5f94a082ce
There is certain gating logic around pre-reqs, timed exams, etc. that happen at the SequenceModule level, and should be respected when rendering descendant XBlocks (like individual problems) that are in that Sequence. Rather than do a risky refactoring, I'm keeping that logic where it is and having the render_xblock view climb up through the ancestor list to call the SequenceModule for that gating information. We do _not_ check all descendants (so cousin leaf nodes in the sequence) for cotent-type-based restrictions because sequences can become very large (esp. when content libraries are used), and there is a performance overhead. If the enclosing sequence is gated in some way, we redirect to the render_xblock view for that sequence, where hopefully some useful messaging will be available. This is a stopgap. That redirect should never happen because we should never be calling the leaf XBlock for a sequence that is restricted in the MFE. But if somehow we get there anyway, either by bug or by intrepid user fiddling, it's better to redirect somewhere that an error _might_ be surfaced rather than just failing. This will actually be a little overzealous and lock things down that should be made visible later. If there's a timed exam and the exam is completed, it should be the case that content is visible (just read-only). This commit will block the content before the exam starts (this is right), open the content while the exam is live (this is right), but make the content unavailable after the exam period has finished (this is wrong). But I am going to go forward with this even knowing it's wrong because: 1. The render_xblock endpoint should never currently be used in timed exams in an intentional way. Neither the mobile experience nor the courseware MFE support it. 2. This fix will address security concerns for creative access patterns, even if it goes too far. 3. We're going to need to do a lot of work to address both pluggable access permissions handling and special exams in the courseware MFE, and a better implementation can be done then. 4. I've had multiple failed attempts to get this to work without breaking things on and off over the course of weeks, and this is a relatively low risk way of doing it that doesn't involve a major refactoring (though the bill for that will come due when we bring timed exams to the MFE).
This is the core repository of the Open edX software. It includes the LMS
(student-facing, delivering courseware), and Studio (course authoring)
components.
Installation
------------
Installing and running an Open edX instance is not simple. We strongly
recommend that you use a service provider to run the software for you. They
have free trials that make it easy to get started:
https://openedx.org/get-started/
If you will be modifying edx-platform code, the `Open edX Developer Stack`_ is
a Docker-based development environment.
If you want to run your own Open edX server and have the technical skills to do
so, `Open edX Installation Options`_ explains your options.
.. _Open edX Developer Stack: https://github.com/edx/devstack
.. _Open edX Installation Options: https://openedx.atlassian.net/wiki/spaces/OpenOPS/pages/60227779/Open+edX+Installation+Options
License
-------
The code in this repository is licensed under version 3 of the AGPL
unless otherwise noted. Please see the `LICENSE`_ file for details.
.. _LICENSE: https://github.com/edx/edx-platform/blob/master/LICENSE
More about Open edX
-------------------
See the `Open edX site`_ to learn more about the Open edX world. You can find
information about hosting, extending, and contributing to Open edX software. In
addition, the Open edX site provides product announcements, the Open edX blog,
and other rich community resources.
.. _Open edX site: https://openedx.org
Documentation
-------------
Documentation can be found at https://docs.edx.org.
Getting Help
------------
If you're having trouble, we have discussion forums at
https://discuss.openedx.org where you can connect with others in the community.
Our real-time conversations are on Slack. You can request a `Slack
invitation`_, then join our `community Slack team`_.
For more information about these options, see the `Getting Help`_ page.
.. _Slack invitation: https://openedx-slack-invite.herokuapp.com/
.. _community Slack team: http://openedx.slack.com/
.. _Getting Help: https://openedx.org/getting-help
Issue Tracker
-------------
We use JIRA for our issue tracker, not GitHub issues. You can search
`previously reported issues`_. If you need to report a problem,
please make a free account on our JIRA and `create a new issue`_.
.. _previously reported issues: https://openedx.atlassian.net/projects/CRI/issues
.. _create a new issue: https://openedx.atlassian.net/secure/CreateIssue.jspa?issuetype=1&pid=11900
How to Contribute
-----------------
Contributions are welcome! The first step is to submit a signed
`individual contributor agreement`_. See our `CONTRIBUTING`_ file for more
information – it also contains guidelines for how to maintain high code
quality, which will make your contribution more likely to be accepted.
Reporting Security Issues
-------------------------
Please do not report security issues in public. Please email
security@edx.org.
.. _individual contributor agreement: https://openedx.org/wp-content/uploads/2019/01/individual-contributor-agreement.pdf
.. _CONTRIBUTING: https://github.com/edx/edx-platform/blob/master/CONTRIBUTING.rst