Update user_progress and user_app_options to support teacher view for cached levels

[jamescodeorg]

This change updates ApiController#user_app_options to take a user_id, verify that the signed-in user is allowed to see the requested user progress, and returns the requested user's data. The diff doesn't do a great job of capturing the actual changes. Most of the logic in user_app_options is pre-existing with the following changes:

• Moved the code to get progress-related app_options to a separate method.
• Stopped sending progress and isHoc fields in the response (since they weren't being used on the client).
• Started sending isStarted, skipInstructionsPopup, readonlyWorkspace, and callouts

Some additional small changes:

• Pass through user_id in both the user_progress and user_app_options calls on the client.
• Handle new values returned by user_app_options on the client.
• Removed slogging for activity_start and activity_finish which are no longer needed (slack).
• Update ApiController#user_progress to check that signed-in user can see requested user's progress.

With these changes, teacher view works for cached levels if you comment out the line that returns the "Student code cannot be viewed for this activity."

Links

• jira ticket: LP-2086

Testing story

Deployment strategy

Follow-up work

Privacy

Security

Caching

PR Checklist:

• Tests provide adequate coverage
• Privacy and Security impacts have been assessed
• Code is well-commented
• New features are translatable or updates will not break translations
• Relevant documentation has been added or updated
• User impact is well-understood and desirable
• Pull Request is labeled appropriately
• Follow-up work items (including potential tech debt) are tracked and linked

[maureensturgeon]

Looks good! Just a couple small comments

[jamescodeorg]

Path-specific stubbing wasn't working because different tests use different query parameters. This is a temporary fix so that we can get this merged and unblock the next set of work. If it's ok with you, I'd like to merge this and then clean-up these tests in a follow-up PR.

[maureensturgeon]

Just curious what this was for?

[jamescodeorg]

This was for the "activity monitor". See this slack thread for more info on why it's no longer needed.

[maureensturgeon]

LGTM! Just a couple of questions

[maureensturgeon]

Should we guard against ActiveRecord::RecordNotFound here? Or replace with find_by or some other method which will return nil if record couldn't be found?

[jamescodeorg]

Good question. It's intentional that we throw an exception here so we don't continue execution here (same as the previous behavior). As written, if the request has an invalid user_id, the whole request will fail with a 404 error. I'm not sure if this is the best error to return and we also don't really handle this error on the client but this behavior is pre-existing and I'm inclined to solve that problem another day?

[maureensturgeon]

Same question here about checking for ActiveRecord::RecordNotFound

[maureensturgeon]

I'm curious why the !! is needed, under_13? seems to imply it returns a boolean from the ?

[jamescodeorg]

Oh, good catch. I wonder why I did that. :-)

[jamescodeorg]

I'll pick up this change in my next PR.

[maureensturgeon]

Nit: "normally" could be clarified (not in emergency mode?)