The course_visiblity field can have one of three values:
1. private (default): This keeps the standard access rules.
2. public_outline: Allows unenrolled and anonymous users access to the outline.
3. public: Allows unenrolled and anonymous users access to both outline and
course content.
When an unenrolled user accesses course content, instead of student_view(),
public_view() is used. A default implementation is provided for XBlocks
which do not implement this view. The public_view() must not have any
functionality which assumes the presence of a valid User and should show
a readonly only interface for the XBlock content.
Content Type Gating: Xblocks that have a graded component cannot be
accessed by audit track users.
- Caveats:
- In studio, instructors can set certain xblocks to be available to
all users, but graded components will default to not being
available for audit users
- If a course does not have a verified mode option, all users will
have access to graded content.
The Waffle Flag: The waffle flag is of for now.
It's name is: ```content_type_gating.debug```
This Commit Does NOT Include: Displaying for a user WHY they do not have
access to a specific piece of content. That change will be part of
another PR.
The JWT_COOKIES_FLAG was a temporary flag used for rollout of the new
JWT cookies. These are live in Production, so we are removing the flag.
Without this flag, we set JWT cookies during login. However, this
requires an oAuth Client that isn't always available during unit tests.
We introduced a feature flag that is only used for unit tests to
disable setting the JWT cookies. The code explains a bit more why this
solution was selected over adding the oauth client to the database.
ARCH-247
relied on the old configuration values and old way of validating
passwords. Also improved registration page by always showing error
messages rather than hiding them on leaving the field.
the old validate password method and configuration values in favor of
AUTH_PASSWORD_VALIDATORS, a list of validators to use to check a
password. These include some that come straight from Django and some
that were written according to Django's specifications. This work also
included maintaining the current messaging as instruction text and
passing along restrictions for the password field.
From edx-drf-extensions:
1. EnsureJWTAuthSettingsMiddleware: Ensures proper JWT auth settings
for endpoints.
2. JwtAuthCookieMiddleware: Combines the JWT auth cookie parts into a
JWT auth cookie.
ARCH-233
