-
Notifications
You must be signed in to change notification settings - Fork 67
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Adds a fix to remove "Add a post" button when discussion is restricted #742
fix: Adds a fix to remove "Add a post" button when discussion is restricted #742
Conversation
Thanks for the pull request, @farhaanbukhsh! What's next?Please work through the following steps to get your changes ready for engineering review: 🔘 Get product approvalIf you haven't already, check this list to see if your contribution needs to go through the product review process.
🔘 Provide contextTo help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:
🔘 Get a green buildIf one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green. 🔘 Let us know that your PR is ready for review:Who will review my changes?This repository is currently maintained by Where can I find more information?If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:
When can I expect my changes to be merged?Our goal is to get community contributions seen and reviewed as efficiently as possible. However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:
💡 As a result it may take up to several weeks or months to complete a review and merge your PR. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #742 +/- ##
==========================================
- Coverage 93.18% 93.17% -0.01%
==========================================
Files 161 161
Lines 3404 3401 -3
Branches 919 919
==========================================
- Hits 3172 3169 -3
Misses 215 215
Partials 17 17 ☔ View full report in Codecov by Sentry. 🚨 Try these New Features:
|
d59b355
to
dae2720
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍
- I tested this: checked that the "Add a post" button is displayed according to the permissions defined in the LMS
- I read through the code
- I checked for accessibility issues: n/a
- Includes documentation: n/a
@mphilbrick211 @itsjeyd can we schedule this ticket for upstream review? cc: @xitij2000 |
@farhaanbukhsh Have you checked the criteria for product review to see if this PR qualifies? That would be the next step to complete here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@farhaanbukhsh I looked at the PR, and I think eventually the best place to fix this would be edx-platform. You are right to use that as the source of truth, and I think the value of isPostingEnabled
should in itself be sufficient to know if posting is enabled, instead of duplicating that logic in the frontend and backend. That said, this change definitely makes sense since it is a bug fix and changing it in edx-platform could have other side effects at this point.
However, what we need to figure out is which one is the bug. Is the bug in the backend, i.e. should staff and course admins also be able to post during restrictions, OR, is the bug in the frontend, which is fixed here.
I feel it's a frontend bug, since if it were a backend bug, it would have been noticed immediately and fixed earlier. The old discussions didn't allow course admins to post, so we should retain that and if someone wants to fix it they can make a product proposal and PR.
That said, let's also hear back from @mphilbrick211 before merging this.
@xitij2000 Thanks a lot 😄 |
@itsjeyd As @xitij2000 pointed out it's a bugfix but maybe the proposal will give us clarify on what should be the right set of permissions. cc: @mphilbrick211 |
@mphilbrick211 I have created a proposal; I didn't make a Wiki since it was a fix for what already exists in the platform. |
Thanks for the updates @farhaanbukhsh! Next steps would be to ping Details here. |
@itsjeyd already pinged :) |
@farhaanbukhsh Awesome 🙂 |
…ricted "Add a post" button was visible even though the banner says that posting is restricted. This change helps in removing the button when posting is restricted. Signed-off-by: Farhaan Bukhsh <[email protected]>
dae2720
to
55b85d9
Compare
@xitij2000 Rebased :) |
Description
The issues we faced were when the discussions were restricted the "Add a post" button was shown to global staff and superusers but when they create a post the MFE doesn't let them create the post and the backend raises a 403 error.
Useful information to include:
This happens because there exists a mismatch in permission on who can create a post when discussion is restricted.
There is a mismatch in the roles, hence I am taking edx-platform as my source of truth and what the implementation should be hence I dug a little deeper. From edx-platform we can confirm that only the user who has one of the following roles Discussion Admin, Moderator, Community TA or Group Moderator are allowed to make the post even during the restriction period. The proof for this is:
The MFE uses api at <LMS_URL>/api/discussion/v2/courses/<COURSE_ID>/ which uses get_course and here if the user has
has_moderation_privileges
oris_group_ta
then they can post on a restricted discussion.Hence on the MFE front we need to change isPriviledge to just use:
userHasModerationPrivileges || isUserGroupTA
and we should be aligned with the original idea.
Supporting information
Private Ref: BB-9249
Testing instructions
tutor plugins install forum
tutor plugin enable forum
tutor mounts add <path/to/frontend-app-discussions>
tutor images build openedx-dev
docker pull overhangio/openedx-forum:18.1.1
docker image tag overhangio/openedx-forum:<current_tag> overhangio/openedx-forum:<new_tag>
.tutor dev run forum bin/rake search:initialize
andtutor dev run forum bin/rake search:validate_indices
Deadline
"None" if there's no rush, or provide a specific date or event (and reason) if there is one.