FC-73 Xqu add submission file (Feature: Submission File System - Enhanced File Management for Graded Submissions)

[leoaulasneo98]

FC-73 Feature: Submission File System - Enhanced File Management for Graded Submissions

Description

This pull request implements a comprehensive file management system for submissions through the introduction of the SubmissionFile model and its associated SubmissionFileManager. This enhancement supports proper storage, retrieval, and processing of files attached to submissions within the Open edX ecosystem.

Motivation

The existing submission system requires enhanced file handling capabilities to:

• Provide seamless transition for existing services (xwatcher)
• Establish reliable file storage with appropriate metadata
• Integrate seamlessly with the new submission queue architecture

Previously, the XQueue server managed files for submissions that required document attachments. However, this was implemented inefficiently using plain text fields (s3_keys and s3_urls) without proper structure or validation. This approach led to inconsistent file handling, potential security issues, and maintenance challenges as the system scaled.

Key Improvements

Model Enhancements

• Introduced SubmissionFile model with:
  • Secure file storage mechanisms
  • Proper association with submission queue records
  • Standardized URL generation for grader access
  • Original filename preservation

File Processing System

• Developed SubmissionFileManager with capabilities for:
  • Processing multiple file formats (bytes, file objects)
  • Robust error handling for file processing issues
  • Consistent URL generation for xqueue compatibility
  • Efficient retrieval methods for external grader integration

Error Handling

• Implemented comprehensive error handling for:
  • Invalid file objects
  • IO and OS exceptions during file reading
  • Unicode decoding errors
  • Non-standard file formats

Technical Details

File Processing

• Support for multiple input types including:
  • Raw bytes
  • Django ContentFile objects
  • UploadedFile instances
  • Custom file-like objects with read() methods

Integration Points

• Seamless connection with ExternalGraderDetail for complete submission workflow
• Compatible interface for existing xqueue consumers

Testing Strategy

Extensive test coverage includes:

• Various file input types
• Complete processing workflow verification
• Edge case handling for invalid files
• Error handling for exceptional conditions
• File retrieval in grader-compatible format

Open edX Compliance

This implementation adheres to Open edX standards through:

• Modular design with clear separation of concerns
• Comprehensive test coverage of edge cases
• Well-documented interfaces
• Consistent error handling patterns

Performance Considerations

• Efficient file storage with minimal overhead
• Optimized database access patterns
• Careful handling of file objects to prevent memory issues

BREAKING CHANGES: None. Designed for full compatibility with existing systems.

[openedx-webhooks]

Thanks for the pull request, @leoaulasneo98!

This repository is currently maintained by @openedx/committers-edx-submissions.

Once you've gone through the following steps feel free to tag them in a comment and let them know that your changes are ready for engineering review.

🔘 Get product approval

If you haven't already, check this list to see if your contribution needs to go through the product review process.

• If it does, you'll need to submit a product proposal for your contribution, and have it reviewed by the Product Working Group.
  • This process (including the steps you'll need to take) is documented here.
• If it doesn't, simply proceed with the next step.

🔘 Provide context

To help your reviewers and other members of the community understand the purpose and larger context of your changes, feel free to add as much of the following information to the PR description as you can:

• Dependencies

  This PR must be merged before / after / at the same time as ...

• Blockers

  This PR is waiting for OEP-1234 to be accepted.

• Timeline information

  This PR must be merged by XX date because ...

• Partner information

  This is for a course on edx.org.

• Supporting documentation
• Relevant Open edX discussion forum threads

🔘 Get a green build

If one or more checks are failing, continue working on your changes until this is no longer the case and your build turns green.

Details

---

Where can I find more information?

If you'd like to get more details on all aspects of the review process for open source pull requests (OSPRs), check out the following resources:

• Overview of Review Process for Community Contributions
• Pull Request Status Guide
• Making changes to your pull request

When can I expect my changes to be merged?

Our goal is to get community contributions seen and reviewed as efficiently as possible.

However, the amount of time that it takes to review and merge a PR can vary significantly based on factors such as:

• The size and impact of the changes that it introduces
• The need for product review
• Maintenance status of the parent repository

💡 As a result it may take up to several weeks or months to complete a review and merge your PR.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.79%. Comparing base (1096759) to head (275b6e7).
⚠️ Report is 5 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #286      +/-   ##
==========================================
+ Coverage   94.43%   94.79%   +0.36%     
==========================================
  Files          18       18              
  Lines        2263     2423     +160     
  Branches       95       99       +4     
==========================================
+ Hits         2137     2297     +160     
  Misses        115      115              
  Partials       11       11              

Flag	Coverage Δ
unittests	94.79% <100.00%> (+0.36%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[angonz]

Review should only start after PR #283 is merged.

[angonz]

Update author of cange
Add link to first ADR
Summarize and simplify.

[angonz]

Why check for hasattr(file_obj, 'read')?

[angonz]

Please explain this workflow

[angonz]

Ok on my side. Please open for Axim's review.

[ormsbee]

Some comments and questions. I just want to make sure I'm understanding the intentions of this code properly. Thank you.

[ormsbee]

Suggested change

	uid = models.UUIDField(default=uuid4, editable=False) # legacy S3 key
	uuid = models.UUIDField(default=uuid4, editable=False) # legacy S3 key

A number of other platform models use "uuid" as the conventional name for this field.

[ormsbee]

It's confusing to have something called a "xxxxManager" class in a models.py file, when it isn't a Django ORM Manager. Can you make these into api.py functions instead?

[leoaulasneo98]

Hi Dave,
You're right about the naming confusion. Having a "xxxManager" class in models.py that isn't actually a Django ORM Manager is misleading and could cause confusion.

I've refactored this to follow a clearer naming convention:

Renamed SubmissionFileManager to SubmissionFileProcessor and move to api.py, which better describes its actual purpose - processing file operations for submissions rather than managing model queries.
Updated docstrings to reflect this change.
Kept the functionality encapsulated in a class since it maintains state (the external_grader reference) between operations.

This change preserves the existing functionality while making the code more intuitive.

[ormsbee]

Why does this function need to support all these?

[leoaulasneo98]

Dave, I understand your point. I initially designed this thinking of a scalable solution for various workflows, but I've reconsidered based on the actual needs of the project.
I've simplified the implementation by using standard TypeError instead of custom exceptions and adjusting the validation to focus on the essentials: bytes or objects with a 'read()' method.
Thanks for your feedback that leads us to more straightforward code.

[ormsbee]

Error should say what the type actually was. I also don't think it's really necessary to create a new error for this, since this is exactly what TypeError is for.

[leoaulasneo98]

You're right on both counts. I've updated the code, thanks for the feedback.

[ormsbee]

What does "xqueue format" mean?

[leoaulasneo98]

This is the format in which the xqueue-watcher receives the files. That is, the format in which the legacy XqueueServer delivers the files. I've corrected this to make it clearer.

[ormsbee]

Do we ever look up by just uuid?

[leoaulasneo98]

we don't currently look up by just uuid. The lookups are always through the external_grader relationship or using both fields. If we need direct uuid lookups in the future, we'll add a separate index for that field.

[ormsbee]

High level security question: Am I understanding correctly that this is storing things in the default Django storages backend, and if so, does that mean it will be publicly readable (though obscured because of the randomly generated UUIDs)?

[leoaulasneo98]

High level security question: Am I understanding correctly that this is storing things in the default Django storages backend, and if so, does that mean it will be publicly readable (though obscured because of the randomly generated UUIDs)?

Hi @ormsbee ,
The implemented flow uses Django file fields, which means security policies depend on the Bucket policies and Django configuration and integration. Here's a breakdown for the standard Tutor development setup using Minio:

You can access a resource if you have its complete URL.
You cannot access resources on ports 9000 or 9001 without credentials, except for resources with a complete, valid URL.
Even if you obtain a URL, you'll still need to decode it or know the file extension to access the resource. This is a mechanism inherited from XqueueServerLegacy.
Currently, there are no signature mechanisms to restrict client-only access. This is because the XqueueWatcher has broad capabilities, and the actual image processing is configured by the grader, not the XqueueWatcher itself.

If you wanted to implement a signature mechanism to restrict resource access, you would need to configure both the edX platform and the XqueueWatcher through the grader.
However, @angonz and I have a question arising from your inquiry: the security for delivering the image depends on the bucket being used. Currently, they are stored in the default OpenEdX bucket, which means it adapts to its existing policies. But we want to know if it's appropriate to use this default bucket or if it would be more convenient to use another pre-existing bucket like the ORA-2 bucket (openedx-learning). Could you share your opinion on this point?

[ormsbee]

Please also include a version bump as part of this PR. Thank you.

[ormsbee]

The code above is saying that read() returns a bytes object, but the fact that it's capable of throwing a UnicodeDecodeError would imply that it can sometimes return a str.

[ormsbee]

I get that you're trying to be permissive here to make this friendlier for use in the platform, but please just require that the files here be instances of Django's File object (including subclasses), and raise a TypeError if you find ones that are not. Let the caller worry about making sure the data exists there, and let it raise the exception when saving to SubmisssionFile if anything goes wrong. If someone has a bytes instance, it's easy enough for them to convert that to a ContentFile before calling this function. This "is it bytes or str or file" stuff is cluttering up the logic here without really giving much benefit, and bugs are more likely to slip in because of it.

[ormsbee]

If file_obj is a str here, then we can pass through this without ever making it into a ContentFile.

[sarina]

@leoaulasneo98 could you please rebase and resolve conflicts?

[leoaulasneo98]

@leoaulasneo98 could you please rebase and resolve conflicts?

Hi Sarina, good afternoon. Ready.

[ormsbee]

Thank you for addressing my concerns about bytes/file input handling.

Two blockers on this at the moment:

1. Storage configuration, which I've tried to give more explicit instructions about.
2. It looks like all the requirements files have been changed to have absolute paths from your local environment.

Would you like to schedule some time on Friday to go through any of this together?

Thank you.

[ormsbee]

However, @angonz and I have a question arising from your inquiry: the security for delivering the image depends on the bucket being used. Currently, they are stored in the default OpenEdX bucket, which means it adapts to its existing policies. But we want to know if it's appropriate to use this default bucket or if it would be more convenient to use another pre-existing bucket like the ORA-2 bucket (openedx-learning). Could you share your opinion on this point?

Sorry for not replying to this in my last review pass. Let's do this: have it look for a specific named storages defined like how openedx-learning does it, but named EDX_SUBMISSIONS['MEDIA']. If that configuration value is not found (either EDX_SUBMISSIONS doesn't exist at all or EDX_SUBMISSIONS['MEDIA'] doesn't), have it fall back to using the default Django storages. Please remember that you can set the storage parameter of a FileField to be any callable that returns a Storage class, so you can switch between storage configurations that way.

So please do the following:

1. Make a new function get_storage() and use the functools.cache decorator on it to cache it for future use.
2. Have get_storage() search for EDX_SUBMISSIONS configuration for the storage, but have it also gracefully fall back to the default storage backend if none is configured.
3. Make sure that get_storage() loads the storage configuration dynamically like this, and don't hardcode it to any specific storage type at this layer.
4. When creating the SubmissionFile.file FileField, set storage=get_storage.

As a general rule, try not to do smart switching behavior at this layer. Aside from making it hard to configure and override at the settings layer for testing, it's also just really confusing to have the __new__ on a class return an instance of an entirely different class.

[leoaulasneo98]

I've already applied the changes. It's made things much easier. Thanks for the help.

[ormsbee]

These requirements shouldn't have your environment specific paths in them.

[leoaulasneo98]

Sorry, Dave. This was generated by compile requirements. It's also no longer necessary to add dependencies with the new approach.

[ormsbee]

It looks like these should just be deleted since they're copies of the first paragraph?

[angonz]

Hi Dave, I've sent an invitation for Monday as Friday Leonardo will be out of the office.

[ormsbee]

In addition to the code comments below, please also do the following:

1. Update the version to 3.11.0
2. When you push your changes, please don't squash your commits. We can squash at the end once everything is approved, but it makes it easier/faster to review I can just "view changes since last review", and that functionality breaks if you squash.

Thank you.

[ormsbee]

Can we remove this now that it's no longer being used?

[leoaulasneo98]

Ok Dave, understood

[ormsbee]

Very helpful/informative comment, thank you.

[ormsbee]

Wait, it really works to just pass back the dict directly? I thought we'd have to instantiate the storage class here, like this example. So something like:

# Somewhere much higher:
from django.utils.module_loading import import_string

if storage_config:
    storage_cls = import_string(storage_config['BACKEND'])
    options = storage_config.get('OPTIONS', {})
    return storage_cls(**options)

[leoaulasneo98]

Hi Dave, I had the same question while reading your previous instructions and preferred to keep things simple. But I completely understand what you're saying, and with that piece of code you've made my job much easier. I had previously tried instantiating the storage class, but the result wasn't as clean as I would have liked, so I went with the solution you reviewed a few days ago.

[ormsbee]

Oh, I see where my misunderstanding of the code in _get_storage_cached() comes from. We shouldn't actually instantiate or even import the storage class in the settings files, only specify the EDX_SUBMISSIONS['MEDIA'] configuration dict in the standard convention that Django uses for media config, which specifies the path of the class we'll need to load later as a string.

The reason has to do with when these things get loaded in the startups cycle. Settings are often overridden in multiple places (e.g. common.py, prod.py, tutor.py, etc). But there's a certain amount of caching/bootstrapping that happens when these storage backends get imported and initialized. For example, there was this issue:

overhangio/tutor-minio#25

The value for AWS_S3_ENDPOINT_URL set in openedx-development-settings specifies port 9000, and it was being written to Studio and LMS settings correctly. But this is the sequence of what was really happening:

1. openedx-common-settings first sets AWS_S3_ENDPOINT_URL WITHOUT port
   info, since this is how it's used in prod deployments.
2. openedx-common-settings imports S3Boto3Storage because it wants to
   make a subclass to use for USER_TASKS_ARTIFACT_STORAGE.
3. The act of importing that package has the side-effect of initializing
   the Django storages (django.core.files.storage.default_storage).
4. Because the DEFAULT_FILE_STORAGE class is S3Boto3Storage, it then
   reads the value of AWS_S3_ENDPOINT_URL (which has no port info), and
   sets this as the S3 conneciton information for the S3Boto3Storage
   instance at that time.
5. openedx-development-settings then comes along and changes the value
   of AWS_S3_ENDPOINT_URL to specify port 9000, but by this point it's
   too late to affect django-storages (though it will confuse folks who
   try to debug).

Leaving it in string form avoids this problem. The settings can get overridden as much as people need, and the storage class won't be instantiated until after it's all been set up properly. Please assume the configuration will be something like:

EDX_SUBMISSIONS = {
    'MEDIA': {
        'BACKEND': 'django.core.files.storage.InMemoryStorage',
        'OPTIONS': {
        }
    }
}

Also, please try specifying such a backend for the test settings, to make sure it works properly.

[leoaulasneo98]

Understood Dave, I'll try to have the changes made before the meeting.

[timmc-edx]

This removal appears to be causing a failure in edx-platform when upgrading to edx-submissions 3.11:

https://github.com/openedx/edx-platform/actions/runs/15213754304/job/42794120855?pr=36786

[ormsbee]

@timmc-edx: Thank you! @leoaulasneo98: Can you please fix this and do a patch version bump?

[leoaulasneo98]

Hi Dave, I'll take care of it. Sorry for the mistake. I'll add the import again and do the corresponding PR.

[timmc-edx]

I went ahead and created a PR for it: #303

(I'd like to get this merged soon so that edx-platform requirements updates are unblocked -- otherwise, it would be best to temporarily pin the version to <3.11.0 in edx-platform.)

[ormsbee]

I merged #301 and made a 3.11.1 release.