don't show courses dropdown on grades page for linked observers

The grades page for a student has a dropdown to let them quickly jump between grades pages for different courses. The dropdown was also appearing for linked observers, who don't necessarily have access to grades for the student's other courses. This dropdown should now only appear for the student. fixes #6388 test plan: - create a student in more than one course - masquerade as that student - make sure the dropdown appears on the course grades page - link an observer to the student and masquerade as the observer - make sure the dropdown does not appear - stop masquerading and view the grades page for the student - make sure the dropdown does not appear Change-Id: I99f2b4361df964663f72b16084604740d6b9f17f Reviewed-on: https://gerrit.instructure.com/7119 Tested-by: Jenkins <[email protected]> Reviewed-by: Jacob Fugal <[email protected]>
jiniaoxu · Jun 28, 2012 · 34de454 · 34de454
1 parent be6cf8c
commit 34de454
Show file tree

Hide file tree

Showing 4 changed files with 55 additions and 5 deletions.
diff --git a/app/controllers/gradebooks_controller.rb b/app/controllers/gradebooks_controller.rb
@@ -68,7 +68,9 @@ def grade_summary
           # Yes, fetch *all* submissions for this course; otherwise the view will end up doing a query for each
           # assignment in order to calculate grade distributions
           @all_submissions = @context.submissions.all(:select => "submissions.assignment_id, submissions.score, submissions.grade, submissions.quiz_submission_id")
-          @courses_with_grades = @student.available_courses.select{|c| c.grants_right?(@student, nil, :participate_as_student)}
+          if @student == @current_user
+            @courses_with_grades = @student.available_courses.select{|c| c.grants_right?(@student, nil, :participate_as_student)}
+          end
           format.html { render :action => 'grade_summary' }
         else
           format.html { render :action => 'grade_summary_list' }

diff --git a/app/views/gradebooks/grade_summary.html.erb b/app/views/gradebooks/grade_summary.html.erb
@@ -70,7 +70,7 @@
  <% end %>
 <% }) %>
 </h2>
-<% if @courses_with_grades.length > 1 %>
+<% if @courses_with_grades && @courses_with_grades.length > 1 %>
   <div style="margin-left: 10px;">
   <%= t(:for_course, "For the course,") %>
   <select id="course_url">

diff --git a/spec/controllers/gradebooks_controller_spec.rb b/spec/controllers/gradebooks_controller_spec.rb
@@ -44,6 +44,7 @@
       response.should render_template('grade_summary')
       get 'grade_summary', :course_id => @course.id, :id => @user.id
       response.should render_template('grade_summary')
+      assigns[:courses_with_grades].should_not be_nil
     end
 
     it "should not allow access for wrong user" do
@@ -68,6 +69,7 @@
       @user.reload
       get 'grade_summary', :course_id => @course.id, :id => @student.id
       response.should render_template('grade_summary')
+      assigns[:courses_with_grades].should be_nil
     end
 
     it "should allow concluded teachers to see a student grades pages" do
@@ -79,6 +81,7 @@
       get 'grade_summary', :course_id => @course.id, :id => @student.id
       response.should be_success
       response.should render_template('grade_summary')
+      assigns[:courses_with_grades].should be_nil
     end
 
     it "should allow concluded students to see their grades pages" do
@@ -87,6 +90,51 @@
       get 'grade_summary', :course_id => @course.id, :id => @user.id
       response.should render_template('grade_summary')
     end
+
+    it "give a student the option to switch between courses" do
+      teacher = user_with_pseudonym(:username => '[email protected]', :active_all => 1)
+      student = user_with_pseudonym(:username => '[email protected]', :active_all => 1)
+      course1 = course_with_teacher(:user => teacher, :active_all => 1).course
+      student_in_course :user => student, :active_all => 1
+      course2 = course_with_teacher(:user => teacher, :active_all => 1).course
+      student_in_course :user => student, :active_all => 1
+      user_session(student)
+      get 'grade_summary', :course_id => @course.id, :id => student.id
+      response.should be_success
+      assigns[:courses_with_grades].should_not be_nil
+      assigns[:courses_with_grades].length.should == 2
+    end
+
+    it "should not give a teacher the option to switch between courses when viewing a student's grades" do
+      teacher = user_with_pseudonym(:username => '[email protected]', :active_all => 1)
+      student = user_with_pseudonym(:username => '[email protected]', :active_all => 1)
+      course1 = course_with_teacher(:user => teacher, :active_all => 1).course
+      student_in_course :user => student, :active_all => 1
+      course2 = course_with_teacher(:user => teacher, :active_all => 1).course
+      student_in_course :user => student, :active_all => 1
+      user_session(teacher)
+      get 'grade_summary', :course_id => @course.id, :id => student.id
+      response.should be_success
+      assigns[:courses_with_grades].should be_nil
+    end
+
+    it "should not give a linked observer the option to switch between courses when viewing a student's grades" do
+      teacher = user_with_pseudonym(:username => '[email protected]', :active_all => 1)
+      student = user_with_pseudonym(:username => '[email protected]', :active_all => 1)
+      observer = user_with_pseudonym(:username => '[email protected]', :active_all => 1)
+      course1 = course_with_teacher(:user => teacher, :active_all => 1).course
+      student_in_course :user => student, :active_all => 1
+      course2 = course_with_teacher(:user => teacher, :active_all => 1).course
+      student_in_course :user => student, :active_all => 1
+      oe = course1.enroll_user(observer, 'ObserverEnrollment')
+      oe.associated_user = student
+      oe.save!
+      oe.accept
+      user_session(observer)
+      get 'grade_summary', :course_id => @course.id, :id => student.id
+      response.should be_success
+      assigns[:courses_with_grades].should be_nil
+    end
   end
 
   describe "GET 'show'" do

diff --git a/spec/selenium/courses_spec.rb b/spec/selenium/courses_spec.rb
@@ -205,14 +205,14 @@ def find_wizard_box
       end
     end
 
-    it "should not redirect to the gradebook when switching courses when viewing a student's grades" do
+    it "should  redirect to the gradebook when switching courses when viewing a student's grades" do
       teacher = user_with_pseudonym(:username => '[email protected]', :active_all => 1)
       student = user_with_pseudonym(:username => '[email protected]', :active_all => 1)
       course1 = course_with_teacher_logged_in(:user => teacher, :active_all => 1).course
       student_in_course :user => student, :active_all => 1
       course2 = course_with_teacher(:user => teacher, :active_all => 1).course
       student_in_course :user => student, :active_all => 1
-      create_session(teacher.pseudonyms.first, false)
+      create_session(student.pseudonyms.first, false)
 
       get "/courses/#{course1.id}/grades/#{student.id}"
 
@@ -222,7 +222,7 @@ def find_wizard_box
       select.click
       find_with_jquery('#course_url option:not([selected])').click
 
-      driver.current_url.should match %r{/courses/#{course2.id}/grades/#{student.id}}
+      driver.current_url.should match %r{/courses/#{course2.id}/grades}
     end
   end