From ca15c8d2bb4f29cf4cde88b9e3f238b2dcbec49b Mon Sep 17 00:00:00 2001
From: jcschultz <jschultz@salesforce.com>
Date: Mon, 21 Nov 2022 09:20:03 -0700
Subject: [PATCH 1/3] Update readme for next release

Signed-off-by: jcschultz <jschultz@salesforce.com>
---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6afe49737..700ebf1a8 100644
--- a/README.md
+++ b/README.md
@@ -50,4 +50,4 @@ Make sure `yarn` is installed on your local machine. For more information, check
 The Education Data Architecture technology (“EDA”) is an open-source package licensed by Salesforce.org (“SFDO”) under the BSD-3 Clause License, found at https://opensource.org/licenses/BSD-3-Clause. ANY MASTER SUBSCRIPTION AGREEMENT YOU OR YOUR ENTITY MAY HAVE WITH SFDO DOES NOT APPLY TO YOUR USE OF EDA. EDA IS PROVIDED “AS IS” AND AS AVAILABLE, AND SFDO MAKES NO WARRANTY OF ANY KIND REGARDING EDA, WHETHER EXPRESS, IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, FREEDOM FROM DEFECTS OR NON-INFRINGEMENT, TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW.
 SFDO WILL HAVE NO LIABILITY ARISING OUT OF OR RELATED TO YOUR USE OF EDA FOR ANY DIRECT DAMAGES OR FOR ANY LOST PROFITS, REVENUES, GOODWILL OR INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY, COVER, BUSINESS INTERRUPTION OR PUNITIVE DAMAGES, WHETHER AN ACTION IS IN CONTRACT OR TORT AND REGARDLESS OF THE THEORY OF LIABILITY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES OR IF A REMEDY OTHERWISE FAILS OF ITS ESSENTIAL PURPOSE. THE FOREGOING DISCLAIMER WILL NOT APPLY TO THE EXTENT PROHIBITED BY LAW. SFDO DISCLAIMS ALL LIABILITY AND INDEMNIFICATION OBLIGATIONS FOR ANY HARM OR DAMAGES CAUSED BY ANY THIRD-PARTY HOSTING PROVIDERS.
 
-(Release 242)
\ No newline at end of file
+(Release 244)
\ No newline at end of file

From 4b0936853d9d3d4f79554219db8c5f4525273d84 Mon Sep 17 00:00:00 2001
From: jcschultz <jschultz@salesforce.com>
Date: Mon, 23 Jan 2023 15:18:31 -0700
Subject: [PATCH 2/3] Rename folder to prevent cci data error

cci 3.71 introduced a feature that requires dataset directories that are named the same as an org definition, to include a sql file within them.

Signed-off-by: jcschultz <jschultz@salesforce.com>
---
 cumulusci.yml                                            | 2 +-
 datasets/{dev => dev_data}/users/user-def_no-access.json | 0
 2 files changed, 1 insertion(+), 1 deletion(-)
 rename datasets/{dev => dev_data}/users/user-def_no-access.json (100%)

diff --git a/cumulusci.yml b/cumulusci.yml
index 6c37f80ee..6e95055b4 100644
--- a/cumulusci.yml
+++ b/cumulusci.yml
@@ -231,7 +231,7 @@ tasks:
         description: "Create a user with no access to Education Cloud components"
         class_path: cumulusci.tasks.sfdx.SFDXOrgTask
         options:
-            command: "force:user:create -a no_access --definitionfile datasets/dev/users/user-def_no-access.json"
+            command: "force:user:create -a no_access --definitionfile datasets/dev_data/users/user-def_no-access.json"
 
     create_tenant_secret:
         group: "EDA: Shield Platform Encryption"
diff --git a/datasets/dev/users/user-def_no-access.json b/datasets/dev_data/users/user-def_no-access.json
similarity index 100%
rename from datasets/dev/users/user-def_no-access.json
rename to datasets/dev_data/users/user-def_no-access.json

From 7df124159d8146344e688d0bebac4b4e4e0ab727 Mon Sep 17 00:00:00 2001
From: jcschultz <jschultz@salesforce.com>
Date: Tue, 24 Jan 2023 10:50:41 -0700
Subject: [PATCH 3/3] Remove session ID usage
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The user’s session ID was being used to retrieve the namespace. This is no longer permitted and would fail security review. I’ve updated the code to allow the apex controller to pass the namespace to the UI instead.

I’ve also added a unit test.

Signed-off-by: jcschultz <jschultz@salesforce.com>
---
 .../main/default/classes/STG_Base_CTRL.cls    |  5 +++++
 .../default/classes/STG_Base_CTRL_TEST.cls    | 10 +++++++++
 .../main/default/pages/STG_Settings.page      | 21 ++++++-------------
 3 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/force-app/main/default/classes/STG_Base_CTRL.cls b/force-app/main/default/classes/STG_Base_CTRL.cls
index 718ac42a9..0354f72ff 100644
--- a/force-app/main/default/classes/STG_Base_CTRL.cls
+++ b/force-app/main/default/classes/STG_Base_CTRL.cls
@@ -65,6 +65,11 @@ public with sharing class STG_Base_CTRL {
         return UTIL_CustomSettingsFacade.getAutoCreateSettings();
     }
 
+    @AuraEnabled
+    public static String getNamespace() {
+        return UTIL_Namespace.getNamespace();
+    }
+
     /*******************************************************************************************************
      * @description Saves the Hierarchy Settings passed from the client.
      * @param hierarchySettings The Hierarchy_Settings__c record to upsert.
diff --git a/force-app/main/default/classes/STG_Base_CTRL_TEST.cls b/force-app/main/default/classes/STG_Base_CTRL_TEST.cls
index f1833253f..4e37599dc 100644
--- a/force-app/main/default/classes/STG_Base_CTRL_TEST.cls
+++ b/force-app/main/default/classes/STG_Base_CTRL_TEST.cls
@@ -348,4 +348,14 @@ private class STG_Base_CTRL_TEST {
         Id apexJobId = STG_Base_CTRL.executeRefreshAdminAccountBatch();
         System.assertNotEquals(null, apexJobId);
     }
+
+    /*********************************************************************************************************
+     * @description Tests the namespace retrieval
+     */
+    @isTest
+    private static void testNamespace() {
+        String[] parts = String.valueOf(STG_Base_CTRL.class).split('\\.', 2);
+        String testNamespace = parts.size() == 2 ? parts[0] : '';
+        Assert.areEqual(testNamespace, STG_Base_CTRL.getNamespace());
+    }
 }
diff --git a/force-app/main/default/pages/STG_Settings.page b/force-app/main/default/pages/STG_Settings.page
index 6b972970e..182f6b81b 100644
--- a/force-app/main/default/pages/STG_Settings.page
+++ b/force-app/main/default/pages/STG_Settings.page
@@ -1,31 +1,22 @@
 <apex:page title="{!$Label.stgTitleHEDASettings}" showHeader="true" standardStylesheets="false" applyBodyTag="false" docType="html-5.0" controller="STG_Base_CTRL">
-    <script src="/soap/ajax/48.0/connection.js" type="text/javascript"></script>
-    <script src="/soap/ajax/48.0/apex.js" type="text/javascript"></script>
     <script src="/lightning/lightning.out.js" type="text/javascript"></script>
 
    <div class="slds">
         <!-- layout=block makes the outputPanel produce a DIV -->
         <apex:outputPanel layout="block" id="stgContainer"></apex:outputPanel>
-    </div> 
+    </div>
 
     <script>
-        //Because sometimes the session ID is not set correctly
-        sforce.connection.sessionId = "{!$Api.Session_ID}";
-
         // We dont know the ID (because visualforce) so were gonna use a CSS selector to get it
         var stgContainerId = document.querySelector('[id$="stgContainer"]').id;
 
-        var namespace = '';
+        var namespace = '{!namespace}';
         var namespacePrefix = '';
-        //This should be a class unique to EDA so the namespace comes through correctly
-        var gettingnamespace = sforce.connection.query("SELECT NamespacePrefix FROM ApexClass where Name = 'STG_Base_CTRL' LIMIT 1"); 
-        var getname = gettingnamespace.getArray("records");
-        if(getname.length > 0) { 
-            namespace = getname[0].NamespacePrefix;
-            if(namespace && namespace.length > 0) {
-              namespacePrefix = namespace + '__';
-            }
+
+        if(namespace && namespace.length > 0) {
+          namespacePrefix = namespace + '__';
         }
+
         if(!namespace || namespace.length === 0) {
             namespace = "c";
         }