "test 2" }},
          {:question_data => { :name => "test 3" }},
          {:question_data => { :name => "test 4" }}]

        logged_out_survey_with_submission user, questions

        #non logged_out submissions
        @user1 = user_with_pseudonym(:active_all => true, :name => 'Student1', :username => 'student1@instructure.com')
        @quiz_submission1 = @quiz.generate_submission(@user1)
        Quizzes::SubmissionGrader.new(@quiz_submission1).grade_submission

        @user2 = user_with_pseudonym(:active_all => true, :name => 'Student2', :username => 'student2@instructure.com')
        @quiz_submission2 = @quiz.generate_submission(@user2)
        Quizzes::SubmissionGrader.new(@quiz_submission2).grade_submission

        @course.large_roster = false
        @course.save!


        get 'statistics', :course_id => @course.id, :quiz_id => @quiz.id, :all_versions => '1'
        response.should be_success
        response.body.should match /Logged Out User/
        response.should render_template('statistics')
      end
    end

    it "should show the statistics page if the course is a MOOC" do
      course_with_teacher_logged_in(:active_all => true)
      @course.large_roster = true
      @course.save!
      course_quiz
      get 'statistics', :course_id => @course.id, :quiz_id => @quiz.id
      response.should be_success
      response.should render_template('statistics')
    end
  end

  describe "GET 'statistics' with fabulous quizzes enabled" do
    before :each do
      a = Account.default
      a.enable_feature! :draft_state
      a.enable_fabulous_quizzes!
      a.save!

      course_with_teacher_logged_in(:active_all => true)
      course_quiz
    end

    it "should redirect to fabulous quizzes app" do
      a = Account.default
      a.enable_fabulous_quizzes?.should eql true
      get 'statistics', :course_id => @course.id, :quiz_id => @quiz.id
      assert_redirected_to ember_urls.course_quiz_statistics_url(@quiz.id)
    end
  end

  describe "GET 'read_only'" do
    it "should allow concluded teachers to see a read-only view of a quiz" do
      course_with_teacher_logged_in(:active_all => true)
      course_quiz
      get 'read_only', :course_id => @course.id, :quiz_id => @quiz.id
      response.should be_success
      response.should render_template('read_only')

      @enrollment.conclude
      controller.js_env.clear
      get 'read_only', :course_id => @course.id, :quiz_id => @quiz.id
      response.should be_success
      response.should render_template('read_only')
    end

    it "should not allow students to see a read-only view of a quiz" do
      course_with_student_logged_in(:active_all => true)
      course_quiz
      get 'read_only', :course_id => @course.id, :quiz_id => @quiz.id
      assert_unauthorized

      @enrollment.conclude
      get 'read_only', :course_id => @course.id, :quiz_id => @quiz.id
      assert_unauthorized
    end
  end

  describe "DELETE 'destroy'" do
    it "should require authorization" do
      course_with_teacher(:active_all => true)
      course_quiz
      delete 'destroy', :course_id => @course.id, :id => @quiz.id
      assert_unauthorized
    end

    it "should not allow students to delete quizzes" do
      course_with_student_logged_in(:active_all => true)
      course_quiz
      delete 'destroy', :course_id => @course.id, :id => @quiz.id
      assert_unauthorized
    end

    it "should delete quizzes" do
      course_with_teacher_logged_in(:active_all => true)
      course_quiz
      delete 'destroy', :course_id => @course.id, :id => @quiz.id
      assigns[:quiz].should_not be_nil
      assigns[:quiz].should eql(@quiz)
      assigns[:quiz].should be_deleted
    end
  end

  describe "POST 'publish'" do
    it "should require authorization" do
      course_with_teacher(:active_all => true)
      course_quiz
      post 'publish', :course_id => @course.id, :quizzes => [@quiz.id]
      assert_unauthorized
    end

    it "should publish unpublished quizzes" do
      course_with_teacher_logged_in(:active_all => true)
      @quiz = @course.quizzes.build(:title => "New quiz!")
      @quiz.save!

      @quiz.published?.should be_false
      post 'publish', :course_id => @course.id, :quizzes => [@quiz.id]

      @quiz.reload.published?.should be_true
    end
  end

  describe "GET 'submission_html'" do

    before do
      course_with_teacher_logged_in(active_all: true)
      course_quiz(true)
    end

    it "renders nothing if there's no submission for current user" do
      get 'submission_html', course_id: @course.id, quiz_id: @quiz.id
      response.should be_success
      response.body.strip.should be_empty
    end

    it "renders submission html if there is a submission" do
      sub = @quiz.generate_submission(@teacher)
      sub.mark_completed
      sub.save!
      get 'submission_html', course_id: @course.id, quiz_id: @quiz.id
      response.should be_success
      template = if CANVAS_RAILS2
        "quizzes/quizzes/submission_html.html.erb"
      else
        "quizzes/submission_html"
      end
      response.should render_template(template)
    end
  end

  describe "POST 'unpublish'" do
    it "should require authorization" do
      course_with_teacher(:active_all => true)
      course_quiz
      post 'unpublish', :course_id => @course.id, :quizzes => [@quiz.id]
      assert_unauthorized
    end

    it "should unpublish published quizzes" do
      course_with_teacher_logged_in(:active_all => true)
      @quiz = @course.quizzes.build(:title => "New quiz!")
      @quiz.publish!

      @quiz.published?.should be_true
      post 'unpublish', :course_id => @course.id, :quizzes => [@quiz.id]

      @quiz.reload.published?.should be_false
    end
  end

  describe "GET submission_versions" do
    it "requires authorization" do
      course_with_teacher(:active_all => true)
      course_quiz
      get 'submission_versions', :course_id => @course.id, :quiz_id => @quiz.id
      assert_unauthorized
      assigns[:quiz].should_not be_nil
      assigns[:quiz].should eql(@quiz)
    end

    it "assigns variables" do
      course_with_teacher_logged_in(:active_all => true)
      course_quiz
      submission = @quiz.generate_submission @user
      create_attachment_for_file_upload_submission!(submission)
      get 'submission_versions', :course_id => @course.id, :quiz_id => @quiz.id
      assigns[:quiz].should_not be_nil
      assigns[:quiz].should eql(@quiz)
      assigns[:submission].should_not be_nil
      assigns[:versions].should_not be_nil
    end

    it "should render nothing if quiz is muted" do
      course_with_teacher_logged_in(:active_all => true)
      course_quiz

      submission = @quiz.generate_submission @user

      assignment = @course.assignments.create(:title => "Test Assignment")
      assignment.workflow_state = "available"
      assignment.submission_types = "online_quiz"
      assignment.muted = true
      assignment.save!
      @quiz.assignment = assignment

      get 'submission_versions', :course_id => @course.id, :quiz_id => @quiz.id
      response.should be_success
      response.body.should match(/^\s?$/)
    end
  end

end