more accurate contextless send permission in conversations ui

fixes CNVS-23104

test plan
- as an account admin (not site admin), ensure that you can send
 a conversation message without specifying a context
- disable the "See the list of users" permission for the Account
 Admin role on the user's root account
- as the account admin, ensure that you now cannot send a
 conversation message without specifying a context

Change-Id: I25d6bacae1b213d6fa5caf7813de6d979282411b
Reviewed-on: https://gerrit.instructure.com/66155
Reviewed-by: Matthew Wheeler <mwheeler@instructure.com>
Tested-by: Jenkins
QA-Review: Adrian Russell <arussell@instructure.com>
Product-Review: Joel Hough <joel@instructure.com>

Author: JoelHough

app/coffeescripts/views/conversations/AutocompleteView.coffee

@@ -658,7 +658,7 @@ define [
     # Returns nothing.
     setContext: (context, disable = false) ->
       context = null unless context.id
-      if disable and !_.include(ENV.current_user_roles, 'admin') and !@disabled
+      if disable and !ENV.CONVERSATIONS.CAN_MESSAGE_ACCOUNT_CONTEXT and !@disabled
         @disable(!context)
       return if context?.id == @currentContext?.id
       @currentContext     = context

app/coffeescripts/views/conversations/CourseSelectionView.coffee

@@ -91,7 +91,7 @@ define [
         view.clearSearch()
 
     getAriaLabel: ->
-      return if _.include(ENV.current_user_roles, 'admin')
+      return if ENV.CONVERSATIONS.CAN_MESSAGE_ACCOUNT_CONTEXT
       label = @getCurrentContext().name || I18n.t("Select course: a selection is required before recipients field will become available")
       @$picker.find('button').attr("aria-label", label)
 

app/coffeescripts/views/conversations/MessageFormDialog.coffee

@@ -178,7 +178,7 @@ define [
       @recipientView.on('changeToken', @recipientIdsChanged)
       @recipientView.on('recipientTotalChange', @recipientTotalChanged)
 
-      unless _.include(ENV.current_user_roles, 'admin')
+      unless ENV.CONVERSATIONS.CAN_MESSAGE_ACCOUNT_CONTEXT
         @$messageCourse.attr('aria-required', true)
         @recipientView.disable(true)
 

app/controllers/conversations_controller.rb

@@ -248,6 +248,7 @@ def index
       hash = {
         :ATTACHMENTS_FOLDER_ID => @current_user.conversation_attachments_folder.id,
         :ACCOUNT_CONTEXT_CODE => "account_#{@domain_root_account.id}",
+        :CAN_MESSAGE_ACCOUNT_CONTEXT => valid_account_context?(@domain_root_account),
         :MAX_GROUP_CONVERSATION_SIZE => Conversation.max_group_conversation_size
       }
 

spec/selenium/conversations/conversations_message_sending_spec.rb

@@ -40,7 +40,7 @@
       expect(c.conversation_participants.collect(&:user_id).sort).to eq([@teacher, @s1, @s2].collect(&:id).sort)
     end
 
-    it "should allow admins to send a message without picking a context", priority: "1", test_id: 138677 do
+    it "should allow admins with read_roster permission to send a message without picking a context", priority: "1", test_id: 138677 do
       user = account_admin_user
       user_logged_in({:user => user})
       get_conversations
@@ -50,6 +50,16 @@
       expect(c.context).to eq Account.default
     end
 
+    it "should not allow admins without read_roster permission to send a message without picking a context", priority: "1" do
+      user = account_admin_user
+      RoleOverride.manage_role_override(Account.default, Role.get_built_in_role('AccountAdmin'), 'read_roster', override: false, locked: false)
+      user_logged_in({:user => user})
+      get_conversations
+      fj('#compose-btn').click
+      wait_for_animations
+      expect(fj('#recipient-row')).to have_attribute(:style, 'display: none;')
+    end
+
     it "should not allow non-admins to send a message without picking a context", priority: "1", test_id: 138678 do
       get_conversations
       fj('#compose-btn').click
@@ -153,4 +163,4 @@
       end
     end
   end
-end
+end