cs169 · Shklalom · Apr 7, 2026 · Apr 7, 2026
diff --git a/app/controllers/requests_controller.rb b/app/controllers/requests_controller.rb
@@ -11,7 +11,7 @@ class RequestsController < ApplicationController
   before_action :check_extensions_enabled_for_students, except: [ :export ]
   before_action :ensure_request_is_pending, only: %i[update approve reject]
   before_action :set_request, only: %i[show edit cancel]
-  before_action :check_instructor_permission, only: %i[approve reject]
+  before_action :check_instructor_permission, only: %i[approve reject mass_approve mass_reject]
 
   def index
     @side_nav = 'requests'
@@ -137,21 +137,44 @@ def approve
     @assignment = Assignment.find_by(id: @request.assignment_id)
     lms_facade = @assignment.lms_facade
     if @request.approve(lms_facade.from_user(@user), @user)
-      redirect_to course_requests_path(@course), notice: 'Request approved and extension created successfully in Canvas.'
+      notice = 'Request approved and extension created successfully in Canvas.'
+      respond_to do |format|
+        format.html { redirect_to course_requests_path(@course), notice: notice }
+        format.json { render json: { success: true, message: notice, new_status: 'approved', pending_count: @course.requests.where(status: 'pending').count } }
+      end
     else
-      flash[:alert] = "Failed to approve the request. #{@request.errors.full_messages.join(', ')}"
-      redirect_to course_requests_path(@course)
+      alert = "Failed to approve the request. #{@request.errors.full_messages.join(', ')}"
+      respond_to do |format|
+        format.html { flash[:alert] = alert; redirect_to course_requests_path(@course) }
+        format.json { render json: { success: false, message: alert }, status: :unprocessable_content }
+      end
     end
   end
 
   def reject
     if @request.reject(@user)
-      redirect_to course_requests_path(@course), notice: 'Request denied successfully.'
+      notice = 'Request denied successfully.'
+      respond_to do |format|
+        format.html { redirect_to course_requests_path(@course), notice: notice }
+        format.json { render json: { success: true, message: notice, new_status: 'denied', pending_count: @course.requests.where(status: 'pending').count } }
+      end
     else
-      redirect_to course_requests_path(@course), alert: 'Failed to deny the request.'
+      alert = 'Failed to deny the request.'
+      respond_to do |format|
+        format.html { redirect_to course_requests_path(@course), alert: alert }
+        format.json { render json: { success: false, message: alert }, status: :unprocessable_content }
+      end
     end
   end
 
+  def mass_approve
+    process_mass_action(:approve)
+  end
+
+  def mass_reject
+    process_mass_action(:reject)
+  end
+
   def export
     course = Course.find_by(id: params[:course_id])
     token = params[:readonly_api_token]
@@ -258,5 +281,97 @@ def handle_successful_student_request(student)
     result = @request.process_created_request(@user)
     redirect_to result[:redirect_to], notice: "Request created for #{student.name}. #{result[:notice]}"
   end
+
+  def process_mass_action(action)
+    request_ids = mass_request_ids
+    if request_ids.empty?
+      return render_mass_action_response(
+        success: false,
+        message: 'Please select at least one request.',
+        processed_ids: [],
+        failed_ids: [],
+        new_status: action == :approve ? 'approved' : 'denied',
+        status: :unprocessable_content
+      )
+    end
+
+    requests = @course.requests.where(id: request_ids, status: 'pending').includes(:assignment)
+
+    if requests.empty?
+      return render_mass_action_response(
+        success: false,
+        message: 'No pending requests were found for the selected rows.',
+        processed_ids: [],
+        failed_ids: request_ids,
+        new_status: action == :approve ? 'approved' : 'denied',
+        status: :unprocessable_content
+      )
+    end
+
+    processed_ids = []
+    failed_ids = request_ids - requests.map(&:id)
+
+    requests.each do |request|
+      result = action == :approve ? approve_request_for_mass_action(request) : request.reject(@user)
+      result ? processed_ids << request.id : failed_ids << request.id
+    end
+
+    processed_count = processed_ids.size
+    failed_count = failed_ids.size
+    action_label = action == :approve ? 'approved' : 'denied'
+    message =
+      if failed_count.zero?
+        "#{processed_count} request#{'s' unless processed_count == 1} #{action_label} successfully."
+      else
+        "#{processed_count} request#{'s' unless processed_count == 1} #{action_label}. "\
+          "#{failed_count} failed."
+      end
+
+    render_mass_action_response(
+      success: processed_count.positive?,
+      message: message,
+      processed_ids: processed_ids,
+      failed_ids: failed_ids,
+      new_status: action_label,
+      status: processed_count.positive? ? :ok : :unprocessable_content
+    )
+  end
+
+  def render_mass_action_response(success:, message:, processed_ids:, failed_ids:, new_status:, status:)
+    pending_count = @course.requests.where(status: 'pending').count
+    respond_to do |format|
+      format.html do
+        if success
+          redirect_to course_requests_path(@course), notice: message
+        else
+          redirect_to course_requests_path(@course), alert: message
+        end
+      end
+      format.json do
+        render json: {
+          success: success,
+          message: message,
+          processed_ids: processed_ids,
+          failed_ids: failed_ids,
+          new_status: new_status,
+          pending_count: pending_count
+        }, status: status
+      end
+    end
+  end
+
+  def approve_request_for_mass_action(request)
+    lms_facade = request.assignment&.lms_facade
+    return false unless lms_facade
+
+    request.approve(lms_facade.from_user(@user), @user)
+  rescue StandardError => e
+    Rails.logger.error("Mass approve failed for request #{request.id}: #{e.message}")
+    false
+  end
+
+  def mass_request_ids
+    Array(params[:request_ids]).map(&:to_i).uniq.select(&:positive?)
+  end
 end
 # rubocop:enable Metrics/ClassLength
diff --git a/app/controllers/user_to_courses_controller.rb b/app/controllers/user_to_courses_controller.rb
@@ -0,0 +1,21 @@
+class UserToCoursesController < ApplicationController
+  before_action :authenticate_user
+  before_action :set_course
+
+  def toggle_allow_extended_requests
+    @enrollment = @course.user_to_courses.find(params[:id])
+
+    unless @role == 'instructor'
+      Rails.logger.error "Role #{@role} does not have permission to toggle allow_extended_requests"
+      flash.now[:alert] = 'You do not have permission to perform this action.'
+      return render json: { redirect_to: course_path(@course) }, status: :forbidden
+    end
+
+    if @enrollment.update(allow_extended_requests: params[:allow_extended_requests])
+      render json: { success: true }, status: :ok
+    else
+      flash[:alert] = "Failed to update enrollment: #{@enrollment.errors.full_messages.to_sentence}"
+      render json: { redirect_to: course_path(@course) }, status: :unprocessable_entity
+    end
+  end
+end
diff --git a/app/javascript/controllers/enrollments_controller.js b/app/javascript/controllers/enrollments_controller.js
@@ -4,9 +4,14 @@ import "datatables.net-responsive";
 import "datatables.net-responsive-bs5";
 
 export default class extends Controller {
+	static targets = ["checkbox"]
 	static values = { courseId: Number }
 
 	connect() {
+		this.checkboxTargets.forEach((checkbox) => {
+			checkbox.addEventListener("change", (event) => this.toggleExtended(event, checkbox))
+		})
+
 		if (!DataTable.isDataTable('#enrollments-table')) {
 			// Define a custom sorting function for the Role column
 			DataTable.ext.type.order['role-pre'] = function (data) {
@@ -29,19 +34,55 @@ export default class extends Controller {
 					null, // Name
 					null, // Email
 					null, // Section
-					{ orderDataType: 'role-pre' } // Role column (custom sort)
+					{ orderDataType: 'role-pre' }, // Role column (custom sort)
+					null, // Extended Requests?
 				],
 				order: [[3, 'des'], [0, 'asc']] // Sort Role first, then Name
 			});
 		}
 	}
 
+	async toggleExtended(event, checkbox) {
+		const enrollmentId = checkbox.dataset.enrollmentId;
+		const url = checkbox.dataset.url;
+		const allowExtended = checkbox.checked;
+
+		try {
+			const token = document.querySelector('meta[name="csrf-token"]')?.content || '';
+
+			const response = await fetch(url, {
+				method: "PATCH",
+				headers: {
+					"Content-Type": "application/json",
+					"X-CSRF-Token": token,
+				},
+				body: JSON.stringify({
+					allow_extended_requests: allowExtended,
+				}),
+			});
+
+			const data = await response.json();
+
+			if (!response.ok) {
+				if (data.redirect_to) {
+					window.location.href = data.redirect_to;
+					return;
+				}
+				throw new Error(data.error || 'Error updating enrollment');
+			}
+
+			console.log(`Enrollment ${enrollmentId} allow_extended_requests: ${allowExtended}`);
+		} catch (error) {
+			console.error("Error updating enrollment:", error);
+			checkbox.checked = !allowExtended;
+		}
+	}
+
 	sync() {
 		const button = event.currentTarget;
 		button.disabled = true;
 		const courseId = this.courseIdValue;
-		const token = document.querySelector('meta[name="csrf-token"]').content;
-		fetch(`/courses/${courseId}/sync_enrollments`, {
+		const token = document.querySelector('meta[name="csrf-token"]').content;		fetch(`/courses/${courseId}/sync_enrollments`, {
 		  method: "POST",
 		  headers: {
 			"Content-Type": "application/json",