Fix throttle rate for 'staff' user

30c3a39d · christopher lee · ccd966a5 · 30c3a39d · 30c3a39d
Commit 30c3a39d authored 6 years ago by christopher lee
--- a/common/djangoapps/enrollment/__init__.py
+++ b/common/djangoapps/enrollment/__init__.py
+"""
+Enrollment API helpers and settings
+"""
+from openedx.core.djangoapps.waffle_utils import (WaffleFlag, WaffleFlagNamespace)
+
+WAFFLE_FLAG_NAMESPACE = WaffleFlagNamespace(name='enrollment_api_rate_limit')
+
+USE_RATE_LIMIT_400_FOR_STAFF_FOR_ENROLLMENT_API = WaffleFlag(WAFFLE_FLAG_NAMESPACE, 'staff_rate_limit_400')
+USE_RATE_LIMIT_100_FOR_STAFF_FOR_ENROLLMENT_API = WaffleFlag(WAFFLE_FLAG_NAMESPACE, 'staff_rate_limit_100')
+USE_RATE_LIMIT_40_FOR_ENROLLMENT_API = WaffleFlag(WAFFLE_FLAG_NAMESPACE, 'rate_limit_40')
--- a/common/djangoapps/enrollment/views.py
+++ b/common/djangoapps/enrollment/views.py
@@ -12,6 +12,11 @@ from django.utils.decorators import method_decorator
 from edx_rest_framework_extensions.authentication import JwtAuthentication
 from enrollment import api
 from enrollment.errors import CourseEnrollmentError, CourseEnrollmentExistsError, CourseModeNotFoundError
+from enrollment import (
+    USE_RATE_LIMIT_100_FOR_STAFF_FOR_ENROLLMENT_API,
+    USE_RATE_LIMIT_40_FOR_ENROLLMENT_API,
+    USE_RATE_LIMIT_400_FOR_STAFF_FOR_ENROLLMENT_API,
+)
 from opaque_keys import InvalidKeyError
 from opaque_keys.edx.keys import CourseKey

@@ -76,7 +81,32 @@ class ApiKeyPermissionMixIn(object):

 class EnrollmentUserThrottle(UserRateThrottle, ApiKeyPermissionMixIn):
    """Limit the number of requests users can make to the enrollment API."""
-    rate = '40/minute'
+    # TODO: After confirming that reducing the throttle is successful, remove
+    # and clean up waffles. The rate limit has been increased over the course
+    # of a few months to account for unnecessary calls from the ecommerce
+    # service. These calls are no longer made and the plan is to set the
+    # rate limit back to its original state. LEARNER-5148
+
+    if USE_RATE_LIMIT_400_FOR_STAFF_FOR_ENROLLMENT_API.is_enabled():
+        THROTTLE_RATES = {
+            'user': '40/minute',
+            'staff': '400/minute',
+        }
+    elif USE_RATE_LIMIT_100_FOR_STAFF_FOR_ENROLLMENT_API.is_enabled():
+        THROTTLE_RATES = {
+            'user': '40/minute',
+            'staff': '100/minute',
+        }
+    elif USE_RATE_LIMIT_40_FOR_ENROLLMENT_API.is_enabled():
+        THROTTLE_RATES = {
+            'user': '40/minute',
+            'staff': '40/minute',
+        }
+    else:
+        THROTTLE_RATES = {
+            'user': '40/minute',
+            'staff': '2000/minute',
+        }

    def allow_request(self, request, view):
        # Use a special scope for staff to allow for a separate throttle rate