Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Class lists: Photos authorization #2465

Merged
merged 13 commits into from
May 9, 2019
Merged

Conversation

kevinrobinson
Copy link
Contributor

Who is this PR for?

K8 teaching teams

What problem does this PR fix?

When creating class lists, there are parallel authorization rules that allow the teacher creating the list to view data for all students at a particular grade and school (if they are authorized to teach students in that grade). Student photos are still requested through /students/:id/photo however, which use standard authorization rules. This means that if a homeroom teacher started the class list process on behalf of the team, only their homeroom students will have pictures.

What does this PR do?

Changes the UI code to use /classlists/:workspace_id/students/:student_id/photo for pictures, and use the class list authorization rules for guarding access. This allows the photos to be viewed more permissively only in this part of the product, and only when this feature is enabled (eg, at particular times of the year).

Checklists

Which features or pages does this PR touch?

  • Class list
  • Core, student photos

Does this PR use tests to help verify we can deploy these changes quickly and confidently?

  • Included specs for changes
  • Improved specs for existing code in need of better test coverage
  • Manual testing made more sense here

@kevinrobinson
Copy link
Contributor Author

selfie

@kevinrobinson kevinrobinson merged commit d7a5345 into master May 9, 2019
@kevinrobinson kevinrobinson deleted the patch/class-list-photos branch May 9, 2019 22:24
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant