fix: allow teacher access to student project context

Author: DNR500

app/models/ability.rb

@@ -98,7 +98,7 @@ def define_school_teacher_abilities(user:, school:)
         school_class_id: ClassTeacher.where(teacher_id: user.id).select(:school_class_id)
       )
     ).pluck(:id)
-    can(%i[read], Project, remixed_from_id: teacher_project_ids)
+    can(%i[read show_context], Project, remixed_from_id: teacher_project_ids)
     can(%i[show_status unsubmit return complete], SchoolProject, project: { remixed_from_id: teacher_project_ids })
     can(%i[read create destroy], Feedback, school_project: { project: { remixed_from_id: teacher_project_ids } })
     can(%i[exchange_code], :google_auth)

spec/models/ability_spec.rb

@@ -338,6 +338,7 @@
         let(:user) { create(:teacher, school:) }
 
         it { is_expected.not_to be_able_to(:read, remixed_project) }
+        it { is_expected.not_to be_able_to(:show_context, remixed_project) }
         it { is_expected.not_to be_able_to(:create, feedback) }
         it { is_expected.not_to be_able_to(:read, feedback) }
         it { is_expected.not_to be_able_to(:set_read, feedback) }
@@ -356,6 +357,7 @@
         let(:user) { teacher }
 
         it { is_expected.to be_able_to(:read, remixed_project) }
+        it { is_expected.to be_able_to(:show_context, remixed_project) }
         it { is_expected.to be_able_to(:create, feedback) }
         it { is_expected.to be_able_to(:read, feedback) }
         it { is_expected.not_to be_able_to(:set_read, feedback) }
@@ -382,6 +384,7 @@
         it { is_expected.to be_able_to(:update, original_project) }
 
         it { is_expected.to be_able_to(:read, remixed_project) }
+        it { is_expected.to be_able_to(:show_context, remixed_project) }
         it { is_expected.not_to be_able_to(:create, remixed_project) }
         it { is_expected.not_to be_able_to(:update, remixed_project) }
         it { is_expected.not_to be_able_to(:destroy, remixed_project) }

spec/requests/projects/show_context_spec.rb

@@ -75,6 +75,37 @@
       end
     end
 
+    context 'when loading a student remix context for a lesson the teacher teaches' do
+      let(:student) { create(:student, school:) }
+      let!(:project) { create(:project, :with_instructions, school:, lesson:, user_id: teacher.id, locale: nil) }
+      let!(:student_remix) { create(:project, school:, user_id: student.id, remixed_from_id: project.id, locale: nil) }
+      let(:expected_context_json) do
+        {
+          identifier: student_remix.identifier,
+          project_type: project.project_type,
+          school_id: school.id,
+          lesson_id: lesson.id,
+          class_id: school_class.id
+        }.to_json
+      end
+
+      before do
+        create(:class_student, school_class:, student_id: student.id)
+      end
+
+      it 'returns success response' do
+        get("/api/projects/#{student_remix.identifier}/context", headers:)
+
+        expect(response).to have_http_status(:ok)
+      end
+
+      it 'returns the remix project context json' do
+        get("/api/projects/#{student_remix.identifier}/context", headers:)
+
+        expect(response.body).to eq(expected_context_json)
+      end
+    end
+
     context 'when loading another user\'s project context' do
       let!(:another_project) { create(:project, user_id: SecureRandom.uuid, locale: nil) }
       let(:another_project_json) do