edx-platform icon indicating copy to clipboard operation
edx-platform copied to clipboard

Published 20 hours ago verified publisher icon openedx

fix: bypass access checks when populating course blocks cache

Open asadali145 opened this issue 4 months ago • 2 comments

Description

This PR fixes an issue with the course blocks cache when cache is invalid/does not exist for a course.

The details can be found in this discussion post. Here is the summary:

Let's assume that there are 2 types of Enrollment Track Groups: Audit and Verified.

  • Some of the Units are only accessible to the Verified Learners.
  • Course block cache is empty and an Audit learner accesses the course.
  • when populating the cache, we check for user access.
  • Audit learners do not have access to content in a specific unit. Such content blocks i.e. problem blocks won't be returned in this case. Resulting in an inconsistent cache for the verified learners.
  • When a Verified learner accesses the course when the cache is populated using the Audit access, it will result in an inconsistent outline, progress page, and instr

Useful information to include:

  • This change impacts Learners and Instructors

Screenshots

  • Outline for Audit Learner: outline_audit

  • Outline for Verified Learner Before (Inconsistent Course Blocks Cache): outline_verified_before

  • Outline for Verified Learner After (Cache is consistent): outline_verified_after

  • Old Progress Page before (With Inconsistent Cache): old_progress_before

  • Old Progress Page After (With Consistent Cache): old_progress_after

  • New Progress Page before (With Inconsistent Cache): new_progress_before

  • New Progress Page After (With Consistent Cache): new_progress_after

Supporting information

https://discuss.openedx.org/t/course-block-cache-resulting-in-inconsistent-course-outline-progress-page-and-instructor-reports/13379 https://discuss.openedx.org/t/debugging-persistent-grade-issues/11155

Testing instructions

NOTE: Originally, these steps were performed in Devstack. These involve restarting the cache instances. If you can restart the cache instances with Tutor and Live environment then these should be good enough to reproduce/test. At some point, these steps mention that if you are using Tutor or a Live Environment, then you will need a different configuration to avoid restarting the cache.

  • Create a new Course
    • Go to the Open edX Studio
    • Create a new course
      • Name: Test Course Blocks Cache
      • Fill in other details like Organization, Course Number, and Run.
    • Go to Django Admin /admin/course_modes/coursemode/ and Create Course modes
      • Create Audit Mode
        • Select the newly created course
          • Select Audit mode
          • Title: Audit
      • Create Verified Mode
        • Select the newly created course
          • Select Verified mode
          • Title: Verified
          • Price: 1
    • Open the Course in the Open edX Studio
      • From the tools dropdown menu, select import
      • Use this linked file to import the course content.
      • Download and Select the above file and start the import.
      • You should see an updated Course Outline with 2 Sections Homework, and Proctored Exam
      • NOTE: Access to the Proctored Exam is limited to the Verified track only.
  • For TUTOR and Any other Live environment where we cannot restart/clear the cache:
    • The Default Course Blocks Cache Timeout is 1 Day, for testing, we will set it to 1 minute.
      • Go to /admin/block_structure/blockstructureconfiguration/
      • Add a new entry with these Values
        • Enabled: True
        • Num versions to keep: 1
        • Cache timeout in seconds: 60
      • You can verify the timeout in the shell. Run the below snippet:
from openedx.core.djangoapps.content.block_structure.config.models import BlockStructureConfiguration
from openedx.core.djangoapps.content.block_structure import config
BlockStructureConfiguration.current()
config.cache_timeout_in_seconds()

- OUTPUT Should be 60 for the last 2 lines.
  • It would be better to restart the Cache instances at this point.
    • This is recommended due to the multi-level caching of blocks and block cache configurations.
  • Create 2 new Users.
    • Enroll the first User in the Audit Mode.
    • Enroll the second User in the Verified Mode.
    • You can enroll the User and change the enrollment status in Django Admin.
      • Enable student.courseenrollment_admin at /admin/waffle/switch/
    • Now you can access enrollments at /admin/student/courseenrollment/
    • Open the second User enrollment and change the Mode to verified
  • If you are using TUTOR or a Live environment:
    • Now wait for about 2minutes to let the cache expire
  • If you are using Devstack then restart the Memcache instance.
  • Open 2 windows and login with both users in separate windows.
  • Visit the course outline with the Audit User.
  • The Outline will be like: outline_audit
  • Now visit the Outline with the verified. If TUTOR or Live Env, Try to do this quickly as the Cache might expire before you visit with the Verified Learner.
    • If the course blocks cache is used, you should see the same outline for the Verified User: outline_verified_before
  • If Tutor or Live Env, Now wait for 2 minutes, and reload the outline for the Verified Learner
  • The Outline should be; You will see the number of questions. outline_verified_after

PS: These steps are also documented in https://docs.google.com/document/d/15UBgv8likenypTU2WmEx3uQlJlj4kLwFU_4ZhiFO-yI/edit?usp=sharing.

Deadline

ASAP

asadali145 avatar Oct 16 '24 08:10 asadali145