open-craft · 0x29a · Jan 3, 2024 · Feb 5, 2023 · May 6, 2023 · Jul 4, 2023
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -4,7 +4,6 @@ on:
   push:
     branches: [master]
   pull_request:
-    branches: [master]
 
 concurrency:
   group: ci-${{ github.event.pull_request.number || github.ref }}

diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -15,6 +15,11 @@ Change Log
 
 Unreleased
 ----------
+[4.6.1]
+---------
+This version is based on v4.6.0 and contains some backports needed to OpenCraft's clients. There is no "official" v4.6.0.
+See this PR for more details: https://github.com/open-craft/edx-enterprise/pull/13
+
 [4.6.0]
 -------
 feat: Added enable_source_demo_data_for_analytics_and_lpr field to EnterpriseCustomer.

diff --git a/enterprise/__init__.py b/enterprise/__init__.py
@@ -2,4 +2,4 @@
 Your project description goes here.
 """
 
-__version__ = "4.6.0"
+__version__ = "4.6.1"
diff --git a/enterprise/admin/__init__.py b/enterprise/admin/__init__.py
@@ -202,6 +202,7 @@ class EnterpriseCustomerAdmin(DjangoObjectActions, SimpleHistoryAdmin):
         ('Integration and learning platform settings', {
             'fields': ('enable_portal_lms_configurations_screen', 'enable_portal_saml_configuration_screen',
                        'enable_slug_login', 'replace_sensitive_sso_username', 'hide_course_original_price',
+                       'hide_course_price_when_zero', 'allow_enrollment_in_invite_only_courses',
                        'enable_generation_of_api_credentials')
         }),
         ('Recommended default settings for all enterprise customers', {

diff --git a/enterprise/admin/forms.py b/enterprise/admin/forms.py
@@ -68,6 +68,11 @@ class ManageLearnersForm(forms.Form):
         label=_("Enroll these learners in this course"), required=False,
         help_text=_("To enroll learners in a course, enter a course ID."),
     )
+    force_enrollment = forms.BooleanField(
+        label=_("Force Enrollment"),
+        help_text=_("The selected course is 'Invite Only'. Only staff can enroll learners to this course."),
+        required=False,
+    )
     course_mode = forms.ChoiceField(
         label=_("Course enrollment track"), required=False,
         choices=BLANK_CHOICE_DASH + [
@@ -130,6 +135,7 @@ class Fields:
         REASON = "reason"
         SALES_FORCE_ID = "sales_force_id"
         DISCOUNT = "discount"
+        FORCE_ENROLLMENT = "force_enrollment"
 
     class CsvColumns:
         """
@@ -395,6 +401,8 @@ class Meta:
             "enable_audit_data_reporting",
             "replace_sensitive_sso_username",
             "hide_course_original_price",
+            "hide_course_price_when_zero",
+            "allow_enrollment_in_invite_only_courses",
             "enable_portal_code_management_screen",
             "enable_portal_subscription_management_screen",
             "enable_learner_portal",

diff --git a/enterprise/admin/views.py b/enterprise/admin/views.py
@@ -678,7 +678,8 @@ def _enroll_users(
             notify=True,
             enrollment_reason=None,
             sales_force_id=None,
-            discount=0.0
+            discount=0.0,
+            force_enrollment=False,
     ):
         """
         Enroll the users with the given email addresses to the course.
@@ -691,6 +692,7 @@ def _enroll_users(
             mode: The enrollment mode the users will be enrolled in the course with
             course_id: The ID of the course in which we want to enroll
             notify: Whether to notify (by email) the users that have been enrolled
+            force_enrollment: Force enrollment into "Invite Only" courses
         """
         pending_messages = []
         paid_modes = ['verified', 'professional']
@@ -704,6 +706,7 @@ def _enroll_users(
             enrollment_reason=enrollment_reason,
             discount=discount,
             sales_force_id=sales_force_id,
+            force_enrollment=force_enrollment,
         )
         all_successes = succeeded + pending
         if notify:
@@ -820,6 +823,7 @@ def post(self, request, customer_uuid):
             sales_force_id = manage_learners_form.cleaned_data.get(ManageLearnersForm.Fields.SALES_FORCE_ID)
             course_mode = manage_learners_form.cleaned_data.get(ManageLearnersForm.Fields.COURSE_MODE)
             course_id = None
+            force_enrollment = manage_learners_form.cleaned_data.get(ManageLearnersForm.Fields.FORCE_ENROLLMENT)
 
             if not course_id_with_emails:
                 course_details = manage_learners_form.cleaned_data.get(ManageLearnersForm.Fields.COURSE) or {}
@@ -834,7 +838,8 @@ def post(self, request, customer_uuid):
                         notify=notify,
                         enrollment_reason=manual_enrollment_reason,
                         sales_force_id=sales_force_id,
-                        discount=discount
+                        discount=discount,
+                        force_enrollment=force_enrollment,
                     )
             else:
                 for course_id, emails in course_id_with_emails.items():
@@ -849,7 +854,8 @@ def post(self, request, customer_uuid):
                             notify=notify,
                             enrollment_reason=manual_enrollment_reason,
                             sales_force_id=sales_force_id,
-                            discount=discount
+                            discount=discount,
+                            force_enrollment=force_enrollment,
                         )
 
             # Redirect to GET if everything went smooth.

diff --git a/enterprise/api/filters.py b/enterprise/api/filters.py
@@ -7,7 +7,7 @@
 
 from django.contrib import auth
 
-from enterprise.models import EnterpriseCustomerUser, SystemWideEnterpriseUserRoleAssignment
+from enterprise.models import EnterpriseCustomer, EnterpriseCustomerUser, SystemWideEnterpriseUserRoleAssignment
 
 User = auth.get_user_model()
 
@@ -33,6 +33,36 @@ def filter_queryset(self, request, queryset, view):
         return queryset
 
 
+class EnterpriseCourseEnrollmentFilterBackend(filters.BaseFilterBackend):
+    """
+    Filter backend to return enrollments under the user's enterprise(s) only.
+
+    * Staff users will bypass this filter.
+    * Non-staff users will receive enrollments under their linked enterprises,
+      only if they have the `enterprise.can_enroll_learners` permission.
+    * Non-staff users without the `enterprise.can_enroll_learners` permission
+      will receive only their own enrollments.
+    """
+
+    def filter_queryset(self, request, queryset, view):
+        """
+        Filter out enrollments if learner is not linked
+        """
+
+        if request.user.is_staff:
+            return queryset
+
+        if request.user.has_perm('enterprise.can_enroll_learners'):
+            enterprise_customers = EnterpriseCustomer.objects.filter(enterprise_customer_users__user_id=request.user.id)
+            return queryset.filter(enterprise_customer_user__enterprise_customer__in=enterprise_customers)
+
+        filter_kwargs = {
+            view.USER_ID_FILTER: request.user.id,
+        }
+
+        return queryset.filter(**filter_kwargs)
+
+
 class EnterpriseCustomerUserFilterBackend(filters.BaseFilterBackend):
     """
     Allow filtering on the enterprise customer user api endpoint.

diff --git a/enterprise/api/v1/serializers.py b/enterprise/api/v1/serializers.py
@@ -356,6 +356,32 @@ class Meta:
         )
 
 
+class EnterpriseCourseEnrollmentWithAdditionalFieldsReadOnlySerializer(EnterpriseCourseEnrollmentReadOnlySerializer):
+    """
+    Serializer for EnterpriseCourseEnrollment model with additional fields.
+    """
+
+    class Meta:
+        model = models.EnterpriseCourseEnrollment
+        fields = (
+            'enterprise_customer_user',
+            'course_id',
+            'created',
+            'unenrolled_at',
+            'enrollment_date',
+            'enrollment_track',
+            'user_email',
+            'course_start',
+            'course_end',
+        )
+
+    enrollment_track = serializers.CharField()
+    enrollment_date = serializers.DateTimeField()
+    user_email = serializers.EmailField()
+    course_start = serializers.DateTimeField()
+    course_end = serializers.DateTimeField()
+
+
 class EnterpriseCourseEnrollmentWriteSerializer(serializers.ModelSerializer):
     """
     Serializer for writing to the EnterpriseCourseEnrollment model.

diff --git a/enterprise/api/v1/views/enterprise_course_enrollment.py b/enterprise/api/v1/views/enterprise_course_enrollment.py
@@ -1,17 +1,68 @@
 """
 Views for the ``enterprise-course-enrollment`` API endpoint.
 """
+from django_filters.rest_framework import DjangoFilterBackend
+from edx_rest_framework_extensions.paginators import DefaultPagination
+from rest_framework import filters
+
+from django.core.paginator import Paginator
+from django.utils.functional import cached_property
+
 from enterprise import models
+from enterprise.api.filters import EnterpriseCourseEnrollmentFilterBackend
 from enterprise.api.v1 import serializers
 from enterprise.api.v1.views.base_views import EnterpriseReadWriteModelViewSet
 
+try:
+    from common.djangoapps.util.query import read_replica_or_default
+except ImportError:
+    def read_replica_or_default():
+        return None
+
+
+class PaginatorWithOptimizedCount(Paginator):
+    """
+    Django < 4.2 ORM doesn't strip unused annotations from count queries.
+
+    For example, if we execute this query:
+
+        Book.objects.annotate(Count('chapters')).count()
+
+    it will generate SQL like this:
+
+        SELECT COUNT(*) FROM (SELECT COUNT(...), ... FROM ...) subquery
+
+    This isn't optimal on its own, but it's not a big deal. However, this
+    becomes problematic when annotations use subqueries, because it's terribly
+    inefficient to execute the subquery for every row in the outer query.
+
+    This class overrides the count() method of Django's Paginator to strip
+    unused annotations from the query by requesting only the primary key
+    instead of all fields.
+
+    This is a temporary workaround until Django is updated to 4.2, which will
+    include a fix for this issue.
+
+    See https://code.djangoproject.com/ticket/32169 for more details.
+
+    TODO: remove this class once Django is updated to 4.2 or higher.
+    """
+    @cached_property
+    def count(self):
+        return self.object_list.values("pk").count()
+
+
+class EnterpriseCourseEnrollmentPagination(DefaultPagination):
+    django_paginator_class = PaginatorWithOptimizedCount
+
 
 class EnterpriseCourseEnrollmentViewSet(EnterpriseReadWriteModelViewSet):
     """
     API views for the ``enterprise-course-enrollment`` API endpoint.
     """
 
-    queryset = models.EnterpriseCourseEnrollment.objects.all()
+    queryset = models.EnterpriseCourseEnrollment.with_additional_fields.all()
+    filter_backends = (filters.OrderingFilter, DjangoFilterBackend, EnterpriseCourseEnrollmentFilterBackend)
 
     USER_ID_FILTER = 'enterprise_customer_user__user_id'
     FIELDS = (
@@ -20,10 +71,18 @@ class EnterpriseCourseEnrollmentViewSet(EnterpriseReadWriteModelViewSet):
     filterset_fields = FIELDS
     ordering_fields = FIELDS
 
+    pagination_class = EnterpriseCourseEnrollmentPagination
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        if self.request.method == 'GET':
+            queryset = queryset.using(read_replica_or_default())
+        return queryset
+
     def get_serializer_class(self):
         """
         Use a special serializer for any requests that aren't read-only.
         """
         if self.request.method in ('GET',):
-            return serializers.EnterpriseCourseEnrollmentReadOnlySerializer
+            return serializers.EnterpriseCourseEnrollmentWithAdditionalFieldsReadOnlySerializer
         return serializers.EnterpriseCourseEnrollmentWriteSerializer
diff --git a/enterprise/api/v1/views/enterprise_customer.py b/enterprise/api/v1/views/enterprise_customer.py
@@ -4,10 +4,11 @@
 
 from urllib.parse import quote_plus, unquote
 
+from algoliasearch.search_client import SearchClient
 from edx_rbac.decorators import permission_required
 from rest_framework import permissions
 from rest_framework.decorators import action
-from rest_framework.exceptions import ValidationError
+from rest_framework.exceptions import NotFound, ValidationError
 from rest_framework.response import Response
 from rest_framework.status import (
     HTTP_200_OK,
@@ -17,12 +18,15 @@
     HTTP_409_CONFLICT,
 )
 
+from django.conf import settings
 from django.contrib import auth
 from django.core import exceptions
 from django.db import transaction
 from django.db.models import Q
+from django.http import Http404
 from django.shortcuts import get_object_or_404
 from django.utils.decorators import method_decorator
+from django.utils.translation import gettext_lazy as _
 
 from enterprise import models
 from enterprise.api.filters import EnterpriseLinkedUserFilterBackend
@@ -436,3 +440,41 @@ def unlink_users(self, request, pk=None):  # pylint: disable=unused-argument
                     raise UnlinkUserFromEnterpriseError(msg) from exc
 
         return Response(status=HTTP_200_OK)
+
+    @action(detail=False)
+    def algolia_key(self, request, *args, **kwargs):
+        """
+        Returns an Algolia API key that is secured to only allow searching for
+        objects associated with enterprise customers that the user is linked to.
+
+        This endpoint is used with `frontend-app-learner-portal-enterprise` MFE
+        currently.
+        """
+
+        if not (api_key := getattr(settings, "ENTERPRISE_ALGOLIA_SEARCH_API_KEY", "")):
+            LOGGER.warning("Algolia search API key is not configured. To enable this view, "
+                           "set `ENTERPRISE_ALGOLIA_SEARCH_API_KEY` in settings.")
+            raise Http404
+
+        queryset = self.queryset.filter(
+            **{
+                self.USER_ID_FILTER: request.user.id,
+                "enterprise_customer_users__linked": True
+            }
+        ).values_list("uuid", flat=True)
+
+        if len(queryset) == 0:
+            raise NotFound(_("User is not linked to any enterprise customers."))
+
+        secured_key = SearchClient.generate_secured_api_key(
+            api_key,
+            {
+                "filters": " OR ".join(
+                    f"enterprise_customer_uuids:{enterprise_customer_uuid}"
+                    for enterprise_customer_uuid
+                    in queryset
+                ),
+            }
+        )
+
+        return Response({"key": secured_key}, status=HTTP_200_OK)
diff --git a/enterprise/api_client/lms.py b/enterprise/api_client/lms.py
@@ -128,7 +128,15 @@ def has_course_mode(self, course_run_id, mode):
         course_modes = self.get_course_modes(course_run_id)
         return any(course_mode for course_mode in course_modes if course_mode['slug'] == mode)
 
-    def enroll_user_in_course(self, username, course_id, mode, cohort=None, enterprise_uuid=None):
+    def enroll_user_in_course(
+        self,
+        username,
+        course_id,
+        mode,
+        cohort=None,
+        enterprise_uuid=None,
+        force_enrollment=False,
+    ):
         """
         Call the enrollment API to enroll the user in the course specified by course_id.
 
@@ -138,6 +146,7 @@ def enroll_user_in_course(self, username, course_id, mode, cohort=None, enterpri
             mode (str): The enrollment mode which should be used for the enrollment
             cohort (str): Add the user to this named cohort
             enterprise_uuid (str): Add course enterprise uuid
+            force_enrollment (bool): Force the enrollment even if course is Invite Only
 
         Returns:
             dict: A dictionary containing details of the enrollment, including course details, mode, username, etc.
@@ -152,7 +161,8 @@ def enroll_user_in_course(self, username, course_id, mode, cohort=None, enterpri
                 'is_active': True,
                 'mode': mode,
                 'cohort': cohort,
-                'enterprise_uuid': str(enterprise_uuid)
+                'enterprise_uuid': str(enterprise_uuid),
+                'force_enrollment': force_enrollment,
             }
         )
         response.raise_for_status()