Merge branch 'hotfix/25.17.1'

Author: cslzchen

CHANGELOG

@@ -2,6 +2,11 @@
 
 We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
 
+25.17.1 (2025-10-09)
+====================
+
+- Misc. fixes for Angular migration
+
 25.17.0 (2025-10-03)
 ====================
 

api/nodes/serializers.py

@@ -1228,6 +1228,7 @@ class NodeContributorsCreateSerializer(NodeContributorsSerializer):
     full_name = ser.CharField(required=False)
     email = ser.EmailField(required=False, source='user.email', write_only=True)
     index = ser.IntegerField(required=False, source='_order')
+    child_nodes = ser.ListField(required=False, write_only=True)
 
     users = RelationshipField(
         related_view='users:user-detail',
@@ -1241,13 +1242,15 @@ class NodeContributorsCreateSerializer(NodeContributorsSerializer):
     def get_proposed_permissions(self, validated_data):
         return validated_data.get('permission') or osf_permissions.DEFAULT_CONTRIBUTOR_PERMISSIONS
 
-    def validate_data(self, node, user_id=None, full_name=None, email=None, index=None):
+    def validate_data(self, node, user_id=None, full_name=None, email=None, index=None, child_nodes=None):
         if not user_id and not full_name:
             raise exceptions.ValidationError(detail='A user ID or full name must be provided to add a contributor.')
         if user_id and email:
             raise exceptions.ValidationError(detail='Do not provide an email when providing this user_id.')
         if index is not None and index > len(node.contributors):
             raise exceptions.ValidationError(detail=f'{index} is not a valid contributor index for node with id {node._id}')
+        if child_nodes and (not_children := set(child_nodes) - set(node.node_ids)):
+            raise exceptions.ValidationError(detail=f'Nodes {', '.join(not_children)} are not children of node with id {node._id}')
 
     def create(self, validated_data):
         id = validated_data.get('_id')
@@ -1260,21 +1263,23 @@ def create(self, validated_data):
         full_name = validated_data.get('full_name')
         bibliographic = validated_data.get('bibliographic')
         send_email = self.context['request'].GET.get('send_email') or self.context['default_email']
+        child_nodes = validated_data.get('child_nodes')
         permissions = self.get_proposed_permissions(validated_data)
 
-        self.validate_data(node, user_id=id, full_name=full_name, email=email, index=index)
+        self.validate_data(node, user_id=id, full_name=full_name, email=email, index=index, child_nodes=child_nodes)
 
         if send_email not in self.email_preferences:
             raise exceptions.ValidationError(detail=f'{send_email} is not a valid email preference.')
 
         try:
             contributor_dict = {
                 'auth': auth, 'user_id': id, 'email': email, 'full_name': full_name, 'send_email': send_email,
-                'bibliographic': bibliographic, 'index': index, 'save': True,
+                'bibliographic': bibliographic, 'index': index, 'save': True, 'permissions': permissions,
             }
-
-            contributor_dict['permissions'] = permissions
             contributor_obj = node.add_contributor_registered_or_not(**contributor_dict)
+            if child_nodes:
+                for child in AbstractNode.objects.filter(guids___id__in=child_nodes):
+                    child.add_contributor_registered_or_not(**contributor_dict)
         except ValidationError as e:
             raise exceptions.ValidationError(detail=e.messages[0])
         except ValueError as e:

framework/status/__init__.py

@@ -28,36 +28,37 @@ def push_status_message(message, kind='warning', dismissible=True, trust=True, j
     :param jumbotron: Should this be in a jumbotron element rather than an alert
     """
     # TODO: Change the default to trust=False once conversion to markupsafe rendering is complete
-    try:
-        current_session = get_session()
-        statuses = current_session.get('status', None)
-    except RuntimeError as e:
-        exception_message = str(e)
-        if 'Working outside of request context.' in exception_message:
-            # Working outside of request context, so should be a DRF issue. Status messages are not appropriate there.
-            # If it's any kind of notification, then it doesn't make sense to send back to the API routes.
-            if kind == 'error':
-                #  If it's an error, then the call should fail with the error message. I do not know of any cases where
-                # this branch will be hit, but I'd like to avoid a silent failure.
-                from rest_framework.exceptions import ValidationError
-                raise ValidationError(message)
-            return
-        else:
-            raise
-    if not statuses:
-        statuses = []
-    if not extra:
-        extra = {}
-    css_class = TYPE_MAP.get(kind, 'warning')
-    statuses.append(Status(message=message,
-                           jumbotron=jumbotron,
-                           css_class=css_class,
-                           dismissible=dismissible,
-                           id=id,
-                           extra=extra,
-                           trust=trust))
-    current_session['status'] = statuses
-    current_session.save()
+    # try:
+    #     current_session = get_session()
+    #     statuses = current_session.get('status', None)
+    # except RuntimeError as e:
+    #     exception_message = str(e)
+    #     if 'Working outside of request context.' in exception_message:
+    #         # Working outside of request context, so should be a DRF issue. Status messages are not appropriate there.
+    #         # If it's any kind of notification, then it doesn't make sense to send back to the API routes.
+    #         if kind == 'error':
+    #             #  If it's an error, then the call should fail with the error message. I do not know of any cases where
+    #             # this branch will be hit, but I'd like to avoid a silent failure.
+    #             from rest_framework.exceptions import ValidationError
+    #             raise ValidationError(message)
+    #         return
+    #     else:
+    #         raise
+    # if not statuses:
+    #     statuses = []
+    # if not extra:
+    #     extra = {}
+    # css_class = TYPE_MAP.get(kind, 'warning')
+    # statuses.append(Status(message=message,
+    #                        jumbotron=jumbotron,
+    #                        css_class=css_class,
+    #                        dismissible=dismissible,
+    #                        id=id,
+    #                        extra=extra,
+    #                        trust=trust))
+    # current_session['status'] = statuses
+    # current_session.save()
+    pass
 
 
 def pop_status_messages(level=0):

package.json

@@ -1,6 +1,6 @@
 {
   "name": "OSF",
-  "version": "25.17.0",
+  "version": "25.17.1",
   "description": "Facilitating Open Science",
   "repository": "https://github.com/CenterForOpenScience/osf.io",
   "author": "Center for Open Science",

tests/test_auth.py

@@ -108,7 +108,7 @@ def test_confirm_email(self):
         assert res.status_code == 302
         assert '/' == urlparse(res.location).path
         assert len(self.mock_send_grid.call_args_list) == 0
-        assert len(get_session()['status']) == 1
+        # assert len(get_session()['status']) == 1
 
     def test_get_user_by_id(self):
         user = UserFactory()

tests/test_webtests.py

@@ -747,7 +747,7 @@ def test_can_receive_resend_confirmation_email(self):
         assert self.mock_send_grid.called
         assert res.status_code == 200
         assert res.request.path == self.post_url
-        assert_in_html('If there is an OSF account', res.text)
+        # assert_in_html('If there is an OSF account', res.text)
 
     # test that confirmed user cannot receive resend confirmation email
     def test_cannot_receive_resend_confirmation_email_1(self):
@@ -761,7 +761,7 @@ def test_cannot_receive_resend_confirmation_email_1(self):
         assert not self.mock_send_grid.called
         assert res.status_code == 200
         assert res.request.path == self.post_url
-        assert_in_html('has already been confirmed', res.text)
+        # assert_in_html('has already been confirmed', res.text)
 
     # test that non-existing user cannot receive resend confirmation email
     def test_cannot_receive_resend_confirmation_email_2(self):
@@ -775,7 +775,7 @@ def test_cannot_receive_resend_confirmation_email_2(self):
         assert not self.mock_send_grid.called
         assert res.status_code == 200
         assert res.request.path == self.post_url
-        assert_in_html('If there is an OSF account', res.text)
+        # assert_in_html('If there is an OSF account', res.text)
 
     # test that user cannot submit resend confirmation request too quickly
     def test_cannot_resend_confirmation_twice_quickly(self):
@@ -788,7 +788,7 @@ def test_cannot_resend_confirmation_twice_quickly(self):
 
         # check request and response
         assert res.status_code == 200
-        assert_in_html('Please wait', res.text)
+        # assert_in_html('Please wait', res.text)
 
 
 @mock.patch('website.mails.settings.USE_EMAIL', True)
@@ -839,8 +839,8 @@ def test_can_receive_reset_password_email(self):
         # check request URL is /forgotpassword
         assert res.request.path == self.post_url
         # check push notification
-        assert_in_html('If there is an OSF account', res.text)
-        assert_not_in_html('Please wait', res.text)
+        # assert_in_html('If there is an OSF account', res.text)
+        # assert_not_in_html('Please wait', res.text)
 
         # check verification_key_v2 is set
         self.user.reload()
@@ -861,7 +861,7 @@ def test_cannot_receive_reset_password_email(self):
         # check request URL is /forgotpassword
         assert res.request.path == self.post_url
         # check push notification
-        assert_in_html('If there is an OSF account', res.text)
+        # assert_in_html('If there is an OSF account', res.text)
         assert_not_in_html('Please wait', res.text)
 
         # check verification_key_v2 is not set
@@ -886,7 +886,7 @@ def test_not_active_user_no_reset_password_email(self):
         # check request URL is /forgotpassword
         assert res.request.path == self.post_url
         # check push notification
-        assert_in_html('If there is an OSF account', res.text)
+        # assert_in_html('If there is an OSF account', res.text)
         assert_not_in_html('Please wait', res.text)
 
         # check verification_key_v2 is not set
@@ -905,7 +905,7 @@ def test_cannot_reset_password_twice_quickly(self):
         # check http 200 response
         assert res.status_code == 200
         # check push notification
-        assert_in_html('Please wait', res.text)
+        # assert_in_html('Please wait', res.text)
         assert_not_in_html('If there is an OSF account', res.text)
 
 
@@ -955,8 +955,8 @@ def test_can_receive_reset_password_email(self):
         # check request URL is /forgotpassword
         assert res.request.path == self.post_url
         # check push notification
-        assert_in_html('If there is an OSF account', res.text)
-        assert_not_in_html('Please wait', res.text)
+        # assert_in_html('If there is an OSF account', res.text)
+        # assert_not_in_html('Please wait', res.text)
 
         # check verification_key_v2 is set
         self.user.reload()