There is a planned edx-drf-extension update to 3.0.0 to remove the
toggle used for ENFORCE_JWT_SCOPES. Currently, edx-platform is dependent
on the this toggle. This constraint will keep other `make upgrade` PRs
working in the short window before the edx-paltform PR to remove the
same toggle can land.
BOM-1324
Impact is that for proctoring backends which support in-exam keepalive
ping messages to ensure the monitoring software is running while
learners have access to proctored exams, we will no longer send ping
requests while the learner is on the ready_to_submit page. These pings
have caused issues for some of our learners in the past, in that some
learners idle on this page waiting for a slow-to-shut-down
application. Pinging while the app is shutting down may've caused
spurious false positives for suspicious learner behavior, and we lose
little integrity by enabling the learner to continue to see the
non-exam-content interstitial, so we're relaxing this rule.
JIRA:CR-1597
Alert msgs are not aligned as expected in their enclosing divs on
smaller devices.To make them aligned its css is fixed so that
user experience can be improved.
PROD-1032
We should use encodeURIComponent instead of encodeURI when encoding part of uri like querystring. encodeURI does not encode `+` sign. For example a query string parameter like `scope=user_id+profile+email` is not encoded by `encodeURI` which results in invalid url on select multiple enterprise page.
Fixed broken test
Right now the units of a public course are hidden if there is at least a graded activity in them. This is done due to a change(69eeca61d8) that was done before the implementation of public_view mechanism for unenrolled users.
Since we use public_view now and by default it restricts the unit rendering for anonymous users we do not need to limit the access at this way for anonymous users.
This was originally a separate plugin called openedx-olx-rest-api.
It provides a Studio API that any user with course authoring permission can use to get the OLX of an individual XBlock or a unit. Without this, the only way to get an XBlock's OLX was to download the tarball of the entire course.
Examples of usage (be logged in to Studio on devstack):
Simple HTML XBlock:
http://localhost:18010/api/olx-export/v1/xblock/block-v1:edX+DemoX+Demo_Course+type@html+block@030e35c4756a4ddc8d40b95fbbfff4d4/
Exporting a unit:
http://localhost:18010/api/olx-export/v1/xblock/block-v1:edX+DemoX+Demo_Course+type@vertical+block@134df56c516a4a0dbb24dd5facef746e/
Example output for an HTML block:
{
"root_block_id":"block-v1:edX+DemoX+Demo_Course+type@html+block@030e35c4756a4ddc8d40b95fbbfff4d4",
"blocks":{
"block-v1:edX+DemoX+Demo_Course+type@html+block@030e35c4756a4ddc8d40b95fbbfff4d4":{
"olx":"<html display_name=\"Blank HTML Page\"><![CDATA[\n<p><strong>Welcome to the edX Demo Course Introduction.</strong></p>\n]]></html>\n"
}
}
}
The code is designed primarily for use when importing content into Blockstore. So it will:
* Export HTML blocks as a combined OLX/HTML file, with the HTML in a CDATA section
* Convert vertical blocks to unit blocks (unit is like a vertical but has no UI elements)
* Detect static files (such as images) used by the XBlock and list the absolute URL of each static file in the "static_files": {...} JSON element for each XBlock that has at least one static file usage. This can handle static files that are in mongo ("contentstore" / "Files & Uploads") as well as files generated on-the-fly during OLX serialization via the export_fs API (mostly this is video transcripts).
We decided this approach - of redirecting to the new courseware MFE when users hit the page - won’t be feasible because there are still circumstances when we want that page to load. For instance, exams, or if an instructor wants to go back to the old experience. Instead of doing this, we need to track down all the links to the courseware page and put the waffle flag check on those instead.
1. This is a partial check-in. It causes jump_to links in the header user menu to work, but doesn’t address any other dashboard links.
2. I also need to figure out the best way to test this, having not tested a toggle like this before.
* WIP: add third-party-auth scope and usage
BOM-1264
* Fix tests now that we do permissions in a more standard way.
Rather than manually setting the permission class we previously
explicitly raised a PermissionDenied exception. The way DRF
permissoning logic works, if we use the WWW-Authenticate header in the
highest priority auth class, it will return a 401 instead of a 403.
* Added test to make sure having permissions gives access to user mapping api
* Test new filters logic.
Ensure that the filters we add to the application access model make it
into the JWT correctly.
* quality fix
* quality fix
* disable pylint warning
* quality fix
* fix indent prob
Co-authored-by: Feanil Patel <feanil@edx.org>
Co-authored-by: Manjinder Singh <49171515+jinder1s@users.noreply.github.com>
