From 48c17803c2ffe9ee20cb27defa7ed2c05fcb8f0b Mon Sep 17 00:00:00 2001
From: Emma Green <emma.green.software@gmail.com>
Date: Thu, 15 Aug 2019 17:02:36 -0400
Subject: [PATCH] add endpoint that takes a user id to allow us to correctly
 get the discount after checkout to correctly create order

---
 openedx/features/discounts/urls.py  |  5 ++-
 openedx/features/discounts/views.py | 67 ++++++++++++++++++++++++++++-
 2 files changed, 70 insertions(+), 2 deletions(-)

diff --git a/openedx/features/discounts/urls.py b/openedx/features/discounts/urls.py
index 079454070fd..73113f117d3 100644
--- a/openedx/features/discounts/urls.py
+++ b/openedx/features/discounts/urls.py
@@ -6,8 +6,11 @@ from __future__ import absolute_import
 from django.conf import settings
 from django.conf.urls import url
 
-from .views import CourseUserDiscount
+from .views import CourseUserDiscount, CourseUserDiscountWithUserParam
 
 urlpatterns = [
     url(r'^course/{}'.format(settings.COURSE_KEY_PATTERN), CourseUserDiscount.as_view(), name='course_user_discount'),
+    url(r'^user/(?P<user_id>[^/]*)/course/{}'.format(settings.COURSE_KEY_PATTERN),
+        CourseUserDiscountWithUserParam.as_view(),
+        name='course_user_discount_with_param'),
 ]
diff --git a/openedx/features/discounts/views.py b/openedx/features/discounts/views.py
index 86262078179..548b283838f 100644
--- a/openedx/features/discounts/views.py
+++ b/openedx/features/discounts/views.py
@@ -6,10 +6,12 @@ The Discount API Views should return information about discounts that apply to t
 
 from __future__ import absolute_import
 
+from django.contrib.auth.models import User
 from django.utils.decorators import method_decorator
 from edx_rest_framework_extensions.auth.jwt.authentication import JwtAuthentication
 from edx_rest_framework_extensions.auth.session.authentication import SessionAuthenticationAllowInactiveUser
 from opaque_keys.edx.keys import CourseKey
+from rest_framework.permissions import IsAdminUser
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
@@ -44,7 +46,7 @@ class CourseUserDiscount(DeveloperErrorViewMixin, APIView):
     **Parameters:**
 
         course_key_string:
-            The course key for the which the discount should be applied
+            The course key for which the discount should be applied
 
     **Returns**
 
@@ -76,3 +78,66 @@ class CourseUserDiscount(DeveloperErrorViewMixin, APIView):
         return Response({
             'discount_applicable': discount_applicable,
             'jwt': create_jwt_for_user(request.user, additional_claims=payload)})
+
+
+class CourseUserDiscountWithUserParam(DeveloperErrorViewMixin, APIView):
+    """
+    DO NOT USE
+
+    This should not be used for anything other than getting the course/user discount information from
+    ecommerce after payment in order to build an order. We plan to build orders before payment in this
+    ticket: REV-692, at which point, this endpoint will no longer be necessary and should be removed.
+
+    **Use Cases**
+
+        Request discount information for a user and course
+
+    **Example Requests**
+
+        GET /api/discounts/v1/user/{user_id}/course/{course_key_string}
+
+    **Response Values**
+
+        Body consists of the following fields:
+            discount_applicable:
+                whether the user can receive a discount for this course
+            jwt:
+                the jwt with user information and discount information
+
+    **Parameters:**
+
+        course_key_string:
+            The course key for which the discount should be applied
+        user_id
+            The user id for which the discount should be applied
+
+    **Returns**
+
+        * 200 on success with above fields.
+
+        Example response:
+        {
+            "discount_applicable": false,
+            "jwt": xxxxxxxx.xxxxxxxx.xxxxxxx
+        }
+    """
+    authentication_classes = (JwtAuthentication, OAuth2AuthenticationAllowInactiveUser,
+                              SessionAuthenticationAllowInactiveUser,)
+    permission_classes = (ApiKeyHeaderPermissionIsAuthenticated, IsAdminUser)
+
+    # Since the course about page on the marketing site uses this API to auto-enroll users,
+    # we need to support cross-domain CSRF.
+    @method_decorator(ensure_csrf_cookie_cross_domain)
+    def get(self, request, course_key_string, user_id):
+        """
+        Return the discount percent, if the user has appropriate permissions.
+        """
+        course_key = CourseKey.from_string(course_key_string)
+        course = CourseOverview.get_from_id(course_key)
+        user = User.objects.get(id=user_id)
+        discount_applicable = can_receive_discount(user=user, course=course)
+        discount_percent = discount_percentage()
+        payload = {'discount_applicable': discount_applicable, 'discount_percent': discount_percent}
+        return Response({
+            'discount_applicable': discount_applicable,
+            'jwt': create_jwt_for_user(request.user, additional_claims=payload)})
-- 
GitLab