feat(discussion): Bulk delete with Ban at course or org level

[mraman-2U]

This pull request introduces a new Django admin interface and database schema for discussion moderation, including user bans, ban exceptions, and moderation audit logs. The changes add three new models with appropriate admin configurations, permissions, and indexing for efficient querying and compliance/audit needs.

Discussion Moderation Models and Database Schema:

• Added three new models: DiscussionBan, DiscussionBanException, and DiscussionModerationLog, with fields and relationships to support user bans at both course and organization levels, exceptions to bans, and audit logging of moderation actions. The migration includes indexes and constraints for data integrity and query performance.

Django Admin Configuration and Permissions:

• Implemented Django admin interfaces for the new models (DiscussionBan, DiscussionBanException, DiscussionModerationLog), using a mixin to enforce read-only access for non-superusers and full access for superusers, with audit logs being read-only for all users. Admin interfaces provide search, filtering, and linked references for ease of use and support compliance requirements.…user bans

Description

Describe what this pull request changes, and why. Include implications for people using this change.
Design decisions and their rationales should be documented in the repo (docstring / ADR), per
OEP-19, and can be
linked here.

Useful information to include:

• Which edX user roles will this change impact? Common user roles are "Learner", "Course Author",
  "Developer", and "Operator".
• Include screenshots for changes to the UI (ideally, both "before" and "after" screenshots, if applicable).
• Provide links to the description of corresponding configuration changes. Remember to correctly annotate these
  changes.

Supporting information

Link to other information about the change, such as Jira issues, GitHub issues, or Discourse discussions.
Be sure to check they are publicly readable, or if not, repeat the information here.

Testing instructions

Please provide detailed step-by-step instructions for testing this change.

Deadline

"None" if there's no rush, or provide a specific date or event (and reason) if there is one.

Other information

Include anything else that will help reviewers and consumers understand the change.

• Does this change depend on other changes elsewhere?
• Any special concerns or limitations? For example: deprecations, migrations, security, or accessibility.
• If your database migration can't be rolled back easily.

[Copilot]

Pull request overview

This pull request introduces a comprehensive discussion moderation system that enables moderators to ban users at course or organization level during bulk delete operations. The feature addresses crypto spam attacks and harassment by providing tools to ban users from discussions, with proper audit logging and notification mechanisms.

Key Changes:

• New Database Models: Three models (DiscussionBan, DiscussionBanException, DiscussionModerationLog) with proper indexing and constraints for tracking bans, exceptions, and audit logs
• REST API Endpoints: Bulk delete/ban, banned user listing, and unban functionality with comprehensive permission checks
• Email Notifications: ACE-based escalation emails sent to partner support when users are banned
• Configuration: New Django settings and waffle flags to control ban feature availability and email notifications

Reviewed changes

Copilot reviewed 25 out of 26 changed files in this pull request and generated 32 comments.

Show a summary per file

File	Description
lms/envs/common.py	Added discussion moderation settings (email toggle, escalation email, reason max length)
lms/envs/devstack.py	Disabled ban emails in local dev; contains unrelated port changes that should be reverted
lms/envs/test.py	Disabled ban emails in tests to prevent spam
lms/djangoapps/discussion/toggles.py	Added ENABLE_DISCUSSION_BAN waffle flag for feature rollout control
lms/djangoapps/discussion/models.py	Core data models with validation, unique constraints, and ban checking logic
lms/djangoapps/discussion/migrations/0001_initial.py	Database schema creation with indexes and constraints
lms/djangoapps/discussion/admin.py	Django admin with read-only audit access; has XSS vulnerability in user links
lms/djangoapps/discussion/rest_api/views.py	ViewSet with bulk-delete-ban, banned-users list, and unban endpoints
lms/djangoapps/discussion/rest_api/serializers.py	Request/response serializers with validation
lms/djangoapps/discussion/rest_api/permissions.py	Enhanced permission checking for moderation actions
lms/djangoapps/discussion/rest_api/tasks.py	Enhanced Celery task for async deletion with ban creation
lms/djangoapps/discussion/rest_api/emails.py	Ban escalation email sending via ACE or Django mail
lms/djangoapps/discussion/rest_api/urls.py	URL routing for new moderation endpoints
lms/djangoapps/discussion/templates/discussion/edx_ace/ban_escalation/*	ACE email templates (HTML and text)
lms/djangoapps/discussion/templates/discussion/ban_escalation_email.txt	Fallback text email template
lms/djangoapps/discussion/tests/test_models.py	Comprehensive model tests (369 lines)
lms/djangoapps/discussion/rest_api/tests/test_moderation_*.py	Test suites for views, tasks, serializers, permissions, and emails (1000+ lines total)

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.