Merge pull request #1860 from openstax/teacher_view

Teacher preview assignments

Author: Dantemss

app/access_policies/note_access_policy.rb

@@ -6,7 +6,7 @@ def self.action_allowed?(action, requestor, note)
     when :index, :read
       true
     when :create, :update, :destroy
-      note.role.role_user.user_profile_id == requestor.id
+      note.role.user_profile_id == requestor.id
     else
       false
     end

app/access_policies/period_access_policy.rb

@@ -8,7 +8,7 @@ def self.action_allowed?(action, requestor, period)
     when :read
       UserIsCourseStudent[user: requestor, course: course] ||
       UserIsCourseTeacher[user: requestor, course: course]
-    when :create, :update, :destroy, :restore
+    when :create, :update, :destroy, :restore, :teacher_student
       UserIsCourseTeacher[user: requestor, course: course]
     else
       false

app/access_policies/research_survey_access_policy.rb

@@ -5,7 +5,7 @@ def self.action_allowed?(action, requestor, survey)
 
     case action
     when :complete
-      survey.student.role.role_user.user_profile_id == requestor.id
+      survey.student.role.user_profile_id == requestor.id
     else
       false
     end

app/access_policies/role_access_policy.rb

@@ -0,0 +1,12 @@
+class RoleAccessPolicy
+  def self.action_allowed?(action, requestor, role)
+    return false if !requestor.is_human? || requestor.is_anonymous?
+
+    case action
+    when :become
+      role.user_profile_id == requestor.id
+    else
+      false
+    end
+  end
+end

app/access_policies/student_access_policy.rb

@@ -5,13 +5,13 @@ def self.action_allowed?(action, requestor, student)
     case action
     when :show
       (
-        student.role.role_user.user_profile_id == requestor.id ||
+        student.role.user_profile_id == requestor.id ||
         UserIsCourseTeacher[user: requestor, course: student.course]
       ) && !student.dropped? && !student.period.nil? && !student.period.archived?
     when :create, :update, :destroy
       UserIsCourseTeacher[user: requestor, course: student.course]
     when :refund
-      student.role.role_user.user_profile_id == requestor.id
+      student.role.user_profile_id == requestor.id
     else
       false
     end

app/access_policies/teacher_access_policy.rb

@@ -4,7 +4,7 @@ def self.action_allowed?(action, requestor, teacher)
 
     case action
     when :show
-      teacher.role.role_user.user_profile_id == requestor.id && !teacher.deleted?
+      teacher.role.user_profile_id == requestor.id && !teacher.deleted?
     when :destroy
       UserIsCourseTeacher[user: requestor, course: teacher.course]
     else

app/access_policies/teacher_student_access_policy.rb

@@ -0,0 +1,16 @@
+class TeacherStudentAccessPolicy
+  def self.action_allowed?(action, requestor, teacher_student)
+    return false if !requestor.is_human? || requestor.is_anonymous?
+
+    case action
+    when :show
+      teacher_student.role.user_profile_id == requestor.id &&
+        UserIsCourseTeacher[user: requestor, course: teacher_student.course] &&
+        !teacher_student.deleted? &&
+        !teacher_student.period.nil? &&
+        !teacher_student.period.archived?
+    else
+      false
+    end
+  end
+end

app/controllers/admin/courses_controller.rb

@@ -18,7 +18,7 @@ def index
     end
 
     @course_infos = result.outputs.items.preload(
-      teachers: { role: [:role_user, :profile] },
+      teachers: { role: :profile },
       periods: :students,
       course_ecosystems: { ecosystem: :books }
     ).try(:paginate, params_for_pagination)

app/controllers/api/v1/courses_controller.rb

@@ -68,7 +68,7 @@ def create
                  location: nil
   end
 
-  api :GET, '/courses/:course_id', 'Returns information about a specific course, including periods'
+  api :GET, '/courses/:id', 'Returns information about a specific course, including periods'
   description <<-EOS
     Returns information about a specific course, including periods and roles
     #{json_schema(Api::V1::CourseRepresenter, include: :readable)}
@@ -79,7 +79,7 @@ def show
     respond_with collect_course_info(course: @course), represent_with: Api::V1::CourseRepresenter
   end
 
-  api :PATCH, '/courses/:course_id', 'Update course details'
+  api :PATCH, '/courses/:id', 'Update course details'
   description <<-EOS
     Update course details and return information about the updated course
     Possible error codes:
@@ -99,7 +99,7 @@ def update
     )
   end
 
-  api :GET, '/courses/:course_id/dashboard(/role/:role_id)',
+  api :GET, '/courses/:id/dashboard',
             'Gets dashboard information for a given non-CC course, ' +
             'filtered by optional start_at and end_at params. ' +
             'Any time_zone information in the given dates is ignored ' +
@@ -126,8 +126,7 @@ def dashboard
     )
   end
 
-  api :GET, '/courses/:course_id/cc/dashboard(/role/:role_id)',
-            'Gets dashboard information for a given CC course.'
+  api :GET, '/courses/:id/cc/dashboard', 'Gets dashboard information for a given CC course.'
   description <<-EOS
     Possible error codes:
       - non_cc_course
@@ -142,7 +141,7 @@ def cc_dashboard
     )
   end
 
-  api :GET, '/courses/:course_id/roster', 'Returns the roster for a given course'
+  api :GET, '/courses/:id/roster', 'Returns the roster for a given course'
   description <<-EOS
     Returns the roster for a given course
     #{json_schema(Api::V1::RosterRepresenter, include: :readable)}
@@ -155,7 +154,7 @@ def roster
     respond_with(roster, represent_with: Api::V1::RosterRepresenter)
   end
 
-  api :POST, '/courses/:course_id/clone', 'Clones the course with the given ID'
+  api :POST, '/courses/:id/clone', 'Clones the course with the given ID'
   description <<-EOS
     Creates a copy of the course with the given ID
     All JSON attributes in the schema are optional
@@ -238,6 +237,12 @@ def dates
 
   protected
 
+  def get_role
+    @role = Entity::Role.find(params[:id])
+  end
+
+  protected
+
   def get_course
     @course = CourseProfile::Models::Course.find(params[:id])
   end
@@ -246,14 +251,12 @@ def collect_course_info(course:)
     CollectCourseInfo[courses: course, user: current_human_user].first
   end
 
-  def get_course_role(course:, types: :any)
-    result = ChooseCourseRole.call(user: current_human_user,
-                                   course: course,
-                                   allowed_role_type: types,
-                                   role_id: params[:role_id])
-
+  def get_course_role(course:)
+    result = ChooseCourseRole.call(
+      user: current_human_user, course: course, role: current_role(course)
+    )
     errors = result.errors
-    raise(SecurityTransgression, errors.map(&:message).to_sentence) unless errors.empty?
+    raise(SecurityTransgression, :invalid_role) unless errors.empty?
     result.outputs.role
   end
 

app/controllers/api/v1/enrollment_controller.rb

@@ -12,7 +12,7 @@ class Api::V1::EnrollmentController < Api::V1::ApiController
 
   api :GET, '/:course_uuid/choices', 'Returns limited information for a given course uuid'
   description <<-EOS
-    Returns course and period information for a course identified by it's UUID.
+    Returns course and period information for a course identified by its UUID.
     Can be called by any logged in user, but only returns the course name and enrollment codes
     #{json_schema(Api::V1::PeriodRepresenter, include: :readable)}
   EOS

app/controllers/api/v1/guides_controller.rb

@@ -12,15 +12,20 @@ class GuidesController < ApiController
         EOS
       end
 
-      api :GET, '/courses/:course_id/guide(/role/:role_id)',
+      api :GET, '/courses/:course_id/guide',
                 'Returns a student course guide for Learning Guide'
       description <<-EOS
         #{json_schema(Api::V1::CourseGuidePeriodRepresenter, include: :readable)}
       EOS
       def student
-        role = get_role(@course, :student)
-        OSU::AccessPolicy.require_action_allowed!(:show, current_api_user, role.student)
+        role = get_course_role(course: @course, allowed_role_types: [:student, :teacher_student])
+
+        student = role.course_member
+
+        OSU::AccessPolicy.require_action_allowed!(:show, current_api_user, student)
+
         guide = GetStudentGuide[role: role]
+
         respond_with guide, represent_with: Api::V1::CourseGuidePeriodRepresenter
       end
 
@@ -30,7 +35,7 @@ def student
         #{json_schema(Api::V1::TeacherCourseGuideRepresenter, include: :readable)}
       EOS
       def teacher
-        role = get_role(@course, :teacher)
+        role = get_course_role(course: @course, allowed_role_types: :teacher)
         OSU::AccessPolicy.require_action_allowed!(:show, current_api_user, role.teacher)
         guide = GetTeacherGuide[role: role]
         respond_with guide, represent_with: Api::V1::TeacherCourseGuideRepresenter
@@ -42,16 +47,14 @@ def get_course
         @course = CourseProfile::Models::Course.find(params[:course_id])
       end
 
-      def get_role(course, types = :any)
-        result = ChooseCourseRole.call(user: current_human_user,
-                                       course: course,
-                                       allowed_role_type: types,
-                                       role_id: params[:role_id])
-        if result.errors.any?
-          raise(SecurityTransgression, :invalid_role)
-        else
-          result.outputs.role
-        end
+      def get_course_role(course:, allowed_role_types:)
+        result = ChooseCourseRole.call(
+          user: current_human_user, course: course,
+          role: current_role(course), allowed_role_types: allowed_role_types
+        )
+        errors = result.errors
+        raise(SecurityTransgression, :invalid_role) unless errors.empty?
+        result.outputs.role
       end
     end
   end

app/controllers/api/v1/notes_controller.rb

@@ -113,8 +113,13 @@ def get_note
 
   def get_course_role
     @course = CourseProfile::Models::Course.find(params[:course_id])
-    result = ChooseCourseRole.call(user: current_human_user, course: @course)
-    raise(SecurityTransgression, result.errors.map(&:message).to_sentence) if result.errors.any?
+
+    result = ChooseCourseRole.call(
+      user: current_human_user, course: @course, role: current_role(@course)
+    )
+    errors = result.errors
+    raise(SecurityTransgression, :invalid_role) unless errors.empty?
+
     @role = result.outputs.role
   end
 

app/controllers/api/v1/performance_reports_controller.rb

@@ -35,8 +35,7 @@ def exports
     respond_with exports, represent_with: Api::V1::PerformanceReport::ExportsRepresenter
   end
 
-  api :GET, '/courses/:course_id/performance(/role/:role_id)',
-            'Returns performance report for the user'
+  api :GET, '/courses/:course_id/performance', 'Returns performance report for the user'
   description <<-EOS
     #{json_schema(Api::V1::PerformanceReport::Representer, include: :readable)}
   EOS
@@ -56,9 +55,9 @@ def get_course_role(course:, type: :any)
     args = {
       user: current_human_user,
       course: course,
-      role_id: params[:role_id]
+      role: current_role(course)
     }
-    args[:allowed_role_type] = type unless type == :any
+    args[:allowed_role_types] = type unless type == :any
 
     result = ChooseCourseRole.call(args)
     raise(SecurityTransgression, :invalid_role) if result.errors.any?

app/controllers/api/v1/periods_controller.rb

@@ -54,8 +54,7 @@ def update
     #{json_schema(Api::V1::PeriodRepresenter, include: :readable)}
   EOS
   def destroy
-    period_model = @period.to_model
-    OSU::AccessPolicy.require_action_allowed!(:destroy, current_api_user, period_model)
+    OSU::AccessPolicy.require_action_allowed!(:destroy, current_api_user, @period_model)
     result = CourseMembership::ArchivePeriod.call(period: @period)
 
     render_api_errors(result.errors) || respond_with(
@@ -76,9 +75,8 @@ def destroy
     #{json_schema(Api::V1::PeriodRepresenter, include: :readable)}
   EOS
   def restore
-    period_model = @period.to_model
-    OSU::AccessPolicy.require_action_allowed!(:destroy, current_api_user, period_model)
-    return render_api_errors(period_model.errors) unless period_model.valid?
+    OSU::AccessPolicy.require_action_allowed!(:destroy, current_api_user, @period_model)
+    return render_api_errors(@period_model.errors) unless @period_model.valid?
 
     result = CourseMembership::UnarchivePeriod.call(period: @period)
 
@@ -89,6 +87,23 @@ def restore
     )
   end
 
+  api :PUT, '/periods/:id/teacher_student',
+            'Enrolls a teacher as a student in a period or resets their assignments'
+  description <<-EOS
+    Enrolls a teacher as a student in a period or resets their assignments
+  EOS
+  def teacher_student
+    OSU::AccessPolicy.require_action_allowed!(:teacher_student, current_api_user, @period_model)
+
+    result = CreateOrResetTeacherStudent.call(user: current_human_user, period: @period)
+
+    render_api_errors(result.errors) || respond_with(
+      result.outputs.role,
+      represent_with: Api::V1::RoleRepresenter,
+      responder: ResponderWithPutPatchDeleteContent
+    )
+  end
+
   private
 
   def find_period_and_course
@@ -97,6 +112,7 @@ def find_period_and_course
     elsif params[:id]
       @period = CourseMembership::GetPeriod[id: params[:id]]
       @course = @period.course
+      @period_model = @period.to_model
     end
   end
 end

app/controllers/api/v1/practices_controller.rb

@@ -2,16 +2,14 @@ module Api
   module V1
     class PracticesController < ApiController
       before_filter :get_course_and_practice_role
-      before_filter :error_if_student_and_needs_to_pay, only: [:create_specific,
-                                                               :create_worst,
-                                                               :show]
+      before_filter :error_if_student_and_needs_to_pay, only: [:create, :create_worst, :show]
 
-      api :POST, '/courses/:course_id/practice(/role/:role_id)',
+      api :POST, '/courses/:course_id/practice',
                  'Starts a new practice widget for a specific set of page_ids or chapter_ids'
       description <<-EOS
         #{json_schema(Api::V1::PracticeRepresenter, include: :writeable)}
       EOS
-      def create_specific
+      def create
         OSU::AccessPolicy.require_action_allowed!(:create_practice, current_human_user, @course)
 
         practice = OpenStruct.new
@@ -28,7 +26,7 @@ def create_specific
         )
       end
 
-      api :POST, '/courses/:course_id/practice/worst(/role/:role_id)',
+      api :POST, '/courses/:course_id/practice/worst',
                  'Starts a new practice widget for Practice Worst Topics'
       def create_worst
         OSU::AccessPolicy.require_action_allowed!(:create_practice, current_human_user, @course)
@@ -42,8 +40,7 @@ def create_worst
         )
       end
 
-      api :GET, '/courses/:course_id/practice(/role/:role_id)',
-                'Gets the most recent practice widget'
+      api :GET, '/courses/:course_id/practice', 'Gets the most recent practice widget'
       def show
         task = ::Tasks::GetPracticeTask[role: @role]
 
@@ -58,8 +55,8 @@ def get_course_and_practice_role
         @course = CourseProfile::Models::Course.find(params[:id])
         result = ChooseCourseRole.call(user: current_human_user,
                                        course: @course,
-                                       allowed_role_type: :student,
-                                       role_id: params[:role_id])
+                                       role: current_role(@course),
+                                       allowed_role_types: :student)
         if result.errors.any?
           raise(SecurityTransgression, result.errors.map(&:message).to_sentence)
         else