Locked graded discussions are now visible to students

fixes CNVS-5309

test steps:
- as a teacher, create a few discussion topics with graded
  checked and due, begin and until dates are in the future, past
  and current.
- as a student, view the discussions list and ensure that the
  present and past topics are visible but the future is not.
- click the past discussion topic and make sure you are able to
  view the discussion but not reply to it.
- click the present discussion and make sure that you can reply
  to it.
- as the student and teacher, ensure that the visible discussion
  topics appear in the stream items (dashboard) and the future
  do not (for the student).

Change-Id: Ibb0a3d05ae830e764c8068a6c9d4ead804e91139
Reviewed-on: https://gerrit.instructure.com/20082
Tested-by: Jenkins <jenkins@instructure.com>
Product-Review: Marc LeGendre <marc@instructure.com>
QA-Review: Marc LeGendre <marc@instructure.com>
Reviewed-by: Zach Pendleton <zachp@instructure.com>

Author: Eric Berry

app/controllers/assignments_controller.rb

@@ -73,6 +73,7 @@ def show
       js_env :ROOT_OUTCOME_GROUP => outcome_group_json(@context.root_outcome_group, @current_user, session)
 
       @locked = @assignment.locked_for?(@current_user, :check_policies => true, :deep_check_if_needed => true)
+      @locked.delete(:lock_at) if @locked.is_a?(Hash) && @locked.has_key?(:unlock_at) # removed to allow proper translation on show page
       @unlocked = !@locked || @assignment.grants_rights?(@current_user, session, :update)[:update]
       @assignment_module = ContextModuleItem.find_tag_with_preferred([@assignment], params[:module_item_id])
       @assignment.context_module_action(@current_user, :read) if @unlocked && !@assignment.new_record?

app/controllers/discussion_topics_controller.rb

@@ -136,7 +136,6 @@ def index
                    @context.active_discussion_topics.only_discussion_topics)
           scope = scope.by_position
           @topics = Api.paginate(scope, self, topic_pagination_url(:only_announcements => params[:only_announcements]))
-          @topics.reject! { |a| a.locked_for?(@current_user, :check_policies => true) }
           @topics.each { |t| t.current_user = @current_user }
           if api_request?
             render :json => discussion_topics_api_json(@topics, @context, @current_user, session)
@@ -208,12 +207,11 @@ def show
       redirect_to named_context_url(@context, :context_discussion_topics_url)
       return
     end
+
     if authorized_action(@topic, @current_user, :read)
       @headers = !params[:headless]
-      @locked = @topic.locked_for?(@current_user, :check_policies => true, :deep_check_if_needed => true)
-      unless @locked
-        @topic.change_read_state('read', @current_user)
-      end
+      @locked = @topic.locked_for?(@current_user, :check_policies => true, :deep_check_if_needed => true) || @topic.locked?
+      @topic.change_read_state('read', @current_user)
       if @topic.for_group_assignment?
         @groups = @topic.assignment.group_category.groups.active.select{ |g| g.grants_right?(@current_user, session, :read) }
         topics = @topic.child_topics.to_a
@@ -243,10 +241,10 @@ def show
                 :ID => @topic.id,
               },
               :PERMISSIONS => {
-                :CAN_REPLY => !(@topic.for_group_assignment? || @topic.locked?),
-                :CAN_ATTACH => @topic.grants_right?(@current_user, session, :attach),
-                :CAN_MANAGE_OWN => @context.user_can_manage_own_discussion_posts?(@current_user),
-                :MODERATE => @context.grants_right?(@current_user, session, :moderate_forum)
+                :CAN_REPLY      => @locked ? false : !(@topic.for_group_assignment? || @topic.locked?),     # Can reply
+                :CAN_ATTACH     => @locked ? false : @topic.grants_right?(@current_user, session, :attach), # Can attach files on replies
+                :CAN_MANAGE_OWN => @context.user_can_manage_own_discussion_posts?(@current_user),           # Can moderate their own topics
+                :MODERATE       => @context.grants_right?(@current_user, session, :moderate_forum)          # Can moderate any topic
               },
               :ROOT_URL => named_context_url(@context, :api_v1_context_discussion_topic_view_url, @topic),
               :ENTRY_ROOT_URL => named_context_url(@context, :api_v1_context_discussion_topic_entry_list_url, @topic),
@@ -419,14 +417,14 @@ def process_discussion_topic(is_new = false)
         discussion_topic_hash[:message] = process_incoming_html_content(discussion_topic_hash[:message])
       end
 
-      #handle locking/unlocking
-      if params.has_key? :locked
-        if value_to_boolean(params[:locked])
-          @topic.lock
-        else
-          @topic.unlock
-        end
-      end
+       #handle locking/unlocking
+       if (params.has_key?(:locked) && !params[:locked].is_a?(Hash))
+         if value_to_boolean(params[:locked])
+           @topic.lock
+         else
+           @topic.unlock
+         end
+       end
 
       if @topic.update_attributes(discussion_topic_hash)
         log_asset_access(@topic, 'topics', 'topics', 'participate')

app/helpers/stream_items_helper.rb

@@ -60,6 +60,11 @@ def categorize_stream_items(stream_items, user = @current_user)
         next if item.context_type == "Assignment"
       end
 
+      if ["DiscussionTopic","Announcement"].include? category
+        item.data.reload
+        next if item.data.try(:visible_for?, user) == false
+      end
+      
       categorized_items[category] << generate_presenter(category, item)
     end
     categorized_items

app/models/assignment.rb

@@ -780,10 +780,11 @@ def locked_for?(user=nil, opts={})
     Rails.cache.fetch(locked_cache_key(user), :expires_in => 1.minute) do
       locked = false
       assignment_for_user = self.overridden_for(user)
-      if (assignment_for_user.unlock_at && assignment_for_user.unlock_at > Time.now)
-        locked = {:asset_string => self.asset_string, :unlock_at => assignment_for_user.unlock_at}
-      elsif (assignment_for_user.lock_at && assignment_for_user.lock_at <= Time.now)
-        locked = {:asset_string => self.asset_string, :lock_at => assignment_for_user.lock_at}
+      if ((assignment_for_user.unlock_at && assignment_for_user.unlock_at > Time.now) ||
+          (assignment_for_user.lock_at && assignment_for_user.lock_at <= Time.now))
+        locked = { :asset_string => self.asset_string, 
+                   :unlock_at    => assignment_for_user.unlock_at,
+                   :lock_at      => assignment_for_user.lock_at }
       elsif self.could_be_locked && item = locked_by_module_item?(user, opts[:deep_check_if_needed])
         locked = {:asset_string => self.asset_string, :context_module => item.context_module.attributes}
       end

app/models/discussion_topic.rb

@@ -631,6 +631,20 @@ def user_name
     self.user ? self.user.name : nil
   end
 
+  def visible_for?(user=nil, opts={})
+    return true if user == self.user
+    if unlock_at = locked_for?(user, opts).try_rescue(:[], :unlock_at)
+      unlock_at < Time.now
+    else
+      true
+    end
+  end
+
+  # Public: Determine if the discussion topic is locked for a specific user. The topic is locked when the 
+  #         delayed_post_at is in the future or the group assignment is locked. This does not determine
+  #         the visibility of the topic to the user, only that they are unable to reply.
+  #
+  # Returns: boolean
   def locked_for?(user=nil, opts={})
     return false if opts[:check_policies] && self.grants_right?(user, nil, :update)
     Rails.cache.fetch(locked_cache_key(user), :expires_in => 1.minute) do