DO NOT MERGE - DO NOT CLOSE - Dummy PR to track upstream master#824
Draft
kaustavb12 wants to merge 518 commits into
Draft
DO NOT MERGE - DO NOT CLOSE - Dummy PR to track upstream master#824kaustavb12 wants to merge 518 commits into
kaustavb12 wants to merge 518 commits into
Conversation
…se-15f39ae feat: Upgrade Python dependency edx-enterprise
feat: integrated channels 0.1.57 Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master`
This is required in cases where we want to be able to delete or update database rows related to children blocks on the deleted block. Fetching children after deletion is not possible, which is why this signal is useful
* fix: remove legacy xmodulemixin from xblocks-contrib xblocks * feat: Upgrade Python dependency xblocks-contrib (#38399) Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master` Co-authored-by: irtazaakram <51848298+irtazaakram@users.noreply.github.com> * fix: revert extracted problem toggle * fix: remove migrated attributes from xmodulemixin * fix: add back display_name_with_default --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Redact PII fields first (name, email, username), then delete. In case an ETL tool is syncing data to a downstream data warehouse, and treats the deletes as soft-deletes, the data will have first been redacted, protecting the sensitive PII.
* feat: Adds a way to find the difference in Meiliseach state and come up with a migration plan and configuration plan depending on the state. This introduces a mechanism it or a drift engine which drill down the Meiliseach configuration and figures out what has changed: - settings - primary key depending on the change we follow a strategy wether to migrate the data or recreate the index * feat: Add the command to schedule the celery task for populating the index.
…irements-9af9d8f chore: Upgrade Python requirements
Putting this flag back as a backcompat no-op will smooth out the transition for developers and operators. Follows up on: 9af9d8f Related: overhangio/tutor#1374
4.0.1 does not exist on PyPI, breaking all CI dependency installs. Pinning to 4.0.3 which is the latest available version. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Return empty completions_dict for AnonymousUser in CourseNavigationBlocksView to prevent 500 on /api/course_home/v1/navigation/{course_key} for public anonymous access. Keeps existing outline access filtering unchanged.
* feat: add platform-wide authz scope support * feat: enhance course listing authorization with global toggle support * chore: upgrade openedx-authz to 1.19.0 * docs: add docstring for mock authorization toggle in course listing tests
* feat: enhance role assignment handling for users with org-wide scopes * refactor: update role assertion methods * refactor: replace external_key initialization with build_external_key method * refactor: streamline role assignment by directly using build_external_key method * refactor: update role assignment scope initialization to use ScopeData * refactor: introduce helper function to extract org and course ID from AuthZ scope * refactor: replace has_access with administrative_accesses_to_course_for_user * docs: clarify legacy-only CourseAccessRole query in studio course list * refactor: simplify user role assignment retrieval by using scoped api method
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5 to 7. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](codecov/codecov-action@v5...v7) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…cov/codecov-action-7 chore(deps): bump codecov/codecov-action from 5 to 7
…38736) * fix: preserve catalog and staff checks for authZ about-page access * refactor: remove about page catalog visibility error function and return CatalogVisibilityError directly
#38790) Now, when pasting a container into a library: * Only a single draft change log is created, regardless of how many "things" are in the container, and * The change is properly attributed to the current user who pressed "paste"
Removes the HomePageCourses API v1 endpoint (GET /api/contentstore/v1/home/courses) as it has been superseded by v2 since the Sumac release and is no longer used by the Authoring MFE. Removes: - HomePageCoursesView and its URL from contentstore v1 - CourseHomeTabSerializer (only used by the removed view) - All associated tests (HomePageCoursesViewTest) - Unused imports (get_course_context, CourseHomeTabSerializer) Closes: openedx/public-engineering#287 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…me-page-courses-api-v1 refactor!: remove HomePageCourses API v1 [DEPR]
The README's CMS SSO setup section uses 'studio-sso-id' as the OAuth application client ID, but instructs operators to put that same value into SOCIAL_AUTH_EDX_OAUTH2_KEY. Rename to 'studio-sso-key' so the example value matches the setting it ends up in, removing the id-vs-key confusion for first-time bare-metal setups. Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
* feat: added ora reminder notification
* docs: add ADR for standardizing serializer usage (#38139) * docs: explicitly mention API versioning incase of backwards incompatible change (#38188) Co-authored-by: Muhammad Faraz Maqsood <faraz.maqsood@A006-01130.local> * docs: add ADR for standardizing permissions usage (#38187) Currently, authorization logic is implemented inconsistently across views, serializers, and custom access checks. This ADR will define a consistent approach using DRF permission classes, object-level permissions, and queryset scoping where appropriate. Co-authored-by: Taimoor Ahmed <taimoor.ahmed@A006-01711.local> * docs: minor change in ADR language * fix: add s back * docs: migrate restful & legacy django api endpoints to standard drf viewsets (#38191) * docs: Add ADR for ensuring GET requests are idempotent Add edx-platform/docs/decisions/0030-ensure-get-requests-are-idempotent.rst as an accepted ADR. Define policy that GET endpoints must be strictly read-only, with side effects moved to explicit write endpoints or async event pipelines. Include edx-platform relevance, anti-pattern vs preferred code examples, and rollout guidance for testing and migration. * docs: add ADR for standardizing API documentation and schema coverage - Propose adoption of drf-spectacular across Open edX services - Require @extend_schema decorators for all API endpoints - Document request/response schemas, status codes, and error conditions * docs: remove incorrect ADR number * docs: address api-doc-tools deprecation in ADR per review feedback - Add context explaining what api-doc-tools is and its relationship to drf-yasg - Document deprecation and archival of api-doc-tools as a consequence - Add migration guide mapping api-doc-tools decorators and URL helpers to their drf-spectacular equivalents - Add rejected alternative for updating api-doc-tools internals - Add rollout step for final archival cutover Closes review comment by @feanil * docs: expand ADR-0027 with api-doc-tools deprecation and drf-yasg incompatibility analysis Address review feedback on FC-0118 ADR 0027: - Add context paragraph explaining what api-doc-tools is (drf-yasg shim, decorators it provides, schema view, OpenAPI 2.0 output) - Document deprecation of api-doc-tools and drf-yasg as a consequence, including transition-window behavior - Add detailed 8-point incompatibility analysis explaining why drf-yasg cannot be replaced with drf-spectacular inside api-doc-tools (recorded in the ADR itself for future reference) - Add migration plan for existing api-doc-tools consumers with concrete decorator/import/setting mapping - Update Rollout Plan to track api-doc-tools removal - Add references to drf-spectacular migration guide, drf-yasg upstream status, and api-doc-tools repository * chore: fix edx-mantained to edX-platform * docs: add ADR for standardizing pagination across APIs (#38300) * docs: add ADR for api versioning strategy (#38304) * docs: add ADR for standardizing filtering/sorting parameters (#38303) * docs: add ADR-0029 standardized error responses decision (#38246) * docs: add ADR for merging similar endpoints (#38262) * docs: ADR for normalizing nested json apis (#38305) * docs: add separate example for input & output serializers * docs: ADR for documenting and consolidating internal MFE APIs (#38309) * docs: ADR for documenting and consolidating internal MFE APIs Define a plan to document all undocumented internal LMS APIs consumed by MFEs into stable, OpenAPI-described contracts. Introduces a consolidated config endpoint pattern with optional course/user context, authentication boundaries, and a rollout plan following OEP-21 DEPR process. * docs: add ADR for canonical MFE configuration endpoint Record that /api/frontend_site_config/v1/ is the canonical endpoint for MFE/front-end runtime configuration (frontend-base SiteConfig, OEP-65) and that /api/mfe_config/v1 is legacy, on the DEPR path tracked in #37255 and added, and that user-context data (roles, permissions) belongs on resource-oriented endpoints rather than on a configuration payload. Documentation/schema coverage is deferred to the API Documentation & Schema Coverage ADR (#38189). Partially supersedes ADR 0001 (MFE Config API). Part of FC-0118 Open edX REST API standardization (#38137). Refs #38280 * docs: add ADR for standardizing authentication patterns (#38301) * docs: add ADR for standardizing authentication patterns * docs: resolve confusion & update the ADR based on OEP-0042 * docs: support multiple valid auth schemes & deprecate BearerAuthentication * docs: change wording for decisions a bit. * docs: add real examples in accordance with our updated decisions * docs: sync ADR with edx-drf-extensions issue 284 openedx/edx-drf-extensions#284 * docs: make doc more explicit & address comments * docs: move Bearer auth depr plan out of ADR Move BearerAuthentication depr plan out of this doc So that it resides in single place i.e. to its deprecation ticket. * docs: add a pointer file in oauth_dispatch for this ADR * docs: make decision more clear * docs: make authentication_classes usage more clearer * docs: adress the comment related to session authentication * chore: correct file number w.r.t order of the ADRs --------- Co-authored-by: Muhammad Faraz Maqsood <faraz.maqsood@A006-01130.local> Co-authored-by: Taimoor Ahmed <68893403+taimoor-ahmed-1@users.noreply.github.com> Co-authored-by: Taimoor Ahmed <taimoor.ahmed@A006-01711.local> Co-authored-by: Robert Raposa <rraposa@edx.org> Co-authored-by: Abdul Muqadim <abdul.muqadim@A006-01811.local> Co-authored-by: Abdul Muqadim <abdul.muqadim@192.168.1.7> Co-authored-by: Abdul-Muqadim-Arbisoft <139064778+Abdul-Muqadim-Arbisoft@users.noreply.github.com>
…8774) COURSE_CERT_CHANGED fires synchronously during GeneratedCertificate.save(), which runs inside the generate_certificate Celery task. The .delay() call was enqueuing award_course_certificate before the DB transaction committed, so the task raced ahead and hit eligible_certificates.get() DoesNotExist — exiting silently with no retry, and never posting the course cert to Credentials. Wrapping in transaction.on_commit() guarantees the cert row is committed before the task is enqueued. Fixes: EDLYPRODUCT-5411
fix: course import when lib block is synced
Instead of an enterprise-specific view decorator conditionally redirecting learners to a consent view, plugins can now hook into the CoursewareViewStarted filter to redirect anywhere. ENT-11544
Instead of enterprise-specific logic throwing an enterprise-specific start date validation error, CourseStartDateValidationFailed filter can now be used by plugins to throw a custom start date error. ENT-11544
Instead of enterprise/consent-specific access checks baked into check_course_access, the CoursewareAccessChecksRequested filter lets plugins deny courseware access with a generic priority access error. This also removes orphaned utility functions from enterprise_support: * consent_needed_for_course * get_enterprise_consent_url * get_active_enterprise_customer_user ENT-11544
feat: decouple enterprise from courseware view redirects, course start-date validation, and course access checks
At some point output from a test run got accidentally checked into test_root/data/, which made it hard to fully gitignore the other test-run artifacts that land there. Delete the orphan files and switch the directory to allow-list mode: ignore everything by default and re-include the video/ fixtures we want to keep on purpose. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…tting fix: handle empty certificate_available_date in schedule & details PUT
feat: enterprise 8.3.0 Commit generated by workflow `openedx/openedx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/master`
#38821) * fix: ComponentLinks were not deleted when parent container was deleted * test: add a relevant test case and flag overlapping handlers AI note: AI used to help write tests only. Co-Authored-By: Claude <noreply@anthropic.com>
* chore: migrate Dependabot reviewers to CODEOWNERS GitHub retired the `reviewers` key in dependabot.yml (deprecated 2025-05-27, removed 2025-08) in favor of CODEOWNERS. The key is now ignored, so the wg-maintenance-edx-platform team is no longer auto-requested on Dependabot PRs. - Remove the dead `reviewers` key and tidy indentation in dependabot.yml - Add a /.github/workflows/ entry in CODEOWNERS so the maintenance team continues to review GitHub Actions changes (incl. Dependabot bumps) Ref: https://github.com/dependabot/codeowner-migration-action * chore: restore original dependabot.yml comment Revert the comment back to "Adding new check for github-actions" to keep the diff scoped to the reviewers-key removal. --------- Co-authored-by: Abdul Muqadim <abdul.muqadim@A006-01811.local>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Settings
Tutor requirements