feat: fix throttling for subscription service user (#32473)

* feat: add subscriptions_worker to ent access list * fix: add throttle for entitlement APIS
openedx · Jun 20, 2023 · 4048bf9 · 4048bf9
1 parent 78e4bd0
commit 4048bf9
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 0 deletions.
diff --git a/common/djangoapps/entitlements/rest_api/v1/throttles.py b/common/djangoapps/entitlements/rest_api/v1/throttles.py
@@ -0,0 +1,21 @@
+"""
+Throttle classes for the entitlements API.
+"""
+
+from django.conf import settings
+from rest_framework.throttling import UserRateThrottle
+
+
+class ServiceUserThrottle(UserRateThrottle):
+    """A throttle allowing service users to override rate limiting"""
+
+    def allow_request(self, request, view):
+        """Returns True if the request is coming from one of the service users
+        and defaults to UserRateThrottle's configured setting otherwise.
+        """
+        service_users = [
+            settings.SUBSCRIPTIONS_SERVICE_WORKER_USERNAME
+        ]
+        if request.user.username in service_users:
+            return True
+        return super().allow_request(request, view)
diff --git a/common/djangoapps/entitlements/rest_api/v1/views.py b/common/djangoapps/entitlements/rest_api/v1/views.py
@@ -25,6 +25,7 @@
 from common.djangoapps.entitlements.rest_api.v1.filters import CourseEntitlementFilter
 from common.djangoapps.entitlements.rest_api.v1.permissions import IsAdminOrSupportOrAuthenticatedReadOnly
 from common.djangoapps.entitlements.rest_api.v1.serializers import CourseEntitlementSerializer
+from common.djangoapps.entitlements.rest_api.v1.throttles import ServiceUserThrottle
 from common.djangoapps.entitlements.utils import is_course_run_entitlement_fulfillable
 from common.djangoapps.student.models import AlreadyEnrolledError, CourseEnrollment, CourseEnrollmentException
 from openedx.core.djangoapps.catalog.utils import get_course_runs_for_course, get_owners_for_course
@@ -121,6 +122,7 @@ class EntitlementViewSet(viewsets.ModelViewSet):
     filter_backends = (DjangoFilterBackend,)
     filterset_class = CourseEntitlementFilter
     pagination_class = EntitlementsPagination
+    throttle_classes = (ServiceUserThrottle,)
 
     def get_queryset(self):
         user = self.request.user

diff --git a/lms/envs/common.py b/lms/envs/common.py
@@ -4604,6 +4604,7 @@ def _make_locale_paths(settings):  # pylint: disable=missing-function-docstring
     'enterprise_channel_worker',
     'enterprise_access_worker',
     'enterprise_subsidy_worker',
+    'subscriptions_worker'
 ]
 
 
@@ -5342,6 +5343,7 @@ def _make_locale_paths(settings):  # pylint: disable=missing-function-docstring
 SUBSCRIPTIONS_BUY_SUBSCRIPTION_URL = f"{SUBSCRIPTIONS_ROOT_URL}/api/v1/stripe-subscribe/"
 SUBSCRIPTIONS_MANAGE_SUBSCRIPTION_URL = None
 SUBSCRIPTIONS_ORDERS_MENU_ITEM_ENABLED = False
+SUBSCRIPTIONS_SERVICE_WORKER_USERNAME = 'subscriptions_worker'
 
 ############## NOTIFICATIONS EXPIRY ##############
 NOTIFICATIONS_EXPIRY = 60