Disabled throttling of staff users (#134)

* Disabled throttling of staff users

ECOM-4793

* Updated UserThrottleRateAdmin

ECOM-4793

* Updated edx-drf-extensions

Version 1.0.0 includes support for properly creating staff users.

ECOM-4793

course_discovery/apps/core/admin.py

@@ -24,7 +24,9 @@ class CustomUserAdmin(UserAdmin):
 class UserThrottleRateAdmin(admin.ModelAdmin):
     """ Admin configuration for the UserThrottleRate model. """
     form = UserThrottleRateForm
+    list_display = ('user', 'rate',)
     raw_id_fields = ('user',)
+    search_fields = ('user__username',)
 
 
 @admin.register(Currency)

course_discovery/apps/core/tests/test_throttles.py

@@ -27,23 +27,39 @@ class RateLimitingTest(APITestCase):
         cache.clear()
 
     def _make_requests(self):
+        """ Make multiple requests until the throttle's limit is exceeded.
+
+        Returns
+            Response: Response of the last request.
+        """
         num_requests = OverridableUserRateThrottle().num_requests
         for __ in range(num_requests + 1):
             response = self.client.get(self.url)
         return response
 
     def test_rate_limiting(self):
+        """ Verify the API responds with HTTP 429 if a normal user exceeds the rate limit. """
         response = self._make_requests()
         self.assertEqual(response.status_code, 429)
 
     def test_user_throttle_rate(self):
+        """ Verify the UserThrottleRate can be used to override the default rate limit. """
         UserThrottleRate.objects.create(user=self.user, rate='1000/day')
+        self.assert_rate_limit_successfully_exceeded()
+
+    def assert_rate_limit_successfully_exceeded(self):
+        """ Asserts that the throttle's rate limit can be exceeded without encountering an error. """
         response = self._make_requests()
         self.assertEqual(response.status_code, 200)
 
     def test_superuser_throttling(self):
+        """ Verify superusers are not throttled. """
         self.user.is_superuser = True
+        self.user.save()
+        self.assert_rate_limit_successfully_exceeded()
+
+    def test_staff_throttling(self):
+        """ Verify staff users are not throttled. """
         self.user.is_staff = True
         self.user.save()
-        response = self._make_requests()
-        self.assertEqual(response.status_code, 200)
+        self.assert_rate_limit_successfully_exceeded()

course_discovery/apps/core/throttles.py

@@ -11,7 +11,7 @@ class OverridableUserRateThrottle(UserRateThrottle):
         user = request.user
 
         if user and user.is_authenticated():
-            if user.is_superuser:
+            if user.is_superuser or user.is_staff:
                 return True
             try:
                 # Override this throttle's rate if applicable

requirements/base.txt

@@ -14,7 +14,7 @@ django-rest-swagger[reST]==0.3.7
 dry-rest-permissions==0.1.6
 edx-auth-backends==0.5.0
 edx-ccx-keys==0.2.0
-edx-drf-extensions==0.5.1
+edx-drf-extensions==1.0.0
 edx-opaque-keys==0.3.1
 edx-rest-api-client==1.6.0
 elasticsearch>=1.0.0,<2.0.0