- The permission now checks the correct request attribute (GET instead of data).
- The Credit API view test has been updated to check for the positive access instead of just denial.

 ECOM-3096

Turns out if the string literal starts on the next line after the
translation function, then the translator comment is lost.  So, either
close up short strings, or add a dummy empty string on the first line to
concatenate with the real string.

Ugh.

There are 3 main changes in this commit:
* CohortFactory now sets up memberships properly, so consuming tests do not
need to explicitly touch CourseUserGroup.users to add() users.
* test_get_cohort_sql_queries has been updated to 3 and 9 queries when using
and not using the cache, respectively. This is needed due to each operation
needing an extra queery to get the CourseUserGroup from the CohortMembership.
* Adding remove_user_from_cohort(), the counterpart to add_user_to_cohort().
This is also to keep tests from touching the users field directly, and keep
CohortMembership data in sync.

An issue arose recently due to ATOMIC_REQUESTS being turned on by default. It
turns out that CohortMemberships had been somewhat relying on the old default
transaction handling in order to keep CohortMemberships and the underlying
CourseUserGroup.users values in-sync.

To fix this, I've made all updates to Cohortmemberships go through an
outer_atomic(read_committed=True) block. This, is conjunction with the already
present select_for_update(), will no longer allow 2 simultaneous requests to
modify objects in memory without sharing them. Only one process will be
touching a given CohortMembership at any given time, and all changes will be
immediately comitted to the database, where the other process will see them.

I've also included some changes to get_cohort(), add_user_to_cohort(), and
remove_user_from_cohort() in order to properly make use of the new
CohortMembership system.

* Catalog results are now paginated
* Implements the new namespaced pagination described at
  https://openedx.atlassian.net/wiki/pages/viewpage.action?pageId=47481813
* API level code returns pythonic business objects
* View layer performs serialize at the view layer
* Convert views to use DRF generic views
* Removes an unintentional authentication decorator that caused
  the detail endpoint to return a 401 for anonymous users

MA-1724

Prevents makemigrations from creating a new migration for the programs app.

This reverts commit 12130c80.
Manual testing found this to not fix the bug it claimed to fix.

What had been happening was related to the fact that ATOMIC_REQUESTS is now on,
preventing writing to the database until a request is completed.

The problem with that was that CohortMemberships, with their explicit
transaction handling, were breaking that rule and touching the database.
The CohortMembership needs to also touch the database to update the
underlying course_user_groups information, to prevent the database from
getting into a strange state.

After this commit, every time a CohortMembership is updated or created, the
corresponding course_user_groups are also updated and explicitly written to
the database. This occurs atomically with the CohortMembership, and does not
wait for the end of the request.

Extends the Programs ConfigurationModel, cleans up Programs-related utilities and corresponding tests, and corrects caching. Uses the Programs API to list programs within Studio. ECOM-2769.

There is no need for a separate migration for the validation. Updated the regex in the initial migration to appease Django.

ECOM-2609

ECOM-2972

ECOM-2993

- API built atop Django REST Framework
- Added support for OAuth 2.0 and session authentication
- Added permissions around eligibility data

ECOM-2609

There's no need to use a string literal in setattr, delattr, or the
two-argument form of getattr.

test fixes

ECOM-2832

CCX overrides course max_student_enrollments_allowed
and set it to 200 during CCX creation

Please note that this is a squshed commit and the work of:
Symbolist, macdiesel, nedbat, doctoryes, muzaffaryousaf and muhammad-ammar

Make escaping for json simpler and more consistent in Mako templates
- add escape_json_dumps to escape and json.dumps
- add escape_js_str to escape javascript string
- refactor Studio to use escape_json_dumps in Mako templates

TNL-2646: Escape json.dumps

Replaces instances of an old hack with the more clear ugettext_noop.

- Resolve SEC-27 by escaping course name in advanced settings
- Add escape_json_dumps to simplify escaping json in Mako templates

SEC-27: XSS/JS Error in Advanced Settings with invalid course name

On devops recommendation, now handling the potential for an 'inconsistency
window' via a management command instead of a hacky "re-run the data migration"
bash script.

Enabled behind the
`SelfPacedConfiguration.enable_course_home_improvements` flag.

ECOM-2604

Applying a security patch from last week that has made its way through
the disclosure period already. FYI @robrap

By using the before_after library, we can force a race condition to reliably
occur in the CohortMembership.save() method. This unit test will do just that,
and ensure that our race-condition-handling code functions as it should.

Updating previously-existing unit tests to function with the new
CohortMembership model.

The code changes needed to get CohortMembership functioning properly.

The key of this change is twofold: first, CohortMemberships are unique
per-user, per-course. This is enforced at the database level. Secondly,
the updates are done using a select_for_update, which ensures atomicity.

These are the migrations needed for CohortMembership to function.
0005 establishes the table, 0006 will be used to move existing data
into the table as needed.

Per product guidance, we can just arbitrarily reassign problem users.
Implementing that decision, as well as the remainder of the data migration.

Also including a short script to re-run the 0006 migration after code changes
are live, to prevent a potential issue where the database become out-of-sync.