Merge branch 'main' into prevent-students-calling-profile-api-and-getting-500

Author: peconia

app/controllers/api/school_classes_controller.rb

@@ -7,10 +7,15 @@ class SchoolClassesController < ApiController
     before_action :load_and_authorize_school_class
 
     def index
-      school_classes = @school.classes.accessible_by(current_ability)
-      school_classes = school_classes.joins(:teachers).where(teachers: { teacher_id: current_user.id }) if params[:my_classes] == 'true'
+      school_classes = accessible_school_classes
+      school_classes = school_classes.joins(:teachers).where(teachers: { teacher_id: current_user&.id }) if params[:my_classes] == 'true'
       @school_classes_with_teachers = school_classes.with_teachers
-      render :index, formats: [:json], status: :ok
+
+      if current_user&.school_teacher?(@school) || current_user&.school_owner?(@school)
+        render :teacher_index, formats: [:json], status: :ok
+      else
+        render :student_index, formats: [:json], status: :ok
+      end
     end
 
     def show
@@ -101,6 +106,14 @@ def find_or_create_school_class(school_class_params)
       )
     end
 
+    def accessible_school_classes
+      if current_user&.school_teacher?(@school) || current_user&.school_owner?(@school)
+        @school.classes.accessible_by(current_ability).includes(lessons: { project: { remixes: { school_project: :school_project_transitions } } })
+      else
+        @school.classes.accessible_by(current_ability)
+      end
+    end
+
     def create_school_students(school_students_params, school_class)
       return { school_students: [], errors: nil } unless school_class.present? && school_students_params.present?
 

app/models/school_class.rb

@@ -58,6 +58,21 @@ def assign_class_code
     errors.add(:code, 'could not be generated')
   end
 
+  def submitted_count
+    return 0 if lessons.empty?
+
+    Lesson
+      .joins(project: { remixes: { school_project: :school_project_transitions } })
+      .where(school_class_id: id)
+      .where(
+        school_project_transitions: {
+          to_state: 'submitted',
+          most_recent: true
+        }
+      )
+      .count
+  end
+
   private
 
   def school_class_has_at_least_one_teacher

app/views/api/school_classes/_school_class.json.jbuilder

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+json.call(
+  school_class,
+  :id,
+  :description,
+  :school_id,
+  :name,
+  :created_at,
+  :updated_at,
+  :import_origin,
+  :import_id
+)
+
+json.teachers(teachers) do |teacher|
+  json.partial! '/api/school_teachers/school_teacher', teacher:, include_email: false
+end

app/views/api/school_classes/index.json.jbuilder

@@ -2,19 +2,6 @@
 
 school_class, teachers = @school_class_with_teachers
 
-json.call(
-  school_class,
-  :id,
-  :description,
-  :school_id,
-  :name,
-  :code,
-  :created_at,
-  :updated_at,
-  :import_origin,
-  :import_id
-)
+json.partial! 'school_class', school_class: school_class, teachers: teachers
 
-json.teachers(teachers) do |teacher|
-  json.partial! '/api/school_teachers/school_teacher', teacher:, include_email: false
-end
+json.code school_class.code

app/views/api/school_classes/show.json.jbuilder

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+json.array!(@school_classes_with_teachers) do |school_class, teachers|
+  json.partial! 'school_class', school_class: school_class, teachers: teachers
+end

app/views/api/school_classes/student_index.json.jbuilder

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+json.array!(@school_classes_with_teachers) do |school_class, teachers|
+  json.partial! 'school_class', school_class: school_class, teachers: teachers
+
+  json.submitted_count(school_class.submitted_count)
+end

app/views/api/school_classes/teacher_index.json.jbuilder

@@ -1,8 +1,10 @@
 # frozen_string_literal: true
 
-json.call(teacher, :id, :name)
-json.type('teacher')
+if teacher.present?
+  json.call(teacher, :id, :name)
+  json.type('teacher')
 
-include_email = local_assigns.fetch(:include_email, true)
+  include_email = local_assigns.fetch(:include_email, true)
 
-json.email(teacher.email) if include_email
+  json.email(teacher.email) if include_email
+end

app/views/api/school_teachers/_school_teacher.json.jbuilder

@@ -53,6 +53,28 @@
     expect(data.first[:teachers].first).to be_nil
   end
 
+  it 'includes submitted_count if user is a school-teacher' do
+    authenticated_in_hydra_as(teacher)
+    get("/api/schools/#{school.id}/classes", headers:)
+    data = JSON.parse(response.body, symbolize_names: true)
+    expect(data.first).to have_key(:submitted_count)
+  end
+
+  it 'includes submitted_count if user is a school-owner' do
+    authenticated_in_hydra_as(owner)
+    get("/api/schools/#{school.id}/classes", headers:)
+    data = JSON.parse(response.body, symbolize_names: true)
+    expect(data.first).to have_key(:submitted_count)
+  end
+
+  it 'does not include submitted_count if user is a school-student' do
+    authenticated_in_hydra_as(student)
+    stub_user_info_api_for(teacher)
+    get("/api/schools/#{school.id}/classes", headers:)
+    data = JSON.parse(response.body, symbolize_names: true)
+    expect(data.first).not_to have_key(:submitted_count)
+  end
+
   it "does not include school classes that the school-teacher doesn't teach" do
     teacher = create(:teacher, school:)
     authenticated_in_hydra_as(teacher)

spec/features/school_class/listing_school_classes_spec.rb

@@ -262,6 +262,29 @@
     end
   end
 
+  describe '#submitted_count' do
+    it 'returns 0 if there are no lessons' do
+      school_class = create(:school_class, teacher_ids: [teacher.id], school:)
+      expect(school_class.submitted_count).to eq(0)
+    end
+
+    it 'returns the sum of submitted counts from all lessons' do
+      school_class = create(:school_class, teacher_ids: [teacher.id], school:)
+
+      lesson_1 = create(:lesson, school_class:, user_id: teacher.id)
+      remix_1 = create(:project, school:, remixed_from_id: lesson_1.project.id, user_id: student.id)
+      remix_1.school_project.transition_status_to!(:submitted, remix_1.user_id)
+
+      lesson_2 = create(:lesson, school_class:, user_id: teacher.id)
+      remix_2 = create(:project, school:, remixed_from_id: lesson_2.project.id, user_id: student.id)
+      remix_2.school_project.transition_status_to!(:submitted, remix_2.user_id)
+      remix_3 = create(:project, school:, remixed_from_id: lesson_2.project.id, user_id: student.id)
+      remix_3.school_project.transition_status_to!(:submitted, remix_3.user_id)
+
+      expect(school_class.submitted_count).to eq(3)
+    end
+  end
+
   describe 'auditing' do
     subject(:school_class) { create(:school_class, teacher_ids: [teacher.id], school:) }