Add validations to entitlement-enrollments API to prevent users from enrolling in unenrollable/non-upgradable runs

Description

It is possible for users to spend entitlements to enroll in runs that are no longer upgradable, by sending a manual request to the entitlement enrollments API. Although it's unlikely for this to happen, it would probably be a good idea to add some validations to the API to ensure the run the user is trying to enroll in is actually enrollable and upgradable.

AC

  • Validate that a User cannot enroll in a course that is not Upgradable.

Implementation Notes

Steps to Reproduce

None

Current Behavior

None

Expected Behavior

None

Reason for Variance

None

Release Notes

None

User Impact Summary

None

Activity

Show:
Harry Rein
January 10, 2018, 7:35 PM

Probably just rework get_visible_sessions_for_entitlement(entitlement) or get_fulfillable_course_runs_for_entitlement in ..djangoapps/catalog/utils.py

Fixed

Assignee

Albert (AJ) St. Aubin

Reporter

Anthony Mangano

Reach

None

Impact

None

Platform Area

None

Customer

None

Partner Manager

None

URL

None

Contributor Name

None

Groups with Read-Only Access

None

Actual Points

None

Category of Work

None

Platform Map Area (Levels 1 & 2)

None

Platform Map Area (Levels 3 & 4)

None

Story Points

2

Sprint

None

Priority

Unset
Configure