Skip to content

DO NOT MERGE - DO NOT CLOSE - Dummy PR to track upstream master#824

Draft
kaustavb12 wants to merge 518 commits into
open-craft:kaustav/downstream_pr_targetfrom
openedx:master
Draft

DO NOT MERGE - DO NOT CLOSE - Dummy PR to track upstream master#824
kaustavb12 wants to merge 518 commits into
open-craft:kaustav/downstream_pr_targetfrom
openedx:master

Conversation

@kaustavb12

@kaustavb12 kaustavb12 commented Feb 6, 2026

Copy link
Copy Markdown
Member

Settings

AN_IMPORTANT_NOTICE: |
  ##########################################
  This is the OpenCraft Sandbox (sandbox.opencraft.com) tracking upstream master.
  Please do not delete or modify this instance without checking with Fox first.
  ##########################################
PLATFORM_NAME: OpenCraft Sandbox
LMS_HOST: sandbox.opencraft.com
CMS_HOST: studio.sandbox.opencraft.com
PREVIEW_LMS_HOST: preview.sandbox.opencraft.com
GROVE_NEW_MFES:
  catalog:
    port: 1998
    repository: https://github.com/openedx/frontend-app-catalog.git
    version: master
GROVE_SIMPLE_THEME_BRANCH: sandbox
GROVE_SIMPLE_THEME_REPO: https://github.com/open-craft/brand-openedx.git
GROVE_COMMON_SETTINGS: |
  CATALOG_MICROFRONTEND_URL = 'https://apps.sandbox.opencraft.com/catalog'
  ENABLE_CATALOG_MICROFRONTEND = True
  DEFAULT_COURSE_VISIBILITY_IN_CATALOG = 'none'
GROVE_MFE_LMS_COMMON_SETTINGS: |
  MFE_CONFIG['LOGO_URL'] = 'https://raw.githubusercontent.com/open-craft/brand-openedx/refs/heads/sandbox/logo.png'
  MFE_CONFIG['LOGO_TRADEMARK_URL'] = 'https://raw.githubusercontent.com/open-craft/brand-openedx/refs/heads/sandbox/logo-trademark.png'
  MFE_CONFIG['LOGO_WHITE_URL'] = 'https://raw.githubusercontent.com/open-craft/brand-openedx/refs/heads/sandbox/logo-white.png'
  MFE_CONFIG['FAVICON_URL'] = 'https://raw.githubusercontent.com/open-craft/brand-openedx/refs/heads/sandbox/favicon.ico'
  MFE_CONFIG_OVERRIDES['learner-dashboard'] = {'LOGO_URL': 'https://raw.githubusercontent.com/open-craft/brand-openedx/refs/heads/sandbox/logo-white.png'}
  MFE_CONFIG_OVERRIDES['catalog'] = {'LOGO_URL': 'https://raw.githubusercontent.com/open-craft/brand-openedx/refs/heads/sandbox/logo-white.png'}
  MFE_CONFIG_OVERRIDES['profile'] = {'LOGO_URL': 'https://raw.githubusercontent.com/open-craft/brand-openedx/refs/heads/sandbox/logo-white.png'}
  MFE_CONFIG_OVERRIDES['account'] = {'LOGO_URL': 'https://raw.githubusercontent.com/open-craft/brand-openedx/refs/heads/sandbox/logo-white.png'}
OPENEDX_EXTRA_PIP_REQUIREMENTS:
- git+https://gitlab.com/opencraft/dev/openedx-auto-studio.git@fox/activation-edge-case
- git+https://github.com/open-craft/openedx-edit-links.git@main
- xblock-problem-builder
CONTACT_EMAIL: help@opencraft.com

Tutor requirements

tutor plugins enable sandbox
tutor plugins enable grove-simple-theme
tutor generate-tokens

@kaustavb12 kaustavb12 marked this pull request as draft February 6, 2026 08:34
@open-craft open-craft locked and limited conversation to collaborators Feb 10, 2026
@kaustavb12 kaustavb12 changed the title test: DO NOT MERGE - Dummy PR to track upstream master DO NOT MERGE - DO NOT DELETE - Dummy PR to track upstream master Apr 7, 2026
@kaustavb12 kaustavb12 changed the title DO NOT MERGE - DO NOT DELETE - Dummy PR to track upstream master DO NOT MERGE - DO NOT CLOSE - Dummy PR to track upstream master Apr 7, 2026
pwnage101 and others added 25 commits April 15, 2026 15:34
…se-15f39ae

feat: Upgrade Python dependency edx-enterprise
feat: integrated channels 0.1.57

Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master`
This is required in cases where we want to be able to delete or update
database rows related to children blocks on the deleted block. Fetching
children after deletion is not possible, which is why this signal is
useful
* fix: remove legacy xmodulemixin from xblocks-contrib xblocks

* feat: Upgrade Python dependency xblocks-contrib (#38399)

Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master`

Co-authored-by: irtazaakram <51848298+irtazaakram@users.noreply.github.com>

* fix: revert extracted problem toggle

* fix: remove migrated attributes from xmodulemixin

* fix: add back display_name_with_default

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
)

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
Redact PII fields first (name, email, username), then delete.
In case an ETL tool is syncing data to a downstream data
warehouse, and treats the deletes as soft-deletes, the data
will have first been redacted, protecting the sensitive PII.
* feat: Adds a way to find the difference in Meiliseach state and come up with a migration plan
and configuration plan depending on the state. This introduces a mechanism it or a drift engine which drill down the Meiliseach configuration and figures out what has changed:

- settings
- primary key

depending on the change we follow a strategy wether to migrate the data or recreate the index

* feat: Add the command to schedule the celery task for populating the index.
…irements-9af9d8f

chore: Upgrade Python requirements
Putting this flag back as a backcompat no-op will smooth
out the transition for developers and operators.

Follows up on: 9af9d8f
Related: overhangio/tutor#1374
salman2013 and others added 30 commits June 18, 2026 09:36
4.0.1 does not exist on PyPI, breaking all CI dependency installs.
Pinning to 4.0.3 which is the latest available version.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Return empty completions_dict for AnonymousUser in CourseNavigationBlocksView to prevent 500 on /api/course_home/v1/navigation/{course_key} for public anonymous access. Keeps existing outline access filtering unchanged.
* feat: add platform-wide authz scope support

* feat: enhance course listing authorization with global toggle support

* chore: upgrade openedx-authz to 1.19.0

* docs: add docstring for mock authorization toggle in course listing tests
* feat: enhance role assignment handling for users with org-wide scopes

* refactor: update role assertion methods

* refactor: replace external_key initialization with build_external_key method

* refactor: streamline role assignment by directly using build_external_key method

* refactor: update role assignment scope initialization to use ScopeData

* refactor: introduce helper function to extract org and course ID from AuthZ scope

* refactor: replace has_access with administrative_accesses_to_course_for_user

* docs: clarify legacy-only CourseAccessRole query in studio course list

* refactor: simplify user role assignment retrieval by using scoped api method
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 7.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](codecov/codecov-action@v5...v7)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
…cov/codecov-action-7

chore(deps): bump codecov/codecov-action from 5 to 7
…38736)

* fix: preserve catalog and staff checks for authZ about-page access

* refactor: remove about page catalog visibility error function and return CatalogVisibilityError directly
#38790)

Now, when pasting a container into a library:
* Only a single draft change log is created, regardless of how many "things" are in the container, and
* The change is properly attributed to the current user who pressed "paste"
Removes the HomePageCourses API v1 endpoint (GET /api/contentstore/v1/home/courses)
as it has been superseded by v2 since the Sumac release and is no longer used
by the Authoring MFE.

Removes:
- HomePageCoursesView and its URL from contentstore v1
- CourseHomeTabSerializer (only used by the removed view)
- All associated tests (HomePageCoursesViewTest)
- Unused imports (get_course_context, CourseHomeTabSerializer)

Closes: openedx/public-engineering#287

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…me-page-courses-api-v1

refactor!: remove HomePageCourses API v1 [DEPR]
The README's CMS SSO setup section uses 'studio-sso-id' as the OAuth
application client ID, but instructs operators to put that same value
into SOCIAL_AUTH_EDX_OAUTH2_KEY. Rename to 'studio-sso-key' so the
example value matches the setting it ends up in, removing the id-vs-key
confusion for first-time bare-metal setups.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat: added ora reminder notification
* docs: add ADR for standardizing serializer usage (#38139)

* docs: explicitly mention API versioning incase of backwards incompatible change (#38188)

Co-authored-by: Muhammad Faraz  Maqsood <faraz.maqsood@A006-01130.local>

* docs: add ADR for standardizing permissions usage (#38187)

Currently, authorization logic is implemented inconsistently across views, serializers, and custom access checks. This ADR will define a consistent approach using DRF permission classes, object-level permissions, and queryset scoping where appropriate.

Co-authored-by: Taimoor  Ahmed <taimoor.ahmed@A006-01711.local>

* docs: minor change in ADR language

* fix: add s back

* docs: migrate restful & legacy django api endpoints to standard drf viewsets (#38191)

* docs: Add ADR for ensuring GET requests are idempotent
Add edx-platform/docs/decisions/0030-ensure-get-requests-are-idempotent.rst as an accepted ADR.
Define policy that GET endpoints must be strictly read-only, with side effects moved to explicit write endpoints or async event pipelines.
Include edx-platform relevance, anti-pattern vs preferred code examples, and rollout guidance for testing and migration.

* docs: add ADR for standardizing API documentation and schema coverage

- Propose adoption of drf-spectacular across Open edX services
- Require @extend_schema decorators for all API endpoints
- Document request/response schemas, status codes, and error conditions

* docs: remove incorrect ADR number

* docs: address api-doc-tools deprecation in ADR per review feedback

- Add context explaining what api-doc-tools is and its relationship
  to drf-yasg
- Document deprecation and archival of api-doc-tools as a consequence
- Add migration guide mapping api-doc-tools decorators and URL helpers
  to their drf-spectacular equivalents
- Add rejected alternative for updating api-doc-tools internals
- Add rollout step for final archival cutover

Closes review comment by @feanil

* docs: expand ADR-0027 with api-doc-tools deprecation and drf-yasg incompatibility analysis

Address review feedback on FC-0118 ADR 0027:

- Add context paragraph explaining what api-doc-tools is (drf-yasg shim,
  decorators it provides, schema view, OpenAPI 2.0 output)
- Document deprecation of api-doc-tools and drf-yasg as a consequence,
  including transition-window behavior
- Add detailed 8-point incompatibility analysis explaining why drf-yasg
  cannot be replaced with drf-spectacular inside api-doc-tools (recorded
  in the ADR itself for future reference)
- Add migration plan for existing api-doc-tools consumers with concrete
  decorator/import/setting mapping
- Update Rollout Plan to track api-doc-tools removal
- Add references to drf-spectacular migration guide, drf-yasg upstream
  status, and api-doc-tools repository

* chore: fix edx-mantained to edX-platform

* docs: add ADR for standardizing pagination across APIs (#38300)

* docs: add ADR for api versioning strategy (#38304)

* docs: add ADR for standardizing filtering/sorting parameters (#38303)

* docs: add ADR-0029 standardized error responses decision (#38246)

* docs: add ADR for merging similar endpoints (#38262)

* docs: ADR for normalizing nested json apis (#38305)

* docs: add separate example for input & output serializers

* docs: ADR for documenting and consolidating internal MFE APIs (#38309)

* docs: ADR for documenting and consolidating internal MFE APIs
Define a plan to document all undocumented internal LMS APIs consumed
by MFEs into stable, OpenAPI-described contracts. Introduces a
consolidated config endpoint pattern with optional course/user context,
authentication boundaries, and a rollout plan following OEP-21 DEPR
process.

* docs: add ADR for canonical MFE configuration endpoint

Record that /api/frontend_site_config/v1/ is the canonical endpoint for
MFE/front-end runtime configuration (frontend-base SiteConfig, OEP-65) and
that /api/mfe_config/v1 is legacy, on the DEPR path tracked in #37255 and
added, and that user-context data (roles, permissions) belongs on
resource-oriented endpoints rather than on a configuration payload.
Documentation/schema coverage is deferred to the API Documentation &
Schema Coverage ADR (#38189).

Partially supersedes ADR 0001 (MFE Config API).

Part of FC-0118 Open edX REST API standardization (#38137).
Refs #38280

* docs: add ADR for standardizing authentication patterns (#38301)

* docs: add ADR for standardizing authentication patterns

* docs: resolve confusion & update the ADR based on OEP-0042

* docs: support multiple valid auth schemes & deprecate BearerAuthentication

* docs: change wording for decisions a bit.

* docs: add real examples in accordance with our updated decisions

* docs: sync ADR with edx-drf-extensions issue 284

openedx/edx-drf-extensions#284

* docs: make doc more explicit & address comments

* docs: move Bearer auth depr plan out of ADR

Move BearerAuthentication depr plan out of this doc So that it resides in single place i.e. to its deprecation ticket.

* docs: add a pointer file in oauth_dispatch for this ADR

* docs: make decision more clear

* docs: make authentication_classes usage more clearer

* docs: adress the comment related to session authentication

* chore: correct file number w.r.t order of the ADRs

---------

Co-authored-by: Muhammad Faraz  Maqsood <faraz.maqsood@A006-01130.local>
Co-authored-by: Taimoor Ahmed <68893403+taimoor-ahmed-1@users.noreply.github.com>
Co-authored-by: Taimoor  Ahmed <taimoor.ahmed@A006-01711.local>
Co-authored-by: Robert Raposa <rraposa@edx.org>
Co-authored-by: Abdul Muqadim <abdul.muqadim@A006-01811.local>
Co-authored-by: Abdul Muqadim <abdul.muqadim@192.168.1.7>
Co-authored-by: Abdul-Muqadim-Arbisoft <139064778+Abdul-Muqadim-Arbisoft@users.noreply.github.com>
…8774)

COURSE_CERT_CHANGED fires synchronously during GeneratedCertificate.save(),
which runs inside the generate_certificate Celery task. The .delay() call
was enqueuing award_course_certificate before the DB transaction committed,
so the task raced ahead and hit eligible_certificates.get() DoesNotExist —
exiting silently with no retry, and never posting the course cert to
Credentials.

Wrapping in transaction.on_commit() guarantees the cert row is committed
before the task is enqueued.

Fixes: EDLYPRODUCT-5411
fix: course import when lib block is synced
Instead of an enterprise-specific view decorator conditionally
redirecting learners to a consent view, plugins can now hook into the
CoursewareViewStarted filter to redirect anywhere.

ENT-11544
Instead of enterprise-specific logic throwing an enterprise-specific
start date validation error, CourseStartDateValidationFailed filter can
now be used by plugins to throw a custom start date error.

ENT-11544
Instead of enterprise/consent-specific access checks baked into
check_course_access, the CoursewareAccessChecksRequested filter lets
plugins deny courseware access with a generic priority access error.

This also removes orphaned utility functions from enterprise_support:

* consent_needed_for_course
* get_enterprise_consent_url
* get_active_enterprise_customer_user

ENT-11544
feat: decouple enterprise from courseware view redirects, course start-date validation, and course access checks
At some point output from a test run got accidentally checked into
test_root/data/, which made it hard to fully gitignore the other
test-run artifacts that land there. Delete the orphan files and
switch the directory to allow-list mode: ignore everything by
default and re-include the video/ fixtures we want to keep on
purpose.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…tting

fix: handle empty certificate_available_date in schedule & details PUT
feat: enterprise 8.3.0

Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master`
#38821)

* fix: ComponentLinks were not deleted when parent container was deleted

* test: add a relevant test case and flag overlapping handlers

AI note: AI used to help write tests only.

Co-Authored-By: Claude <noreply@anthropic.com>
* chore: migrate Dependabot reviewers to CODEOWNERS

GitHub retired the `reviewers` key in dependabot.yml (deprecated
2025-05-27, removed 2025-08) in favor of CODEOWNERS. The key is now
ignored, so the wg-maintenance-edx-platform team is no longer
auto-requested on Dependabot PRs.

- Remove the dead `reviewers` key and tidy indentation in dependabot.yml
- Add a /.github/workflows/ entry in CODEOWNERS so the maintenance team
  continues to review GitHub Actions changes (incl. Dependabot bumps)

Ref: https://github.com/dependabot/codeowner-migration-action

* chore: restore original dependabot.yml comment

Revert the comment back to "Adding new check for github-actions" to keep
the diff scoped to the reviewers-key removal.

---------

Co-authored-by: Abdul Muqadim <abdul.muqadim@A006-01811.local>
…38737)

Addresses follow-up feedback from PR #38427 by replacing
the retirement TODO with a permanent comment explaining
why social accounts are retained during the cooling-off period,
and by adding tests to verify that retired users cannot initiate
or complete password reset flows.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Projects

None yet

Development

Successfully merging this pull request may close these issues.