In https://github.com/edx/edx-platform/pull/25955 `HiddenDescriptor`
(which was a subclass of `RawDescriptor` with a custom `student_view()`)
was converted to an XBlock. It is used as the `default_class` by the
`CachingDescriptorSystem` classes. However `RawDescriptor` is still
being used by `XMLModuleStore`. This has been replaced by
`HiddenDescriptor` as well.
This release adds a new permission check when rendering the practice proctored exam view. If a learner is not in a paid enrollment track, the learner will no longer be able to use proctoring software in a practice proctored exam. As with other proctored exams, learners not in a paid enrollment track will see the exam content. This uses the 'can_take_proctored_exam' permission.
Now that we always return an existing value from the DB rather than trusting that ID generation is deterministic and constant over time, we're free to change the generation algorithm.
Our long term goal is to switch to random IDs, but we need to first investigate the uses of save=False. In the meantime, this is a good opportunity to move away from MD5, which has a number of cryptographic weaknesses. None of the known vulnerabilities are considered exploitable in this location, given the limited ability to control the input to the hash, but we should generally be moving away from it everywhere for consistency.
This change should not be breaking even for save=False callers, since those calls are extremely rare (1 in 100,000) and should only occur after a save=True call, at which point they'll use the stored value. Even if this were not true, for a save=False/True pair of calls to result in a mismatch in output, the first of the calls would have to occur around the time of the deploy of this code.
Co-authored-by: Tim McCormack <tmccormack@edx.org>
Co-authored-by: Tim McCormack <tmccormack@edx.org>
This is required because edx-platform uses the waffle API from
completion, which itself depends on edx-toggles. So if we change
edx-toggles import paths, we also need to upgrade our usage of
completion here.
By explicitly importing the legacy namespace classes, we make it clear
that we are using soon-to-be-deprecated classes. We will then be able to
start removing the legacy classes, one module at a time.
* Generate common/djangoapps import shims for LMS
* Generate common/djangoapps import shims for Studio
* Stop appending project root to sys.path
* Stop appending common/djangoapps to sys.path
* Import from common.djangoapps.course_action_state instead of course_action_state
* Import from common.djangoapps.course_modes instead of course_modes
* Import from common.djangoapps.database_fixups instead of database_fixups
* Import from common.djangoapps.edxmako instead of edxmako
* Import from common.djangoapps.entitlements instead of entitlements
* Import from common.djangoapps.pipline_mako instead of pipeline_mako
* Import from common.djangoapps.static_replace instead of static_replace
* Import from common.djangoapps.student instead of student
* Import from common.djangoapps.terrain instead of terrain
* Import from common.djangoapps.third_party_auth instead of third_party_auth
* Import from common.djangoapps.track instead of track
* Import from common.djangoapps.util instead of util
* Import from common.djangoapps.xblock_django instead of xblock_django
* Add empty common/djangoapps/__init__.py to fix pytest collection
* Fix pylint formatting violations
* Exclude import_shims/ directory tree from linting
* Use full LMS imports paths in LMS settings and urls modules
* Use full LMS import paths in Studio settings and urls modules
* Import from lms.djangoapps.badges instead of badges
* Import from lms.djangoapps.branding instead of branding
* Import from lms.djangoapps.bulk_email instead of bulk_email
* Import from lms.djangoapps.bulk_enroll instead of bulk_enroll
* Import from lms.djangoapps.ccx instead of ccx
* Import from lms.djangoapps.course_api instead of course_api
* Import from lms.djangoapps.course_blocks instead of course_blocks
* Import from lms.djangoapps.course_wiki instead of course_wiki
* Import from lms.djangoapps.courseware instead of courseware
* Import from lms.djangoapps.dashboard instead of dashboard
* Import from lms.djangoapps.discussion import discussion
* Import from lms.djangoapps.email_marketing instead of email_marketing
* Import from lms.djangoapps.experiments instead of experiments
* Import from lms.djangoapps.gating instead of gating
* Import from lms.djangoapps.grades instead of grades
* Import from lms.djangoapps.instructor_analytics instead of instructor_analytics
* Import form lms.djangoapps.lms_xblock instead of lms_xblock
* Import from lms.djangoapps.lti_provider instead of lti_provider
* Import from lms.djangoapps.mobile_api instead of mobile_api
* Import from lms.djangoapps.rss_proxy instead of rss_proxy
* Import from lms.djangoapps.static_template_view instead of static_template_view
* Import from lms.djangoapps.survey instead of survey
* Import from lms.djangoapps.verify_student instead of verify_student
* Stop suppressing EdxPlatformDeprecatedImportWarnings
* Replace track calls with eventtracking in task_track and server_track
* Making events compatible with events emitted via track app
* Fixed broken tests and quality violation
* Removed useless changes in shim. using in to have and keys in event context
Co-authored-by: zia.fazal@arbisoft.com <zia.fazal@arbisoft.com>
This looks like the last failing unit test under Django 2.2. One of a series of such failures resulting from Django no longer accepting None as POST data (since you can't really get it from a real request), most of which were already fixed by the Arbisoft team in the last few days.
EDUCATOR-4554
This fixes a bug where extended due dates were visible in the outline but not reflected on the courseware pages, resulting in problems not being submittable past the due date.
In order for edx-when to work on courseware pages, it has to be more careful about field inheritance, which version 0.2 achieves.
Cuurently, grading endpoints in capa module are vulnerable as they
are not restricted.To avoid it, changes have been made so that
they are available only for logged-in users.
LEARNER-3761
Some deprecated functionality has been removed:
- Reading data field and transforms being applied in the init() method.
- The source field.
- The source_visible attribute.
* updated files according to INCR-265
* fixed docstring and line-length problems from quality test
* Revert "fixed docstring and line-length problems from quality test"
This reverts commit d050f55a4ecfaa38f46b80ec4bb85ff399a79a8c.
* fixed errors reported in quality report
* had error, fixed it
* reversed change
* fixed over/under indentation, and added line to import.py that Ned had suggested
* tried disabling pylint for this line
* testing new email
* testing email in different window
* re-added symlink and docstring
* Minimum possible changes were made to merge CapaModule & CapaDescriptor into
one ProblemBlock class.
* There are no known changes in behavior.
* CapaModule and CapaDescriptor inherited from a number of classes which inherit
from XModule or XModuleDescriptor but did not depend on them. For all these
classes the methods were moved to mixins which did not inherit from either and
then these mixins were added to ProblemBlock in the order which maintains MRO.
Currently, ajax calls in courseware is handling 403 like 401.
In this PR, proper modifications have been done to make it
coherent with its intended behaviour.
LEARNER-7131
Currently, ajax calls in courseware is handling 403 like 401.In this
PR, proper modifications have been done to make it coherent with its
intended behaviour.
LEARNER-7131
