Add late days column for extensions

.tool-versions

@@ -1 +1 @@
-ruby 3.3.8
+ruby 3.3

Gemfile

@@ -32,6 +32,9 @@ gem 'tzinfo-data', platforms: %i[windows jruby]
 # Reduces boot times through caching; required in config/boot.rb
 gem 'bootsnap', require: false
 
+# Loads environment variables from .env (local dev/test only, not Heroku)
+gem 'dotenv-rails', groups: [ :development, :test ]
+
 # Alternative Canvas API. We probably don't need this.
 # Verify instances of `LMS::Canvas`
 gem 'lms-api'
@@ -60,6 +63,9 @@ gem 'strong_migrations'
 # Logging Customization
 gem 'lograge'
 
+# Environment variable management
+gem 'dotenv-rails', require: 'dotenv/load'
+
 # Use Active Storage for file uploads [https://guides.rubyonrails.org/active_storage_overview.html]
 # gem "activestorage", "~> 7.0.0"
 
@@ -70,6 +76,7 @@ gem 'lograge'
 #
 gem 'blazer'
 gem 'hypershield'
+gem 'good_job', '~> 4.0'
 
 #### Frontend related tools
 # The original asset pipeline for Rails [https://github.com/rails/sprockets-rails]

Gemfile.lock

@@ -185,10 +185,16 @@ GEM
     diff-lcs (1.6.2)
     docile (1.4.1)
     domain_name (0.6.20240107)
+    dotenv (3.2.0)
+    dotenv-rails (3.2.0)
+      dotenv (= 3.2.0)
+      railties (>= 6.1)
     drb (2.2.3)
     dumb_delegator (1.1.0)
     erb (6.0.2)
     erubi (1.13.1)
+    et-orbi (1.4.0)
+      tzinfo
     factory_bot (6.5.6)
       activesupport (>= 6.1.0)
     factory_bot_rails (6.5.1)
@@ -215,8 +221,18 @@ GEM
       sassc (~> 2.0)
     formatador (1.2.3)
       reline
+    fugit (1.12.1)
+      et-orbi (~> 1.4)
+      raabro (~> 1.4)
     globalid (1.3.0)
       activesupport (>= 6.1)
+    good_job (4.14.2)
+      activejob (>= 6.1.0)
+      activerecord (>= 6.1.0)
+      concurrent-ruby (>= 1.3.1)
+      fugit (>= 1.11.0)
+      railties (>= 6.1.0)
+      thor (>= 1.0.0)
     guard (2.20.1)
       formatador (>= 0.2.4)
       listen (>= 2.7, < 4.0)
@@ -382,6 +398,7 @@ GEM
     public_suffix (7.0.5)
     puma (7.2.0)
       nio4r (~> 2.0)
+    raabro (1.4.0)
     racc (1.8.1)
     rack (3.2.6)
     rack-protection (4.2.1)
@@ -624,10 +641,12 @@ DEPENDENCIES
   cucumber-rails
   database_cleaner-active_record
   debug
+  dotenv-rails
   factory_bot_rails
   faraday
   faraday-cookie_jar
   font-awesome-sass
+  good_job (~> 4.0)
   guard-rspec
   hypershield
   importmap-rails

app/controllers/course_settings_controller.rb

@@ -72,7 +72,9 @@ def course_settings_params
       :email_subject,
       :email_template,
       :enable_slack_webhook_url,
-      :slack_webhook_url
+      :slack_webhook_url,
+      :pending_notification_frequency,
+      :pending_notification_email
     )
   end
 

app/controllers/courses_controller.rb

@@ -5,7 +5,7 @@ class CoursesController < ApplicationController
   before_action :determine_user_role
 
   def index
-    teacher_courses = UserToCourse.includes(:course).where(user: @user, role: %w[teacher ta])
+    teacher_courses = UserToCourse.includes(:course).where(user: @user, role: UserToCourse.staff_roles)
     @teacher_courses_by_semester = group_by_semester(teacher_courses)
 
     # Only show courses to students if extensions are enabled at the course level
@@ -44,16 +44,14 @@ def new
     @courses = Course.fetch_courses(token)
     flash[:alert] = 'No courses found.' if @courses.empty?
 
-    # Collect unique semester names from Canvas term data for the filter dropdown
     @semesters = @courses.filter_map { |c| c.dig('term', 'name') }.uniq.sort
     @selected_semester = params[:semester]
 
-    teacher_enrollment_types = %w[teacher ta]
     # TODO: Add spec for when a course is created, but the user is not enrolled in it.
     # TODO: Why do some courses have empty enrollments?
     existing_canvas_ids = @user.courses.pluck(:canvas_id)
-    @courses_teacher = filter_courses(@courses, teacher_enrollment_types, existing_canvas_ids)
-    @courses_student = filter_courses(@courses, [ 'student' ], existing_canvas_ids)
+    @courses_teacher = filter_courses(@courses, UserToCourse.staff_roles, existing_canvas_ids)
+    @courses_student = filter_courses(@courses, [ UserToCourse::STUDENT_ROLE ], existing_canvas_ids)
 
     if @selected_semester.present?
       @courses_teacher = filter_by_semester(@courses_teacher, @selected_semester)
@@ -68,7 +66,7 @@ def edit
 
   def create
     token = @user.lms_credentials.first.token
-    filter_courses(Course.fetch_courses(token), %w[teacher ta])
+    filter_courses(Course.fetch_courses(token), UserToCourse.staff_roles)
       .select { |c| params[:courses]&.include?(c['id'].to_s) }
       .each { |course_api| Course.create_or_update_from_canvas(course_api, token, @user) }
     redirect_to courses_path, notice: 'Selected courses and their assignments have been imported successfully.'
@@ -95,6 +93,7 @@ def enrollments
 
     @enrollments = @course.user_to_courses.includes(:user)
     @is_course_admin = @course.course_admin?(@user)
+    @approved_late_days = Request.total_approved_late_days_by_user(@course)
   end
 
   def delete
@@ -133,7 +132,6 @@ def group_by_semester(user_to_courses)
     sorted_semesters.map { |semester| [ semester, grouped[semester] ] }
   end
 
-  # Filters Canvas API course hashes by their term name
   def filter_by_semester(courses, semester)
     courses.select { |c| c.dig('term', 'name') == semester }
   end
@@ -146,7 +144,9 @@ def filter_courses(courses, roles, exclude_ids = [])
     courses = courses - missing_enrollments - courses.select { |course| exclude_ids.include?(course['id'].to_s) }
     return [] if courses.empty?
 
-    courses.select { |course| course['enrollments'].any? { |e| roles.include?(e['type']) } }
+    courses.select do |course|
+      course['enrollments'].any? { |enrollment| roles.include?(UserToCourse.role_from_canvas_enrollment(enrollment)) }
+    end
   end
 
   def course_data_for_sync

app/controllers/requests_controller.rb

@@ -32,6 +32,7 @@ def index
   def show
     @assignment = @request.assignment
     @number_of_days = @request.calculate_days_difference if @request.requested_due_date.present? && @assignment&.due_date.present?
+    @student_enrollment = @course.user_to_courses.find_by(user: @request.user) if @role == 'instructor'
     render_role_based_view
   end
 

app/controllers/session_controller.rb

@@ -53,15 +53,25 @@ def omniauth_callback
       'email' => auth.info.email
     }
     creds = auth.credentials # an OmniAuth::AuthHash
+
+    # dev provider doesnt have real credentials so its stubbed
+    expires_at = creds.expires_at || 30.days.from_now.to_i
+    refresh_token = creds.refresh_token || 'none'
+
     access_token = OAuth2::AccessToken.new(
       OAuth2::Client.new('', ''), # client never used – stub
       creds.token,
-      refresh_token: creds.refresh_token,
-      expires_at: creds.expires_at
+      refresh_token: refresh_token,
+      expires_at: expires_at
     )
 
     # Persist / update the user just like `create`
-    find_or_create_user(user_data, access_token)
+    user = find_or_create_user(user_data, access_token)
+
+    # Auto-enroll developer login users in test courses
+    if auth.provider == 'developer'
+      ensure_developer_test_enrollments(user)
+    end
 
     redirect_to courses_path, notice: "Logged in! Welcome, #{user_data['name']}!"
   rescue StandardError => e
@@ -79,6 +89,18 @@ def destroy
 
   private
 
+  def ensure_developer_test_enrollments(user)
+    # Find the test course
+    test_course = Course.find_by(course_code: 'DEV101')
+
+    # Ensure enrollment in the test course (as student so they can request extensions)
+    if test_course
+      UserToCourse.find_or_create_by!(user_id: user.id, course_id: test_course.id) do |utc|
+        utc.role = 'student'
+      end
+    end
+  end
+
   # TODO: Refactor.
   def find_or_create_user(user_data, auth_token)
     auth_token.token
@@ -102,6 +124,8 @@ def find_or_create_user(user_data, auth_token)
     # Store user ID in session for authentication
     session[:username] = user.name
     session[:user_id] = user.canvas_uid
+
+    user
   end
 
   # TODO: Move this to a Canvas API libarary or user service
@@ -115,7 +139,7 @@ def update_user_credential(user, token)
       )
     else
       user.lms_credentials.create!(
-        lms_name: 'canvas',
+        lms_id: Lms.CANVAS_LMS.id,
         token: token.token,
         refresh_token: token.refresh_token,
         expire_time: Time.zone.at(token.expires_at)

app/controllers/user_to_courses_controller.rb

@@ -1,25 +1,57 @@
 class UserToCoursesController < ApplicationController
-  before_action :authenticate_user
+  before_action :authenticate_user!
   before_action :set_course
-  before_action :ensure_course_admin
+  before_action :set_enrollment
+  before_action :authorize_instructor!
 
   def toggle_allow_extended_requests
-    @enrollment = @course.user_to_courses.find(params[:id])
-
     if @enrollment.update(allow_extended_requests: params[:allow_extended_requests])
       render json: { success: true }, status: :ok
     else
-      flash[:alert] = "Failed to update enrollment: #{@enrollment.errors.full_messages.to_sentence}"
-      render json: { redirect_to: course_path(@course) }, status: :unprocessable_content
+      render json: {
+        success: false,
+        errors: @enrollment.errors.full_messages,
+        redirect_to: courses_path
+      }, status: :unprocessable_content
+    end
+  end
+
+  def update_notes
+    if @enrollment.update(notes: params[:notes])
+      render json: { success: true, notes: @enrollment.notes }, status: :ok
+    else
+      render json: { success: false, error: @enrollment.errors.full_messages.to_sentence }, status: :unprocessable_content
     end
   end
 
   private
 
-  def ensure_course_admin
-    enrollment = @course.user_to_courses.find_by(user: @user)
-    return if enrollment&.course_admin?
+  def authenticate_user!
+    user_id = session[:user_id]
+    @current_user = User.find_by(canvas_uid: user_id) if user_id
+    redirect_to root_path unless @current_user
+  end
+
+  def set_course
+    @course = Course.find_by(id: params[:course_id])
+    unless @course
+      flash[:alert] = 'Course not found.'
+      redirect_to courses_path
+    end
+  end
 
-    render json: { error: 'You must be an instructor or Lead TA.', redirect_to: course_path(@course) }, status: :forbidden
+  def set_enrollment
+    @enrollment = @course.user_to_courses.find(params[:id])
+  end
+
+  def authorize_instructor!
+    user_to_course = UserToCourse.find_by(user: @current_user, course: @course)
+    unless user_to_course&.course_admin?
+      render json: {
+        success: false,
+        error: 'Forbidden',
+        redirect_to: courses_path
+      }, status: :forbidden
+    end
   end
 end

app/facades/canvas_facade.rb

@@ -1,4 +1,5 @@
 require 'date'
+require 'cgi'
 require 'faraday'
 require 'json'
 require 'ostruct'
@@ -8,6 +9,9 @@ class CanvasFacade < LmsFacade
   class CanvasAPIError < LmsFacade::LmsAPIError; end
 
   CANVAS_URL = ENV.fetch('CANVAS_URL', nil)
+  CANVAS_CUSTOM_COURSE_ROLES = {
+    UserToCourse::LEAD_TA_ROLE => 'Lead TA'
+  }.freeze
 
   # Canvas instances can scope the flextensions developer key.
   # There must be one scope for each endpoint we can use.
@@ -161,10 +165,10 @@ def get_all_course_users(course, role = nil)
     # sigh, manually construct query string until we tweak Faraday middleware
     # to include :url_encoded, then use `'enrollment_type[]' : list_or_string`
     query_string = 'per_page=100'
-    query_string += "&enrollment_type[]=#{role}" if role.is_a?(String) && role.present?
+    query_string += "&#{role_query_param(role)}" if role.is_a?(String) && role.present?
 
     if role.is_a?(Array) && role.present? # rubocop:disable Style/IfUnlessModifier
-      query_string += role.map { |r| "&enrollment_type[]=#{r}" }.join
+      query_string += role.map { |r| "&#{role_query_param(r)}" }.join
     end
 
     depaginate_response(@canvas_conn.get("courses/#{course.canvas_id}/users?#{query_string}"))
@@ -189,6 +193,17 @@ def get_instructor_courses
     teacher_courses + ta_courses
   end
 
+  def role_query_param(role)
+    normalized_role = UserToCourse.normalize_role(role)
+    canvas_course_role = CANVAS_CUSTOM_COURSE_ROLES[normalized_role]
+
+    if canvas_course_role
+      "enrollment_role=#{CGI.escape(canvas_course_role)}"
+    else
+      "enrollment_type[]=#{CGI.escape(normalized_role)}"
+    end
+  end
+
   ##
   # Gets a specified course that the authorized user has access to.
   #

app/javascript/controllers/course_settings_controller.js

@@ -1,12 +1,13 @@
 import { Controller } from "@hotwired/stimulus"
 
 export default class extends Controller {
-  static targets = ["emailField", "tab", "gradescopeField", "slackWebhookField"];
+  static targets = ["emailField", "tab", "gradescopeField", "slackWebhookField", "pendingNotificationEmail"];
 
   connect() {
     this.toggleEmailFields();
     this.toggleSlackWebhookField();
     this.toggleGradescopeFields();
+    this.togglePendingNotificationEmail();
 
     const gradescopeToggle = document.getElementById('enable-gradescope');
     if (gradescopeToggle) {
@@ -53,6 +54,15 @@ export default class extends Controller {
     }
   }
 
+  togglePendingNotificationEmail() {
+    const frequencySelect = document.getElementById('pending-notification-frequency');
+    const emailField = document.getElementById('pending-notification-email');
+
+    if (frequencySelect && emailField) {
+      emailField.disabled = !frequencySelect.value;
+    }
+  }
+
   updateUrlParam(event) {
     const tabName = event.currentTarget.dataset.tab;
     const url = new URL(window.location);