If a learner changes modes (like upgrades to a verified learner),
we will reset their schedule for them. But if they did this before
the course started, we would accidentally set their schedule to
the current time. So when the course did start, they would already
appear to be behind schedule.
That's silly. So now we always look at course start time when
resetting the learner's schedule.
AA-426
In order to complete https://openedx.atlassian.net/browse/TNL-9320, we need to better encode the URI of the editor using the block id.
We also need to allow users to navigate out of the editors while it is a new page using the back button for a11y reasons.
Switch from files.edx.org to the logos.openedx.org url for the "Powered
by Open edX" logos. We should still keep the old url working as many
old versions of Open edX still referer to it.
We're making this change so that for future versions of the edx-platform
the DNS for these logos lives alongside the rest of the Open edX
infrastructure managed by tCRIL.
MST-1317. The enrollment mode of a learner should still display on the course listing, even if IDV is disabled. Right now, all enrollment messaging is disabled if IDV is turned off, as we are no longer returning the verifications status for a learner in that case. We should still return the enrollment mode if IDV is disabled, but exclude any IDV messaging.
This LTI call was failing in unit tests when `ENFORCE_SAFE_SESSIONS` was
enabled. I'm not sure why we didn't see failures in production when the
toggle was enabled in config.
The course outline view has a way for a staff user to make a request as if
they are another user, not just by using the masquerade mechanism but also
by setting a request parameter. This can result in false positives in the
safe-sessions middleware, and if `ENFORCE_SAFE_SESSIONS` is enabled the
responses will be 401 errors.
The fix here is to do the same thing that masquerading does in setting a
`real_user` property on the new user object, which the safe-sessions
middleware then undoes (restoring the request.user) before determing
whether there's a mismatch.
(Without this fix, enabling `ENFORCE_SAFE_SESSIONS` also causes some tests
in `test_views.py` to fail.)
Using the same Client or APIClient instance for multiple users, where
one user has an active session and the other is making an
Authorization header call, results in a Safe Sessions violation.
By using separate clients for different test users, we avoid this
violation, allowing `ENFORCE_SAFE_SESSIONS` to be enabled by default.
Change `mark_user_change_as_expected` to no longer take the response object
and instead convey the expected-change information via RequestCache.
This requires edx-django-utils 4.4.2, which fixes the bug where
RequestCache was cleared in the exception phase.
Also, no longer mark `ENFORCE_SAFE_SESSIONS` toggle as
temporary. We'll want it as an opt-out.
I was tempted to take this opportunity to move any existing
`mark_user_change_as_expected` calls to be closer to where the actual
change request.user occurs, reducing risk of both false positives and false
negatives, but it would be better to do that one at a time in case a move
breaks something. (Ideally it would be called right after any
`django.contrib.auth` `login` or `logout` call; previously, we were
constrained by having to make the call after a response object had been
created.) These changes can be made later if it becomes necessary.
* Deprecates ModuleSystem can_execute_unsafe_code, get_python_lib_zip and cache properties
* Adds a new CacheService and SandboxService to provide the deprecated property
* Adds tests for the added CacheService and SandboxService
* Updates the ModuleSystemShim tests in Lms and Studio
Non-enrolled staff users were being shown enroll links for courses
that you can't self-enroll for (masters-only, invitation-only, etc).
This fixes the outline page to ignore staff status for that check.
AA-1164
`symmath` has been added to `openedx-calc v3.0.0`. Prior to removing
`symmath` from `edx-platform`, a constraint needs to be put on using the
old version of `openedx-calc` so that everything plays nicely.
* feat: Created API for programs live page zoom lti
* refactor: Merged similar code by inheritance
* refactor: removed duplicates and resolved tight coupling issues
* refactor: Decoupled views
when fetching block metadata and rendering blocks while maintaining the
original usage IDs/OLX.
This change is marked temporary because LabXchange need it during the
transition to a custom runtime, but it's not really useful to anyone
else. We will revert this change with a future PR.
The content library tests were failing to locate templates when
rendering XBlocks, but since these tests are skipped in CI, the issue
went undetected.
This fix is marked temporary because a proper fix involves adding
lms/templates to the cms.envs.test MAKO_TEMPLATE_DIRS_BASE list. This
was tried, and caused unrelated tests to fail, and so we took this
approach instead. See PR for full details.
