feat: replace enterprise_support import with AccountSettingsReadOnlyFieldsRequested filter#38223
Draft
kiram15 wants to merge 270 commits intoopenedx:masterfrom
Draft
feat: replace enterprise_support import with AccountSettingsReadOnlyFieldsRequested filter#38223kiram15 wants to merge 270 commits intoopenedx:masterfrom
kiram15 wants to merge 270 commits intoopenedx:masterfrom
Conversation
* fix: move defaultAudioCodec config earlier in init This causes it to get picked up in the places that it is actually needed to handle issues in audio quality switching.
…scripts_for_edx fix: accessibility issue on video transcripts
fix: add text alternative for external link icon in LTI components
Co-authored-by: Sameen Fatima <sameen.fatima@A006-01036.local>
Commit generated by workflow `edx/edx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/release-ulmo`
…ted-channels-ac02b33 feat: Upgrade Python dependency enterprise-integrated-channels
fix: do not autogenerate username if coming through SSO (openedx#37522)
This PR adds three new fields related to AI-powered content moderation to the accessible_fields list for both Thread and Comment models in the comment client layer. Adds is_spam, ai_moderation_reason, and abuse_flagged fields to accessible_fields lists Enables Thread and Comment objects to retrieve and store these moderation-related fields from the backend
Ran `make upgrade-package package=Django` in 3.11 venv.
fix: fixed tests and quality failures
fix: point to new models in channel_migrations app
feat: use new MFE editor for game xblock
Commit generated by workflow `edx/edx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/release-ulmo`
Commit generated by workflow `edx/edx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/release-ulmo`
…54ba feat: Upgrade Python dependency edx-enterprise
…ted-channels-136d080 feat: Upgrade Python dependency enterprise-integrated-channels
feat: look up remote_id by remote_id_field_name (openedx#37228)
Commit generated by workflow `edx/edx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/release-ulmo`
Commit generated by workflow `edx/edx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/release-ulmo`
Refactor code for better readability by formatting the creation of CourseEnrollment objects.
Removed unnecessary blank lines in test_audit_expiry_urgency.py.
Commit generated by workflow `edx/edx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/release-ulmo`
…ted-channels-ca06f9c feat: Upgrade Python dependency enterprise-integrated-channels
Refactor eligibility checks for audit expiry urgency.
Removed comments to simplify the code and address pylint warnings.
Refactor enrollment processing logic to use a dedicated function for eligibility checks, improving code clarity and maintainability.
…vel controls (#54) This update introduces a comprehensive Mute / Unmute feature for discussion forums, enabling learners and staff to manage unwanted interactions more effectively while maintaining a healthy learning environment. The feature supports both personal and course-wide mute scopes, with clear role-based restrictions and overrides. The implementation ensures muted content is hidden retroactively as well as for future posts, without notifying muted users. Special handling is included to prevent learners from muting staff or themselves, while giving staff full moderation control across the course.
feat: implement hard delete for enterprise customer admin Commit generated by workflow `edx/edx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/release-ulmo`
(**Note:** This is a cherrypick of 21cead2 from openedx release/ulmo.) The activation_key field was exposed in /api/user/v1/accounts/{username}, allowing an attacker to bypass email verification by combining two behaviors: 1. OAuth2 password grant issues tokens to inactive users (intentional) 2. activation_key returned in API response (the vulnerability) An attacker could register, get an OAuth2 token, read the activation_key from the API, then GET /activate/{key} to activate without email access. Fix: remove activation_key from UserReadOnlySerializer.to_representation() and from ACCOUNT_VISIBILITY_CONFIGURATION["admin_fields"] (which controls the field whitelist in _filter_fields — listed fields default to None even if absent from the serializer data dict). Reported by Daniel Baillo via the Open edX security working group. Co-authored-by: Feanil Patel <feanil@axim.org> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
* feat: add components from Outline page * refactor: remove component templates from unit handler
…eter (#216) **Note:** This is a cherrypick of 76462f1 for GHSA-2843-x998-f8r2 The view_survey endpoint accepted a redirect_url GET parameter and passed it directly to HttpResponseRedirect() with no validation. If a non-existent survey name was requested, this produced an immediate 302 to an attacker-controlled URL. If a valid survey was requested, the same URL was embedded in a hidden _redirect_url form field; after submission, submit_answers echoed it back in JSON and client-side JS used it as location.href — a second unvalidated redirect path. Fix both by ignoring user-supplied redirect URLs entirely: - view_survey no longer reads redirect_url from GET params - submit_answers always redirects to reverse('dashboard') rather than reading _redirect_url from the POST body Note: view_student_survey retains its redirect_url parameter because it is also called from the courseware view (courseware/views/views.py), which passes a server-controlled course_home_url. That call path is unaffected. Fixes: GHSA-2843-x998-f8r2 BREAKING CHANGE: The redirect_url GET parameter on /survey/<name>/ is no longer honored. Requests that previously redirected to a caller-specified URL after survey completion will now always redirect to the dashboard. Co-authored-by: Feanil Patel <feanil@axim.org>
* fix: add additional logging to course overview integrityerror * fixup! fix: add additional logging to course overview integrityerror
* fix: prevent entrance exam minimum from being set to None * test: add test * fixup! test: add test
Angle bracket markup (e.g., < >) was being rendered as HTML upon submission, causing content to disappear or display incorrectly in discussion posts. While the content appeared correctly during authoring and preview, it was not preserved after posting. This issue affected both manually typed markup and content added via the "Insert/Edit Code Sample" toolbar option, making it difficult to share code snippets in programming-related discussions. This fix ensures that angle brackets are properly escaped and preserved as plaintext, maintaining consistency between preview and final rendered posts.
Bulk delete functionality is currently implemented only for the MongoDB backend, while the corresponding implementation for the MySQL backend is still pending. As part of the migration from MongoDB to MySQL, it is essential to implement bulk delete support in the MySQL backend to ensure feature parity and consistent behavior across both systems.
#220) * fix: prevent None entrance_exam_minimum_score_pct from breaking CourseOverview sync (openedx#37339) * fix: prevent None entrance_exam_minimum_score_pct from breaking CourseOverview sync When entrance exams are disabled in Studio, the field `entrance_exam_minimum_score_pct` was set to `None`. This caused silent failures when saving `CourseOverview` because the database column requires a float (NOT NULL). This patch ensures that: - CourseOverview sanitizes None values by falling back to `settings.ENTRANCE_EXAM_MIN_SCORE_PCT` (default=50). - Studio avoids writing `None` and instead applies the configured default. Impact: - Prevents IntegrityErrors and silent failures when updating course settings. - Restores proper syncing between modulestore (Mongo) and CourseOverview (MySQL). - Fixes reported issues such as display name changes not persisting and course start dates not syncing. Closes: openedx#37319 * refactor: clean up entrance_exam_minimum_score_pct handling - Consolidate logic to avoid repeated assignments - Centralize None fallback and int/float normalization - Improve readability with inline comment and consistency with Open edX style * test: update entrance exam deletion test to expect default min score - Adjusted `test_entrance_exam_created_updated_and_deleted_successfully` to check for `settings.ENTRANCE_EXAM_MIN_SCORE_PCT` instead of `None` after exam deletion - Added handling for both int and float defaults (`/100` for integer case) * test: fix entrance exam cutoff test --------- Co-authored-by: Abdul-Muqadim-Arbisoft <139064778+Abdul-Muqadim-Arbisoft@users.noreply.github.com>
6.8.6 | allow deletion of inactive admins Commit generated by workflow `edx/edx-platform/.github/workflows/upgrade-one-python-dependency.yml@refs/heads/release-ulmo`
feat: [COSMO2-846] Audit Expiry Urgency enrollment-time assignment with persisted expiry
…ieldsRequested filter
kiram15
force-pushed
the
kiram15/ENT-11510
branch
from
7daf9c6 to
a7a5a6f
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Removes the direct import of get_enterprise_readonly_account_fields from openedx.features.enterprise_support.utils in accounts/api.py and replaces it with a call to the AccountSettingsReadOnlyFieldsRequested openedx-filter. Adds the filter to OPEN_EDX_FILTERS_CONFIG. Updates tests to mock the filter instead of the old enterprise_support imports.
ENT-11510
Description
Describe what this pull request changes, and why. Include implications for people using this change.
Design decisions and their rationales should be documented in the repo (docstring / ADR), per
OEP-19, and can be
linked here.
Useful information to include:
"Developer", and "Operator".
changes.
Supporting information
Link to other information about the change, such as Jira issues, GitHub issues, or Discourse discussions.
Be sure to check they are publicly readable, or if not, repeat the information here.
Testing instructions
Please provide detailed step-by-step instructions for testing this change.
Deadline
"None" if there's no rush, or provide a specific date or event (and reason) if there is one.
Other information
Include anything else that will help reviewers and consumers understand the change.