The rest API for discussions was using custom HTML sanitisation code that
matched the behaviour of the client-side library. This replaces the custom
code with bleach for better security.
This change adds three new filters to the threads API. They are:
* Filtering only threads that are flagged for abuse
* Filtering by the thread type (discussion or question)
* Filtering by the thread author
In addition it also adds a new ``abuse_flagged_count`` field for threads. It
returns a count of the number of comments in a thread that are flagged for abuse.
This is only visible to users that have moderator privileges or higher.
Finally it also adds a ``abuse_flagged_any_user`` field that is set if any user
has flagged a thread. This field too, is only visible to moderators or above.
Co-authored-by: Kshitij Sobti <kshitij@opencraft.com>
* feat: Course Apps API
This adds a new concept called course apps. These are exposed via a new
"openedx.course_app" entrypoint, which helps the LMS and studio discover such
apps and list them in a new rest api for the same.
These course apps will drive the pages and resources view in the course authoring
MFE. This system will track which apps are enabled and which are disabled. It
also allows third-party apps to be listed here by using the plugin entrypoint.
* Apply feedback from review
Code in ./common/lib/xmodule/xmodule should
be imported as `from xmodule`, since `xmodule`
is a locally-installed package.
This is weird, but as long as it is the case,
we should be consistent.
(In BOM-2584, I propose moving the files to
./xmodule, which would quell this confusion.)
* Python code cleanup by the cleanup-python-code Jenkins job.
This pull request was generated by the cleanup-python-code Jenkins job, which ran
```
cd lms/djangoapps/dashboard; find . -type f -name '*.py' | while read fname; do sed -i 's/ # lint-amnesty, pylint: disable=super-with-arguments//; s/ # lint-amnesty, pylint: disable=import-error, wrong-import-order//; s/ # lint-amnesty, pylint: disable=wrong-import-order//' "$fname"; done; find . -type f -name '*.py' | while read fname; do pyupgrade --exit-zero-even-if-changed --py3-plus --py36-plus --py38-plus "$fname"; done; isort --recursive .
```
The following packages were installed:
`pyupgrade,isort`
* feedback done
Co-authored-by: Zulqarnain <muhammad.zulqarnain@arbisoft.com>
While deleting a post, the number of comments are retrieved where API reports wrong number of total pages due to PY3 incompatible division:
response.data["pagination"]
{'previous': None, 'count': 3, 'num_pages': 1.02, 'next': 'http://apros.devstack.lms?ajax=1&page=2'}
Which results in PageNotFoundError:
is_thread)):
File "/edx/src/discussion-edx-platform-extensions/social_engagement/engagement.py", line 382, in _get_paginated_results
has_next = response.data["pagination"]["next"]
File "/edx/app/edxapp/edx-platform/lms/djangoapps/discussion/rest_api/views.py", line 526, in retrieve
form.cleaned_data["requested_fields"],
File "/edx/app/edxapp/edx-platform/lms/djangoapps/discussion/rest_api/api.py", line 1074, in get_response_comments
raise PageNotFoundError("Page not found (No results on this page).")
openedx.core.lib.exceptions.PageNotFoundError: Page not found (No results on this page).
Technically, both "2020-10-20T23:59:00Z" and "2020-10-20T23:59:00+00:00"
are ISO-8601 compliant, though the latter is preferred. The Discussions
API uses the "Z" notation for almost all its dates, except for the
course blackout dates (those times when students aren't allowed to post
anything because it would threaten exam integrity). That's because the
blackout dates are manually formatted using datetime.isoformat().
As best as I can tell, we've always passed back the "+00:00" for the
blackout dates. But at some point, this broke the expectations of the
mobile apps, which expect the "+Z" format, like the rest of the API.
This commit changes the blackout dates to be returned in +Z format when
the blackout datetimes are specified by the user in UTC (which is almost
always the case–I suspect the mobile clients would break if the dates
were specified in other timezones anyhow).
* Generate common/djangoapps import shims for LMS
* Generate common/djangoapps import shims for Studio
* Stop appending project root to sys.path
* Stop appending common/djangoapps to sys.path
* Import from common.djangoapps.course_action_state instead of course_action_state
* Import from common.djangoapps.course_modes instead of course_modes
* Import from common.djangoapps.database_fixups instead of database_fixups
* Import from common.djangoapps.edxmako instead of edxmako
* Import from common.djangoapps.entitlements instead of entitlements
* Import from common.djangoapps.pipline_mako instead of pipeline_mako
* Import from common.djangoapps.static_replace instead of static_replace
* Import from common.djangoapps.student instead of student
* Import from common.djangoapps.terrain instead of terrain
* Import from common.djangoapps.third_party_auth instead of third_party_auth
* Import from common.djangoapps.track instead of track
* Import from common.djangoapps.util instead of util
* Import from common.djangoapps.xblock_django instead of xblock_django
* Add empty common/djangoapps/__init__.py to fix pytest collection
* Fix pylint formatting violations
* Exclude import_shims/ directory tree from linting
* Use full LMS imports paths in LMS settings and urls modules
* Use full LMS import paths in Studio settings and urls modules
* Import from lms.djangoapps.badges instead of badges
* Import from lms.djangoapps.branding instead of branding
* Import from lms.djangoapps.bulk_email instead of bulk_email
* Import from lms.djangoapps.bulk_enroll instead of bulk_enroll
* Import from lms.djangoapps.ccx instead of ccx
* Import from lms.djangoapps.course_api instead of course_api
* Import from lms.djangoapps.course_blocks instead of course_blocks
* Import from lms.djangoapps.course_wiki instead of course_wiki
* Import from lms.djangoapps.courseware instead of courseware
* Import from lms.djangoapps.dashboard instead of dashboard
* Import from lms.djangoapps.discussion import discussion
* Import from lms.djangoapps.email_marketing instead of email_marketing
* Import from lms.djangoapps.experiments instead of experiments
* Import from lms.djangoapps.gating instead of gating
* Import from lms.djangoapps.grades instead of grades
* Import from lms.djangoapps.instructor_analytics instead of instructor_analytics
* Import form lms.djangoapps.lms_xblock instead of lms_xblock
* Import from lms.djangoapps.lti_provider instead of lti_provider
* Import from lms.djangoapps.mobile_api instead of mobile_api
* Import from lms.djangoapps.rss_proxy instead of rss_proxy
* Import from lms.djangoapps.static_template_view instead of static_template_view
* Import from lms.djangoapps.survey instead of survey
* Import from lms.djangoapps.verify_student instead of verify_student
* Stop suppressing EdxPlatformDeprecatedImportWarnings
* Renamed OAuth2Authentication to BearerAuthentication
* Added back OAuth2Authentication name
-there are libraries such as edx-enterprise that still import OAuth2Authentication. The OAuth2Authentication class should be fully removed when everything is importing BearerAuthentication correctly
Fix all deprecation warnings generated by Django REST Framework during the unit tests:
* ``The `base_name` argument is pending deprecation in favor of `basename`.`` (86 occurrences)
* `` `detail_route` is deprecated and will be removed in 3.10 in favor of `action`, which accepts a `detail` bool. Use `@action(detail=True)` instead.`` (18 occurrences)
- Removing deprecated auth classes
- Replacing OAuth2AuthenticationAllowInactiveUserDeprecated with OAuth2AuthenticationAllowInactiveUser
- the old class was a child class of a deprecated class that we are removing and replacing.
* Added new auth class
- Created new class called OAuth2AuthenticationAllowInactiveUser, which replaces old class with same name
- Renames previous OAuth2AuthenticationAllowInactiveUser to OAuth2AuthenticationAllowInactiveUserDeprecated
- Replaced all imports of OAuth2AuthenticationAllowInactiveUser to call deprecated class instead
- testing new class in discussion(added flag based on django setting)
These were originally fixed individually, but had to be reverted, and
are now combined in one commit. The originals were:
7b9040f6b0 This enum was backwards
8774ff1f9b Use ref_name to disambiguate serializers that drf-yasg would otherwise assume are the same.
8a44397139 Is this field missing because it is None?
4a1154a7ca Give a safer buffer for clearing the rate limiting
64c47856dd DRF 3.7.4 changed how you delegate to another view, so don't
7359ca4fb2 Is this right? It fixes two tests
fdd66e5390 Adjust the expected error message for DRF 3.7.7
9257f68fd8 The default TIME_ZONE should be UTC
