Merge branch 'opencraft-release/redwood.1' into sync-open-release/red…

…wood.master-20250106-1736193457

cms/djangoapps/contentstore/rest_api/v1/serializers/home.py

@@ -51,6 +51,7 @@ class CourseHomeSerializer(serializers.Serializer):
         allow_empty=True
     )
     archived_courses = CourseCommonSerializer(required=False, many=True)
+    can_access_advanced_settings = serializers.BooleanField()
     can_create_organizations = serializers.BooleanField()
     course_creator_status = serializers.CharField()
     courses = CourseCommonSerializer(required=False, many=True)

cms/djangoapps/contentstore/rest_api/v1/views/home.py

@@ -52,6 +52,7 @@ def get(self, request: Request):
             "allow_unicode_course_id": false,
             "allowed_organizations": [],
             "archived_courses": [],
+            "can_access_advanced_settings": true,
             "can_create_organizations": true,
             "course_creator_status": "granted",
             "courses": [],

cms/djangoapps/contentstore/rest_api/v1/views/tests/test_course_index.py

@@ -61,8 +61,8 @@ def test_course_index_response(self):
                 "blocks": [],
                 "advance_settings_url": f"/settings/advanced/{self.course.id}"
             },
-            "discussions_incontext_feedback_url": "",
-            "discussions_incontext_learnmore_url": "",
+            "discussions_incontext_feedback_url": "https://discuss.openedx.org/t/new-and-improved-discussions-forum/9183",  # lint-amnesty, pylint: disable=line-too-long
+            "discussions_incontext_learnmore_url": "https://edx.readthedocs.io/projects/open-edx-building-and-running-a-course/en/open-release-redwood.master/manage_discussions/discussions.html",  # lint-amnesty, pylint: disable=line-too-long
             "is_custom_relative_dates_active": True,
             "initial_state": None,
             "initial_user_clipboard": {
@@ -102,8 +102,8 @@ def test_course_index_response_with_show_locators(self):
                 "blocks": [],
                 "advance_settings_url": f"/settings/advanced/{self.course.id}"
             },
-            "discussions_incontext_feedback_url": "",
-            "discussions_incontext_learnmore_url": "",
+            "discussions_incontext_feedback_url": "https://discuss.openedx.org/t/new-and-improved-discussions-forum/9183",  # lint-amnesty, pylint: disable=line-too-long
+            "discussions_incontext_learnmore_url": "https://edx.readthedocs.io/projects/open-edx-building-and-running-a-course/en/open-release-redwood.master/manage_discussions/discussions.html",  # lint-amnesty, pylint: disable=line-too-long
             "is_custom_relative_dates_active": False,
             "initial_state": {
                 "expanded_locators": [

cms/djangoapps/contentstore/rest_api/v1/views/tests/test_home.py

@@ -44,6 +44,7 @@ def test_home_page_courses_response(self):
             "allow_unicode_course_id": False,
             "allowed_organizations": [],
             "archived_courses": [],
+            "can_access_advanced_settings": True,
             "can_create_organizations": True,
             "course_creator_status": "granted",
             "courses": [],

cms/djangoapps/contentstore/tasks.py

@@ -456,11 +456,11 @@ def sync_discussion_settings(course_key, user):
         if (
             ENABLE_NEW_STRUCTURE_DISCUSSIONS.is_enabled()
             and not course.discussions_settings['provider_type'] == Provider.OPEN_EDX
+            and not course.discussions_settings['provider'] == Provider.OPEN_EDX
         ):
             LOGGER.info(f"New structure is enabled, also updating {course_key} to use new provider")
             course.discussions_settings['enable_graded_units'] = False
             course.discussions_settings['unit_level_visibility'] = True
-            course.discussions_settings['provider'] = Provider.OPEN_EDX
             course.discussions_settings['provider_type'] = Provider.OPEN_EDX
             modulestore().update_item(course, user.id)
 

cms/djangoapps/contentstore/tests/test_contentstore.py

@@ -1372,6 +1372,16 @@ def test_create_course_with_unicode_in_id_disabled(self):
             self.course_data['run'] = '����������'
             self.assert_create_course_failed(error_message)
 
+    @override_settings(DEFAULT_COURSE_INVITATION_ONLY=True)
+    def test_create_course_invitation_only(self):
+        """
+        Test new course creation with setting: DEFAULT_COURSE_INVITATION_ONLY=True.
+        """
+        test_course_data = self.assert_created_course()
+        course_id = _get_course_id(self.store, test_course_data)
+        course = self.store.get_course(course_id)
+        self.assertEqual(course.invitation_only, True)
+
     def assert_course_permission_denied(self):
         """
         Checks that the course did not get created due to a PermissionError.

cms/djangoapps/contentstore/utils.py

@@ -1713,6 +1713,7 @@ def get_home_context(request, no_course=False):
         'allowed_organizations': get_allowed_organizations(user),
         'allowed_organizations_for_libraries': get_allowed_organizations_for_libraries(user),
         'can_create_organizations': user_can_create_organizations(user),
+        'can_access_advanced_settings': auth.has_studio_advanced_settings_access(user),
     }
 
     return home_context

cms/djangoapps/contentstore/views/course.py

@@ -990,8 +990,9 @@ def create_new_course_in_store(store, user, org, number, run, fields):
 
     # Set default language from settings and enable web certs
     fields.update({
-        'language': getattr(settings, 'DEFAULT_COURSE_LANGUAGE', 'en'),
         'cert_html_view_enabled': True,
+        'invitation_only': getattr(settings, 'DEFAULT_COURSE_INVITATION_ONLY', False),
+        'language': getattr(settings, 'DEFAULT_COURSE_LANGUAGE', 'en'),
     })
 
     with modulestore().default_store(store):

cms/envs/common.py

@@ -591,6 +591,25 @@
     # .. toggle_use_cases: open_edx
     # .. toggle_creation_date: 2024-04-10
     'BADGES_ENABLED': False,
+
+    # .. toggle_name: FEATURES['IN_CONTEXT_DISCUSSION_ENABLED_DEFAULT']
+    # .. toggle_implementation: DjangoSetting
+    # .. toggle_default: True
+    # .. toggle_description: Set to False to not enable in-context discussion for units by default.
+    # .. toggle_use_cases: open_edx
+    # .. toggle_creation_date: 2024-09-02
+    'IN_CONTEXT_DISCUSSION_ENABLED_DEFAULT': True,
+
+    # .. toggle_name: FEATURES['ENABLE_LEGACY_MD5_HASH_FOR_ANONYMOUS_USER_ID']
+    # .. toggle_implementation: DjangoSetting
+    # .. toggle_default: False
+    # .. toggle_description: Whether to enable the legacy MD5 hashing algorithm to generate anonymous user id
+    #   instead of the newer SHAKE128 hashing algorithm
+    # .. toggle_use_cases: open_edx
+    # .. toggle_creation_date: 2022-08-08
+    # .. toggle_target_removal_date: None
+    # .. toggle_tickets: 'https://github.com/openedx/edx-platform/pull/30832'
+    'ENABLE_LEGACY_MD5_HASH_FOR_ANONYMOUS_USER_ID': False,
 }
 
 # .. toggle_name: ENABLE_COPPA_COMPLIANCE
@@ -2880,8 +2899,9 @@
 
 BRAZE_COURSE_ENROLLMENT_CANVAS_ID = ''
 
-DISCUSSIONS_INCONTEXT_FEEDBACK_URL = ''
-DISCUSSIONS_INCONTEXT_LEARNMORE_URL = ''
+# pylint: disable=line-too-long
+DISCUSSIONS_INCONTEXT_FEEDBACK_URL = "https://discuss.openedx.org/t/new-and-improved-discussions-forum/9183"
+DISCUSSIONS_INCONTEXT_LEARNMORE_URL = "https://edx.readthedocs.io/projects/open-edx-building-and-running-a-course/en/open-release-redwood.master/manage_discussions/discussions.html"
 
 #### django-simple-history##
 # disable indexing on date field its coming django-simple-history.
@@ -3003,3 +3023,7 @@ def _should_send_learning_badge_events(settings):
 # See https://www.meilisearch.com/docs/learn/security/tenant_tokens
 MEILISEARCH_INDEX_PREFIX = ""
 MEILISEARCH_API_KEY = "devkey"
+
+############## Default value for invitation_only when creating courses ##############
+
+DEFAULT_COURSE_INVITATION_ONLY = False

common/djangoapps/student/auth.py

@@ -73,7 +73,7 @@ def user_has_role(user, role):
     return False
 
 
-def get_user_permissions(user, course_key, org=None):
+def get_user_permissions(user, course_key, org=None, service_variant=None):
     """
     Get the bitmask of permissions that this user has in the given course context.
     Can also set course_key=None and pass in an org to get the user's
@@ -103,7 +103,7 @@ def get_user_permissions(user, course_key, org=None):
     #  the LMS and Studio permissions will be separated as a part of this project. Once this is done (and this code is
     #  not removed during its implementation), we can replace the Limited Staff permissions with more granular ones.
     if course_key and user_has_role(user, CourseLimitedStaffRole(course_key)):
-        if settings.SERVICE_VARIANT == 'lms':
+        if (service_variant or settings.SERVICE_VARIANT) == 'lms':
             return STUDIO_EDIT_CONTENT
         else:
             return STUDIO_NO_PERMISSIONS
@@ -119,7 +119,7 @@ def get_user_permissions(user, course_key, org=None):
     return STUDIO_NO_PERMISSIONS
 
 
-def has_studio_write_access(user, course_key):
+def has_studio_write_access(user, course_key, service_variant=None):
     """
     Return True if user has studio write access to the given course.
     Note that the CMS permissions model is with respect to courses.
@@ -131,15 +131,17 @@ def has_studio_write_access(user, course_key):
 
     :param user:
     :param course_key: a CourseKey
+    :param service_variant: the variant of the service (lms or cms). Permissions may differ between the two,
+        see the comment in get_user_permissions for more details.
     """
-    return bool(STUDIO_EDIT_CONTENT & get_user_permissions(user, course_key))
+    return bool(STUDIO_EDIT_CONTENT & get_user_permissions(user, course_key, service_variant=service_variant))
 
 
-def has_course_author_access(user, course_key):
+def has_course_author_access(user, course_key, service_variant=None):
     """
     Old name for has_studio_write_access
     """
-    return has_studio_write_access(user, course_key)
+    return has_studio_write_access(user, course_key, service_variant)
 
 
 def has_studio_advanced_settings_access(user):

common/djangoapps/student/models/user.py

@@ -154,12 +154,21 @@ def anonymous_id_for_user(user, course_id):
         # function: Rotate at will, since the hashes are stored and
         # will not change.
         # include the secret key as a salt, and to make the ids unique across different LMS installs.
-        hasher = hashlib.shake_128()
+        legacy_hash_enabled = settings.FEATURES.get('ENABLE_LEGACY_MD5_HASH_FOR_ANONYMOUS_USER_ID', False)
+        if legacy_hash_enabled:
+            # Use legacy MD5 algorithm if flag enabled
+            hasher = hashlib.md5()
+        else:
+            hasher = hashlib.shake_128()
         hasher.update(settings.SECRET_KEY.encode('utf8'))
         hasher.update(str(user.id).encode('utf8'))
         if course_id:
             hasher.update(str(course_id).encode('utf-8'))
-        anonymous_user_id = hasher.hexdigest(16)
+
+        if legacy_hash_enabled:
+            anonymous_user_id = hasher.hexdigest()
+        else:
+            anonymous_user_id = hasher.hexdigest(16)  # pylint: disable=too-many-function-args
 
         try:
             AnonymousUserId.objects.create(

common/djangoapps/student/roles.py

@@ -211,7 +211,7 @@ class GlobalStaff(AccessRole):
     The global staff role
     """
     def has_user(self, user):
-        return bool(user and user.is_staff)
+        return bool(user and (user.is_superuser or user.is_staff))
 
     def add_users(self, *users):
         for user in users:
@@ -361,6 +361,25 @@ class CourseLimitedStaffRole(CourseStaffRole):
     BASE_ROLE = CourseStaffRole.ROLE
 
 
+@register_access_role
+class eSHEInstructorRole(CourseStaffRole):
+    """A Staff member of a course without access to the membership tab and enrollment-related operations."""
+
+    ROLE = 'eshe_instructor'
+    BASE_ROLE = CourseStaffRole.ROLE
+
+
+@register_access_role
+class TeachingAssistantRole(CourseStaffRole):
+    """
+    A Staff member of a course without access to the membership tab, enrollment-related operations and
+    grade-related operations.
+    """
+
+    ROLE = 'teaching_assistant'
+    BASE_ROLE = CourseStaffRole.ROLE
+
+
 @register_access_role
 class CourseInstructorRole(CourseRole):
     """A course Instructor"""

common/djangoapps/student/tests/test_roles.py

@@ -17,6 +17,8 @@
     CourseStaffRole,
     CourseFinanceAdminRole,
     CourseSalesAdminRole,
+    eSHEInstructorRole,
+    TeachingAssistantRole,
     LibraryUserRole,
     CourseDataResearcherRole,
     GlobalStaff,
@@ -199,6 +201,8 @@ class RoleCacheTestCase(TestCase):  # lint-amnesty, pylint: disable=missing-clas
     ROLES = (
         (CourseStaffRole(IN_KEY), ('staff', IN_KEY, 'edX')),
         (CourseLimitedStaffRole(IN_KEY), ('limited_staff', IN_KEY, 'edX')),
+        (eSHEInstructorRole(IN_KEY), ('eshe_instructor', IN_KEY, 'edX')),
+        (TeachingAssistantRole(IN_KEY), ('teaching_assistant', IN_KEY, 'edX')),
         (CourseInstructorRole(IN_KEY), ('instructor', IN_KEY, 'edX')),
         (OrgStaffRole(IN_KEY.org), ('staff', None, 'edX')),
         (CourseFinanceAdminRole(IN_KEY), ('finance_admin', IN_KEY, 'edX')),

common/djangoapps/student/tests/tests.py

@@ -1064,6 +1064,17 @@ def test_anonymous_id_secret_key_changes_result_in_diff_values_for_same_new_user
             assert anonymous_id != new_anonymous_id
             assert self.user == user_by_anonymous_id(new_anonymous_id)
 
+    def test_enable_legacy_hash_flag(self):
+        """Test that different anonymous id returned if ENABLE_LEGACY_MD5_HASH_FOR_ANONYMOUS_USER_ID enabled."""
+        CourseEnrollment.enroll(self.user, self.course.id)
+        anonymous_id = anonymous_id_for_user(self.user, self.course.id)
+        with patch.dict(settings.FEATURES, ENABLE_LEGACY_MD5_HASH_FOR_ANONYMOUS_USER_ID=True):
+            # Recreate user object to clear cached anonymous id.
+            self.user = User.objects.get(pk=self.user.id)
+            AnonymousUserId.objects.filter(user=self.user).filter(course_id=self.course.id).delete()
+            new_anonymous_id = anonymous_id_for_user(self.user, self.course.id)
+            assert anonymous_id != new_anonymous_id
+
 
 @skip_unless_lms
 @patch('openedx.core.djangoapps.programs.utils.get_programs')

lms/djangoapps/course_home_api/course_metadata/serializers.py

@@ -58,3 +58,4 @@ class CourseHomeMetadataSerializer(VerifiedModeSerializer):
     can_view_certificate = serializers.BooleanField()
     course_modes = CourseModeSerrializer(many=True)
     is_new_discussion_sidebar_view_enabled = serializers.BooleanField()
+    has_course_author_access = serializers.BooleanField()

lms/djangoapps/course_home_api/course_metadata/tests/test_views.py

@@ -12,7 +12,12 @@
 
 from common.djangoapps.course_modes.models import CourseMode
 from common.djangoapps.student.models import CourseEnrollment
-from common.djangoapps.student.roles import CourseInstructorRole
+from common.djangoapps.student.roles import (
+    CourseBetaTesterRole,
+    CourseInstructorRole,
+    CourseLimitedStaffRole,
+    CourseStaffRole
+)
 from common.djangoapps.student.tests.factories import UserFactory
 from lms.djangoapps.course_home_api.tests.utils import BaseCourseHomeTests
 from lms.djangoapps.courseware.toggles import (
@@ -248,3 +253,32 @@ def test_discussion_tab_visible(self, visible):
             assert 'discussion' in tab_ids
         else:
             assert 'discussion' not in tab_ids
+
+    @ddt.data(
+        {
+            'course_team_role': None,
+            'has_course_author_access': False
+        },
+        {
+            'course_team_role': CourseBetaTesterRole,
+            'has_course_author_access': False
+        },
+        {
+            'course_team_role': CourseStaffRole,
+            'has_course_author_access': True
+        },
+        {
+            'course_team_role': CourseLimitedStaffRole,
+            'has_course_author_access': False
+        },
+    )
+    @ddt.unpack
+    def test_has_course_author_access_for_staff_roles(self, course_team_role, has_course_author_access):
+        CourseEnrollment.enroll(self.user, self.course.id, CourseMode.VERIFIED)
+
+        if course_team_role:
+            course_team_role(self.course.id).add_users(self.user)
+
+        response = self.client.get(self.url)
+        assert response.status_code == 200
+        assert response.data['has_course_author_access'] == has_course_author_access

lms/djangoapps/course_home_api/course_metadata/views.py

@@ -16,6 +16,7 @@
 from openedx.core.djangoapps.courseware_api.utils import get_celebrations_dict
 
 from common.djangoapps.course_modes.models import CourseMode
+from common.djangoapps.student.auth import has_course_author_access
 from common.djangoapps.student.models import CourseEnrollment
 from lms.djangoapps.course_api.api import course_detail
 from lms.djangoapps.course_goals.models import UserActivity
@@ -139,6 +140,12 @@ def get(self, request, *args, **kwargs):
             'can_view_certificate': certificates_viewable_for_course(course),
             'course_modes': course_modes,
             'is_new_discussion_sidebar_view_enabled': new_discussion_sidebar_view_is_enabled(course_key),
+            # We check the course author access in the context of CMS here because this field is used
+            # to determine whether the user can access the course authoring tools in the CMS.
+            # This is a temporary solution until the course author role is split into "Course Author" and
+            # "Course Editor" as described in the permission matrix here:
+            # https://github.com/openedx/platform-roadmap/issues/246
+            'has_course_author_access': has_course_author_access(request.user, course_key, 'cms'),
         }
         context = self.get_serializer_context()
         context['course'] = course

lms/djangoapps/courseware/tabs.py

@@ -315,6 +315,12 @@ def link_func(course, _reverse_func):
         tab_dict['link_func'] = link_func
         super().__init__(tab_dict)
 
+    @classmethod
+    def is_enabled(cls, course, user=None):
+        if settings.FEATURES.get('DISABLE_DATES_TAB'):
+            return False
+        return super().is_enabled(course, user)
+
 
 def get_course_tab_list(user, course):
     """

lms/djangoapps/courseware/tests/test_tabs.py

@@ -885,3 +885,16 @@ def test_singular_dates_tab(self):
             if tab.type == 'dates':
                 num_dates_tabs += 1
         assert num_dates_tabs == 1
+
+    def test_dates_tab_is_enabled_by_default(self):
+        """Test dates tab is enabled by default."""
+        tab = DatesTab({'type': DatesTab.type, 'name': 'dates'})
+        user = self.create_mock_user()
+        assert self.is_tab_enabled(tab, self.course, user)
+
+    @patch.dict("django.conf.settings.FEATURES", {"DISABLE_DATES_TAB": True})
+    def test_dates_tab_disabled_by_feature_flag(self):
+        """Test dates tab is disabled by the feature flag."""
+        tab = DatesTab({'type': DatesTab.type, 'name': 'dates'})
+        user = self.create_mock_user()
+        assert not self.is_tab_enabled(tab, self.course, user)