* feat: adds SearchAccess model
Stores a numeric ID for each course + library, which will generally be
shorter than the full context_key, so we can pack more of them into the
the Meilisearch search filter.
Also:
* Adds data migration pre-populates the SearchAccess model from the existing
CourseOverview and ContentLibrary records
* Adds signal handlers to add/remove SearchAccess entries when content
is created or deleted.
* Adds get_access_ids_for_request() helper method for use in views.
* Adds tests.
* test: can't import content.search in lms tests
* feat: use SearchAccess in documents and views
* Adds an access_id field to the document, which stores the
SearchAccess.id for the block's context.
* Use the requesting user's allowed access_ids to filter search results
to documents with those access_ids.
* Since some users have a lot of individual access granted, limit the
number of access_ids in the filter to a large number (1_000)
* Updates tests to demonstrate.
* test: can't import content.search or content_staging in lms tests
* fix: make access_id field filterable
* fix: use SearchAccess.get_or_create in signal handlers
In theory, we shouldn't have to do this, because the CREATE and DELETE
events should keep the SearchAccess table up-to-date.
But in practice, signals can be missed (or in tests, they may be
disabled). So we assume that it's ok to re-use a SearchAccess.id created
for a given course or library context_key.
* refactor: refactors the view tests to make them clearer
Uses helper methods and decorators to wrap the settings and patches used
by multiple view tests.
* feat: adds org filters to meilisearch filter
* Uses content_tagging.rules.get_user_orgs to fetch the user's
content-related orgs for use in the meilisearch filter.
* Limits the number of orgs used to 1_000 to keep token size down
* refactor: removes data migration
Users should use the reindex_studio management command to populate SearchAccess.
* refactor: adds functions to common.djangoapps.student.role_helpers
to allow general access to the user's RoleCache without having to access
private attributes of User or RoleCache.
Related changes:
* Moves some functionality from openedx.core.djangoapps.enrollments.data.get_user_roles
to this new helper method.
* Use these new helper method in content_tagging.rules
* fix: get_access_ids_for_request only returns individual access
instead of all course keys that the user can read.
Org- and GlobalStaff access checks will handle the rest.
* fix: use org-level permissions when generating search filter
Also refactors tests to demonstrate this change for OrgStaff and
OrgInstructor users.
* refactor: remove SearchAccess creation signal handlers
Lets SearchAccess entries be created on demand during search indexing.
* feat: omit access_ids from the search filter that are covered by the user's org roles
---------
Co-authored-by: Rômulo Penido <romulo.penido@gmail.com>
* feat: Add EnrollmentsService in XBlockRuntime and block renderer
These changes give ability to use `EnrollmentsService` in XBlocks
Add `get_active_enrollments_by_course_and_user` method to `EnrollmentsService` which can be used to get active enrollment of user for a give course
* chore: update API endpoints to support default JWT auth
The default DRF Auth classes were recently updated to allow for both JWT and Session auth by default. Any endpoint that overrides the AUTHENTICATION_CLASSES but has just session, just JWT or just both of those should be updated to remove the override.
Details in https://github.com/openedx/edx-platform/issues/33662
It includes support for course enrollment in case of enrollment_end date has passed or the upgrade_deadline has passed. The force_enrollment argument is used to support this functionality, and can_upgrade and include_expired will be True if force_enrollment is True. Only a user who has GlobalSupport access can perform this operation.
Description
This is a follow up to #29058 and #29413. This is the next step in moving part of the modulestore data (the course indexes / "active versions" table) from MongoDB to MySQL.
There are four steps planned in moving course index data to MySQL:
Step 1: create the tables in MySQL, start writing to MySQL + MongoDB ✅ done
Step 2: migrate all remaining courses to MySQL ✅ done
Step 3: switch reads from MongoDB to MySQL (this PR)
Step 4 (much later, once we know this is working well): stop writing to MongoDB altogether.
Supporting information
OpenCraft Jira ticket: MNG-2557
Status
✅ Tested with a large Open edX instance is in progress.
Testing instructions
Try making changes in Studio and verify that they work fine.
Deadline
None
Convert more tests from MONGO_AMNESTY to SPLIT modulestores.
This is in preparation for just wholesale denying access to Old
Mongo, so I either converted tests to split or just deleted some
test variants that were Old Mongo specific. (e.g. ddt lines)
It's long past time that the default test modulestore was Split,
instead of Old Mongo. This commit switches the default store and
fixes some tests that now fail:
- Tests that didn't expect MFE to be enabled (because we don't
enable MFE for Old Mongo) - opt out of MFE for those
- Tests that hardcoded old key string formats
- Lots of other random little differences
In many places, I didn't spend much time trying to figure out how to
properly fix the test, and instead just set the modulestore to Old
Mongo.
For those tests that I didn't spend time investigating, I've set
the modulestore to TEST_DATA_MONGO_AMNESTY_MODULESTORE - search for
that string to find further work.
Using the same Client or APIClient instance for multiple users, where
one user has an active session and the other is making an
Authorization header call, results in a Safe Sessions violation.
By using separate clients for different test users, we avoid this
violation, allowing `ENFORCE_SAFE_SESSIONS` to be enabled by default.
The _does_name_change_require_verification(user_profile, old_name, new_name) method of the accounts user_api determines whether a learner can change their name from old_name to new_name. Originally, it delegated solely to the NameChangeValidator class of the edx-name-affirmation API, which ran a set of checks against the name change. One of said checks was asserting that learners with one or more certificates could not change their name without completing IDV.
This pull request changes this behavior.
Learners may have certificates that are not in a passable status (e.g. "unverified"). We only want to require IDV for name changes for learners that have passing statuses. The existing code prevented learners from changing their name if they had any certificates at all, irrespective of the certificate status. This change only considers certificates in a passable status.
Additionally, learners may have certificates and also not be enrolled in any "verified" seats. For example, despite edX no longer offering "honor" seats, learners may have enrollments in "honor" modes, which grant certificates but are not considered "verified" enrollment modes. IDV requires that a learner be enrolled in a "verified" seat in order to complete IDV. Prior to this change, learners that were navigated to IDV to validate a name change were unable to complete IDV. This change introduce a check that a learner is in a "verified" mode in addition to using the NameChangeValidator. This prevents the account MFE from navigating an IDV-ineligible learner to IDV.
MST-1254: https://openedx.atlassian.net/browse/MST-1254
BREAKING CHANGES:
- `CORS_ORIGIN_WHITELIST` now requires URI schemes.
- Added new list `CORS_ORIGIN_WHITELIST_WITH_SCHEME` which contains all links of `CORS_ORIGIN_WHITELIST` with schemes and load the desired list after checking installed version.
- For more details, visit this: https://github.com/adamchainz/django-cors-headers/blob/main/HISTORY.rst#320-2019-11-15
* feat: Refactor out non REST portions of enrollment api from enrollment POST method
For use with edx-enterprise to avoid making REST calls for bulk enrollment and other use cases
ENT-4746
* feat: Remove unused test
Testing is covered by test_views
* refactor: isort
isort fixes
* docs: ADR for why this change
ADR
ENT-4746
* test: Fix test failure by restoring course_id to correct object
* test: Test fix
* refactor: pylint fixes
* refactor: raise from to avoid pylint error
* refactor: Start to work toward a util in enterprise_support instead of refactoring this endpoint
* feat: Add util function in enterprise_support to eventually handle enrollment, only used by bulk enrollment for now
* feat: One more revised idea, this time low risk in edx platform and also helps address enterprise specific flow. testing pending
* feat: syntax and unused constant
* feat: Restore view and add new util function to use in edx-enterprise instead
* feat: breakpoint
* unused import
* feat: don't fail on existing enrollment
* docs: ADR update
* docs: docstring minor update
* test: unit test add_user_to_course_cohort
* refactor: imports
* feat: remove unused error classes
* refactor: lint
* test: Test cases
* test: Two more tests for negative cases
* feat: missing init.py file
* test: Fix tests to use correct user mock
* unused import
* refactor: Review feedback, test fixes, needs rebase now
* feat: rebase changes
* feat: keep audit_log with similar logic as in the view
* refactor: Review feedback, test constant usage
django-not-configured is an error raised by pylint (with
the pylint-django plugin) when it's not correctly configured.
We should not be applying lint amnesty for such a violation.
* The original use of user.has_perm('can_take_proctored_exam') in the get_active_enrollments_for_course method had very poor performance when used for multiple learners. The permission is not designed for use in bulk operations. It was being called for each user in a loop by edx-proctoring, resulting in many queries to the database. This lead to timeouts on the client. This change exposes a new service endpoint that performs this permission checking in the database, resulting in one single query to the necessary LMS SQL tables and many fewer queries to the modulestore.
* bump version of edx-proctoring to 3.7.3
* Generate common/djangoapps import shims for LMS
* Generate common/djangoapps import shims for Studio
* Stop appending project root to sys.path
* Stop appending common/djangoapps to sys.path
* Import from common.djangoapps.course_action_state instead of course_action_state
* Import from common.djangoapps.course_modes instead of course_modes
* Import from common.djangoapps.database_fixups instead of database_fixups
* Import from common.djangoapps.edxmako instead of edxmako
* Import from common.djangoapps.entitlements instead of entitlements
* Import from common.djangoapps.pipline_mako instead of pipeline_mako
* Import from common.djangoapps.static_replace instead of static_replace
* Import from common.djangoapps.student instead of student
* Import from common.djangoapps.terrain instead of terrain
* Import from common.djangoapps.third_party_auth instead of third_party_auth
* Import from common.djangoapps.track instead of track
* Import from common.djangoapps.util instead of util
* Import from common.djangoapps.xblock_django instead of xblock_django
* Add empty common/djangoapps/__init__.py to fix pytest collection
* Fix pylint formatting violations
* Exclude import_shims/ directory tree from linting
Make demographics collection banner on dashboard use new demographics
API which checks enterprise as well. Also expose serialization of
CourseEnrollments.
We now either pass in the relevant courseoverview or when creating the
enrollement we use the factory which automatically creates the relevant
CourseOverview object for testing purposes.
