Merge branch 'release/25.11.0'

Author: brianjgeiger

CHANGELOG

@@ -2,6 +2,20 @@
 
 We follow the CalVer (https://calver.org/) versioning scheme: YY.MINOR.MICRO.
 
+25.11.0 (2025-06-30)
+====================
+
+- Crossref DOIs not minting with _v1, OSF is displaying DOI versions with _v1
+- When hamming a spammed user, preprints and registrations remain private
+- Fix emabrgoed registrations not becoming public after admin date change
+- Add v2 enpoint for alternative email confirmation
+- Make relationship on v2/nodes for collected_in
+- API V2: get action reviews request not listing latest preprint submit/withdraw requests
+- Add ability for admin app to change registry that a registration belongs to
+- Update to /nodes/<node-id> api
+- Subscription filtering not working correctly
+- API V2: Serialize registation resource attributes in Node Linked By Registrations list view and Node Linked Registrations list view
+
 25.10.0 (2025-06-11)
 ====================
 

admin/nodes/urls.py

@@ -19,6 +19,7 @@
     re_path(r'^(?P<guid>[a-z0-9]+)/schema_responses/$', views.AdminNodeSchemaResponseView.as_view(),
         name='schema-responses'),
     re_path(r'^(?P<guid>[a-z0-9]+)/update_embargo/$', views.RegistrationUpdateEmbargoView.as_view(), name='update-embargo'),
+    re_path(r'^(?P<guid>[a-z0-9]+)/change_provider/$', views.RegistrationChangeProviderView.as_view(), name='change-provider'),
     re_path(r'^(?P<guid>[a-z0-9]+)/remove/$', views.NodeDeleteView.as_view(), name='remove'),
     re_path(r'^(?P<guid>[a-z0-9]+)/restore/$', views.NodeDeleteView.as_view(), name='restore'),
     re_path(r'^(?P<guid>[a-z0-9]+)/confirm_spam/$', views.NodeConfirmSpamView.as_view(), name='confirm-spam'),

admin/nodes/views.py

@@ -16,7 +16,7 @@
     ListView,
     TemplateView,
 )
-from django.shortcuts import redirect, reverse
+from django.shortcuts import redirect, reverse, get_object_or_404
 from django.urls import reverse_lazy
 
 from admin.base.utils import change_embargo_date
@@ -33,6 +33,7 @@
     NodeLog,
     AbstractNode,
     Registration,
+    RegistrationProvider,
     RegistrationApproval,
     SpamStatus
 )
@@ -398,6 +399,28 @@ def post(self, request, *args, **kwargs):
         return redirect(self.get_success_url())
 
 
+class RegistrationChangeProviderView(NodeMixin, View):
+    """ Allows authorized users to update provider of a registration.
+    """
+    permission_required = ('osf.change_node')
+
+    def post(self, request, *args, **kwargs):
+        provider_id = int(request.POST.get('provider_id'))
+        provider = get_object_or_404(RegistrationProvider, pk=provider_id)
+        registration = self.get_object()
+
+        try:
+            provider.validate_schema(registration.registration_schema)
+            registration.provider = provider
+            registration.save()
+        except ValidationError as exc:
+            messages.error(request, str(exc))
+        else:
+            messages.success(request, 'Provider successfully changed.')
+
+        return redirect(self.get_success_url())
+
+
 class NodeSpamList(PermissionRequiredMixin, ListView):
     """ Allows authorized users to view a list of nodes that have a particular spam status.
     """

admin/templates/nodes/node.html

@@ -78,11 +78,9 @@ <h2>{{ node.type|cut:'osf.'|title }}: <b>{{ node.title }}</b> <a href="{{ node.a
                     </tr>
                     <tr>
                         <td>Provider</td>
-                        {% if node.provider %}
-                            <td><a href="{{ node | reverse_registration_provider }}">{{ node.provider.name }}</a></td>
-                        {% else %}
-                            <td>None</td>
-                        {% endif %}
+                        <td>
+                            {% include "nodes/registration_provider.html" with node=node %}
+                        </td>
                     </tr>
                     <tr>
                         <td>Parent</td>

admin/templates/nodes/registration_provider.html

@@ -0,0 +1,17 @@
+{% load node_extras %}
+
+{% if node.provider %}
+    <form id="provider-list-form"  method="post" action="{% url 'nodes:change-provider' guid=node.guid %}">
+        {% csrf_token %}
+        <select id="provider-list" name="provider_id" onchange="this.form.submit()">
+            <option value="{{ node.provider.id }}">{{ node.provider.name }}</option>  <!-- default value -->
+            {% for provider in node.available_providers %}
+                {% if not provider.id == node.provider.id %}
+                    <option value="{{ provider.id }}">{{ provider.name }}</option>
+                {% endif %}
+            {% endfor %}
+        </select>
+    </form>
+{% else %}
+    <p>None</p>
+{% endif %}

api/base/filters.py

@@ -160,6 +160,8 @@ class FilterMixin:
     LIST_FIELDS = (ser.ListField,)
     RELATIONSHIP_FIELDS = (RelationshipField, TargetField)
 
+    MULTIPLE_VALUES_FIELDS = ['_id', 'guid._id', 'journal_id', 'moderation_state', 'event_name']
+
     def __init__(self, *args, **kwargs):
         super().__init__(*args, **kwargs)
         if not self.serializer_class:
@@ -292,7 +294,7 @@ def parse_query_params(self, query_params):
                         query.get(key).update({
                             field_name: self._parse_date_param(field, source_field_name, op, value),
                         })
-                    elif not isinstance(value, int) and source_field_name in ['_id', 'guid._id', 'journal_id', 'moderation_state']:
+                    elif not isinstance(value, int) and source_field_name in self.MULTIPLE_VALUES_FIELDS:
                         query.get(key).update({
                             field_name: {
                                 'op': 'in',

api/base/views.py

@@ -624,11 +624,15 @@ class BaseLinkedList(JSONAPIBaseView, generics.ListAPIView):
 
     def get_queryset(self):
         auth = get_user_auth(self.request)
+        from api.resources import annotations as resource_annotations
 
         return (
             self.get_node().linked_nodes
+            .annotate(**resource_annotations.make_open_practice_badge_annotations())
             .filter(is_deleted=False)
-            .annotate(region=F('addons_osfstorage_node_settings__region___id'))
+            .annotate(
+                region=F('addons_osfstorage_node_settings__region___id'),
+            )
             .exclude(region=None)
             .exclude(type='osf.collection', region=None)
             .can_view(user=auth.user, private_link=auth.private_link)

api/collections/views.py

@@ -11,7 +11,6 @@
 from api.base.parsers import JSONAPIMultipleRelationshipsParser, JSONAPIMultipleRelationshipsParserForRegularJSON
 
 from api.base.views import JSONAPIBaseView
-from api.base.views import BaseLinkedList
 from api.base.views import LinkedNodesRelationship
 from api.nodes.utils import NodeOptimizationMixin
 
@@ -507,7 +506,7 @@ def get_resource(self, check_object_permissions=True):
         return self.get_collection_submission(check_object_permissions)
 
 
-class LinkedNodesList(BaseLinkedList, CollectionMixin, NodeOptimizationMixin):
+class LinkedNodesList(JSONAPIBaseView, generics.ListAPIView, CollectionMixin, NodeOptimizationMixin):
     """List of nodes linked to this node. *Read-only*.
 
     Linked nodes are the project/component nodes pointed to by node links. This view will probably replace node_links in the near future.
@@ -560,6 +559,10 @@ class LinkedNodesList(BaseLinkedList, CollectionMixin, NodeOptimizationMixin):
         CollectionWriteOrPublic,
         base_permissions.TokenHasScope,
     )
+
+    required_read_scopes = [CoreScopes.COLLECTED_META_READ]
+    required_write_scopes = [CoreScopes.COLLECTED_META_WRITE]
+
     serializer_class = NodeSerializer
     view_category = 'collections'
     view_name = 'linked-nodes'
@@ -582,7 +585,7 @@ def get_parser_context(self, http_request):
         return res
 
 
-class LinkedRegistrationsList(BaseLinkedList, CollectionMixin):
+class LinkedRegistrationsList(JSONAPIBaseView, generics.ListAPIView, CollectionMixin):
     """List of registrations linked to this node. *Read-only*.
 
     Linked registrations are the registration nodes pointed to by node links.
@@ -656,11 +659,22 @@ class LinkedRegistrationsList(BaseLinkedList, CollectionMixin):
     view_category = 'collections'
     view_name = 'linked-registrations'
 
+    required_read_scopes = [CoreScopes.COLLECTED_META_READ]
+    required_write_scopes = [CoreScopes.COLLECTED_META_WRITE]
+
     ordering = ('-modified',)
 
     def get_queryset(self):
         auth = get_user_auth(self.request)
-        return Registration.objects.filter(guids__in=self.get_collection().active_guids.all(), is_deleted=False).can_view(user=auth.user, private_link=auth.private_link).order_by('-modified')
+        return Registration.objects.filter(
+            guids__in=self.get_collection().active_guids.all(),
+            is_deleted=False,
+        ).can_view(
+            user=auth.user,
+            private_link=auth.private_link,
+        ).order_by(
+            '-modified',
+        )
 
     # overrides APIView
     def get_parser_context(self, http_request):
@@ -672,7 +686,7 @@ def get_parser_context(self, http_request):
         return res
 
 
-class LinkedPreprintsList(BaseLinkedList, CollectionMixin):
+class LinkedPreprintsList(JSONAPIBaseView, generics.ListAPIView, CollectionMixin):
     """List of preprints linked to this collection. *Read-only*.
     """
     permission_classes = (
@@ -684,6 +698,9 @@ class LinkedPreprintsList(BaseLinkedList, CollectionMixin):
     view_category = 'collections'
     view_name = 'linked-preprints'
 
+    required_read_scopes = [CoreScopes.COLLECTED_META_READ]
+    required_write_scopes = [CoreScopes.COLLECTED_META_WRITE]
+
     ordering = ('-modified',)
 
     def get_queryset(self):

api/nodes/serializers.py

@@ -28,7 +28,7 @@
 from django.core.exceptions import ValidationError
 from framework.auth.core import Auth
 from framework.exceptions import PermissionsError
-from osf.models import Tag
+from osf.models import Tag, CollectionSubmission
 from rest_framework import serializers as ser
 from rest_framework import exceptions
 from addons.base.exceptions import InvalidAuthError, InvalidFolderError
@@ -324,6 +324,12 @@ class NodeSerializer(TaxonomizableSerializerMixin, JSONAPISerializer):
         related_meta={'count': 'get_node_count'},
     )
 
+    collected_in = RelationshipField(
+        related_view='nodes:node-collections',
+        related_view_kwargs={'node_id': '<_id>'},
+        related_meta={'count': 'get_collection_count'},
+    )
+
     comments = RelationshipField(
         related_view='nodes:node-comments',
         related_view_kwargs={'node_id': '<_id>'},
@@ -486,6 +492,7 @@ class NodeSerializer(TaxonomizableSerializerMixin, JSONAPISerializer):
     view_only_links = RelationshipField(
         related_view='nodes:node-view-only-links',
         related_view_kwargs={'node_id': '<_id>'},
+        related_meta={'count': 'get_view_only_links_count'},
     )
 
     citation = RelationshipField(
@@ -620,6 +627,9 @@ def get_absolute_url(self, obj):
     def get_logs_count(self, obj):
         return obj.logs.count()
 
+    def get_collection_count(self, obj):
+        return CollectionSubmission.objects.filter(guid___id=obj._id).count()
+
     def get_node_count(self, obj):
         """
         Returns the count of a node's direct children that the user has permission to view.
@@ -702,6 +712,9 @@ def get_node_links_count(self, obj):
         linked_nodes = obj.linked_nodes.filter(is_deleted=False).exclude(type='osf.collection').exclude(type='osf.registration')
         return linked_nodes.can_view(auth.user, auth.private_link).count()
 
+    def get_view_only_links_count(self, obj):
+        return obj.private_links_active.count()
+
     def get_registration_links_count(self, obj):
         auth = get_user_auth(self.context['request'])
         linked_registrations = obj.linked_nodes.filter(is_deleted=False, type='osf.registration').exclude(type='osf.collection')

api/nodes/urls.py

@@ -19,6 +19,7 @@
     re_path(r'^(?P<node_id>\w+)/citation/$', views.NodeCitationDetail.as_view(), name=views.NodeCitationDetail.view_name),
     re_path(r'^(?P<node_id>\w+)/citation/(?P<style_id>[-\w]+)/$', views.NodeCitationStyleDetail.as_view(), name=views.NodeCitationStyleDetail.view_name),
     re_path(r'^(?P<node_id>\w+)/comments/$', views.NodeCommentsList.as_view(), name=views.NodeCommentsList.view_name),
+    re_path(r'^(?P<node_id>\w+)/collections/$', views.NodeCollectionsList.as_view(), name=views.NodeCollectionsList.view_name),
     re_path(r'^(?P<node_id>\w+)/contributors_and_group_members/$', views.NodeContributorsAndGroupMembersList.as_view(), name=views.NodeContributorsAndGroupMembersList.view_name),
     re_path(r'^(?P<node_id>\w+)/implicit_contributors/$', views.NodeImplicitContributorsList.as_view(), name=views.NodeImplicitContributorsList.view_name),
     re_path(r'^(?P<node_id>\w+)/contributors/$', views.NodeContributorsList.as_view(), name=views.NodeContributorsList.view_name),