This reverts commit 954dae58.

ziafazal: improvements need for multi-tenancy
ziafazal: fixed broken tests
ziafazal: no need to add setting in test.py
ziafazal: added hostname validation
ziafazal: changes after feedback from mattdrayer
ziafazal: fixed branding and microsite broken tests
ziafazal: make STATICFILES_DIRS to list
ziafazal: added theme directory to mako lookup for tests
ziafazal: added more protection in test_util
saleem-latif: Enable SCSS Overrides for Comprehensive Theming
saleem-latif: Incoporate feedback changes, Correct test failures, add tests and enable theming for django templates
saleem-latif: Correct errors in python tests
mattdrayer: Fix invalid release reference
mattdrayer: Update django-wiki reference to latest release

- adaptation asides to be imported from the XML
- updating SplitMongo to handle XBlockAsides (CRUD operations)
- updating Studio to handle XBlockAsides handler calls
- updating xblock/core.js to properly init XBlockAsides JavaScript

This abstract class contains most of the fields (aside from the id and
foreign key to StudentModule that the subclasses need to manage).  It
also provides a get_history method that abstracts searching across
multiple backends.

Move router code to openedx/core
We need to use it from cms and lms.
Ensure aws_migrate can be used for migrating both the lms and cms.

Handle queries directed to student_module_history vs default and the
extra queries generated by Django 1.8 (SAVEPOINTS, etc).

Additionally, flag testing classes as multi_db so that Django will
flush the non-default database between unit tests.

Further decouple the foreignkey relation between csm and csmhe

When calling StudentModule().delete() Django will try to delete CSMHE
objects, but naively does so in the database, not by consulting the
database router.

Instead, we disable django cascading deletes and listen for post_delete
signals and clean up CSMHE by hand.

Add feature flags for CSMHE
One to turn it on/off so we can control the deploy.
The other will control whether or not we read from two database tables
or one when searching.

Update tests to explicitly use this get_history method rather than
looking directly into StudentModuleHistory or
StudentModuleHistoryExtended.

Inform lettuce to avoid the coursewarehistoryextended app

Otherwise it fails when it can't find features/ in that app.

Add Pg support, this is not tested automatically.

Modified how the per object permissions are enforced in the CCX REST APIs

It was introduced back in 2012, and is not used in the default
configuration.

ECOM-3528

- Rename escape_json_dumps to dump_js_escaped_json
- Rename escape_js_string to js_escaped_string
- Update js_escaped_string to output empty string for None
- Introduce dump_html_escaped_json
- Move dump_js_escaped_json after the pipe as new best practice
- Introduce additional uses of helpers
- Introduce new djangolib directory and move js_utils

MA-1368

ECOM-3419

ECOM-3278

ECOM-3015

CCX REST APIs
OAUTH2 authorization for CCX APIs
- oauth2 authorization required for ccx list.
- Course-instructor permission for ccx api endpoint
- Protection for detail view too.

Tests for CCX REST APIs and OAUTH2 authorization

This reverts commit 46df4545, reversing
changes made to 039e6cdf.

ECOM-3384

ECOM-3419

ECOM-3278

ECOM-3015

Format responses as a JSON dict containing an error_code and a
developer_message.  user_message is not necessary, as these are API
level errors, not seen by end users.

MA-1900

Tests for xblock_utils.py functions.

- Remove escaping in display_name_with_default
- Move escaped version to deprecated display_name_with_default_escaped
- Does not include any other changes to remove double-escaping

Thanks to agaylard who initiated this work:
https://github.com/edx/edx-platform/pull/10756

TNL-3425

Course teams occasionally upload very large files as their course
image. Before this commit, those images would be used directly in
the student's dashboard, sometimes leading to MBs worth of image
data on that page. With this commit, we now auto-generate small
and large thumbnails of configurable size. The Student Dashboard
and Course About pages will make use of this new functionality
(CourseOverview.image_urls), but the behavior of
CourseOverview.course_image_url will not change.

Note that the thumbnails are still created in the contentstore,
and sit alongside their originals.

What's included:

1. Multiple sizes, currently starting with "raw", "small", and
   "large". This falls back to the current behavior automatically in
   the case where thumbnails don't exist or this feature has been
   disabled in configuration.

2. Django admin based configuration for image sizes and whether
   to enable the functionality at all. Note that to regenerate
   images, you'd need to wipe the CourseOverviewImageSet model
   rows -- it doesn't do that automatically. This is partly because
   it's a very rare operation, and partly because I'm not entirely
   sure what the longer term invalidation strategy should be in a
   world where we might potentially have multiple themes. The
   flexible configuration was intended to allow better customization
   and theming.

3. The Course About pages also use the new thumbnail functionality,
   as an example of "large". This is in addition to the "small"
   used on the student dashboard.

Things I'm punting on for now (followup PRs welcome!):

1. Bringing the thumbnails to course discovery. A quick attempt
   to do so showed that it wasn't getting properly invalidated
   and updated when publishes happen (so the old image still showed
   up). It probably has something to do with when we do the
   re-indexing because it stores this data in elasticsearch, but
   I'm not going to chase it down right now.

2. Center-cropping. While this is a nice-to-have feature, the
   behavior in this PR is no worse than what already exists in
   master in terms of image distortion (letting the browser handle
   it).

3. Automated invalidation of the images when a new config is
   created.

Staff markup was enabled on all block types in
https://github.com/edx/edx-platform/pull/10903

This works well inside the courseware, but it breaks layout of the course about
page, which is also an XModule, see:
https://github.com/edx/edx-platform/pull/10903#issuecomment-164266342

This commit disables staff markup/staff debug on all blocks except
blocks tagged with 'detached'. Detached blocks include course about
and info pages, static tabs.

The permissions class now supports non-GET requests.

ECOM-2893

- The permission now checks the correct request attribute (GET instead of data).
- The Credit API view test has been updated to check for the positive access instead of just denial.

 ECOM-3096