Merge pull request #11151 from edx/peter-fogg/disable-audit-cert-gen

[wip] Mark GeneratedCertificate records for audit mode as not eligible for a certificate.

common/djangoapps/course_modes/models.py

@@ -592,6 +592,18 @@ class CourseMode(models.Model):
         modes = cls.modes_for_course(course_id)
         return min(mode.min_price for mode in modes if mode.currency.lower() == currency.lower())
 
+    @classmethod
+    def is_eligible_for_certificate(cls, mode_slug):
+        """
+        Returns whether or not the given mode_slug is eligible for a
+        certificate. Currently all modes other than 'audit' grant a
+        certificate. Note that audit enrollments which existed prior
+        to December 2015 *were* given certificates, so there will be
+        GeneratedCertificate records with mode='audit' and
+        eligible_for_certificate=True.
+        """
+        return mode_slug != cls.AUDIT
+
     def to_tuple(self):
         """
         Takes a mode model and turns it into a model named tuple.

common/djangoapps/course_modes/tests/test_models.py

@@ -430,3 +430,16 @@ class CourseModeModelTest(TestCase):
         verified_mode.expiration_datetime = None
         self.assertFalse(verified_mode.expiration_datetime_is_explicit)
         self.assertIsNone(verified_mode.expiration_datetime)
+
+    @ddt.data(
+        (CourseMode.AUDIT, False),
+        (CourseMode.HONOR, True),
+        (CourseMode.VERIFIED, True),
+        (CourseMode.CREDIT_MODE, True),
+        (CourseMode.PROFESSIONAL, True),
+        (CourseMode.NO_ID_PROFESSIONAL_MODE, True),
+    )
+    @ddt.unpack
+    def test_eligible_for_cert(self, mode_slug, expected_eligibility):
+        """Verify that non-audit modes are eligible for a cert."""
+        self.assertEqual(CourseMode.is_eligible_for_certificate(mode_slug), expected_eligibility)

common/djangoapps/student/management/commands/get_grades.py

@@ -97,7 +97,9 @@ class Command(BaseCommand):
         cert_grades = {
             cert.user.username: cert.grade
             for cert in list(
-                GeneratedCertificate.objects.filter(course_id=course_key).prefetch_related('user')
+                GeneratedCertificate.objects.filter(  # pylint: disable=no-member
+                    course_id=course_key
+                ).prefetch_related('user')
             )
         }
         print "Grading students"

lms/djangoapps/certificates/api.py

@@ -78,7 +78,7 @@ def get_certificates_for_user(username):
                 else None
             ),
         }
-        for cert in GeneratedCertificate.objects.filter(user__username=username).order_by("course_id")
+        for cert in GeneratedCertificate.eligible_certificates.filter(user__username=username).order_by("course_id")
     ]
 
 
@@ -109,11 +109,14 @@ def generate_user_certificates(student, course_key, course=None, insecure=False,
     if insecure:
         xqueue.use_https = False
     generate_pdf = not has_html_certificates_enabled(course_key, course)
-    status, cert = xqueue.add_cert(student, course_key,
-                                   course=course,
-                                   generate_pdf=generate_pdf,
-                                   forced_grade=forced_grade)
-    if status in [CertificateStatuses.generating, CertificateStatuses.downloadable]:
+    cert = xqueue.add_cert(
+        student,
+        course_key,
+        course=course,
+        generate_pdf=generate_pdf,
+        forced_grade=forced_grade
+    )
+    if cert.status in [CertificateStatuses.generating, CertificateStatuses.downloadable]:
         emit_certificate_event('created', student, course_key, course, {
             'user_id': student.id,
             'course_id': unicode(course_key),
@@ -121,7 +124,7 @@ def generate_user_certificates(student, course_key, course=None, insecure=False,
             'enrollment_mode': cert.mode,
             'generation_mode': generation_mode
         })
-    return status
+    return cert.status
 
 
 def regenerate_user_certificates(student, course_key, course=None,
@@ -385,7 +388,7 @@ def get_certificate_url(user_id=None, course_id=None, uuid=None):
                 )
                 return url
         try:
-            user_certificate = GeneratedCertificate.objects.get(
+            user_certificate = GeneratedCertificate.eligible_certificates.get(
                 user=user_id,
                 course_id=course_id
             )

lms/djangoapps/certificates/management/commands/create_fake_cert.py

@@ -76,7 +76,7 @@ class Command(BaseCommand):
         status = options.get('status', CertificateStatuses.downloadable)
         grade = options.get('grade', '')
 
-        cert, created = GeneratedCertificate.objects.get_or_create(
+        cert, created = GeneratedCertificate.eligible_certificates.get_or_create(
             user=user,
             course_id=course_key
         )

lms/djangoapps/certificates/management/commands/fix_ungraded_certs.py

@@ -42,8 +42,9 @@ class Command(BaseCommand):
     def handle(self, *args, **options):
         course_id = options['course']
         print "Fetching ungraded students for {0}".format(course_id)
-        ungraded = GeneratedCertificate.objects.filter(
-            course_id__exact=course_id).filter(grade__exact='')
+        ungraded = GeneratedCertificate.objects.filter(  # pylint: disable=no-member
+            course_id__exact=course_id
+        ).filter(grade__exact='')
         course = courses.get_course_by_id(course_id)
         factory = RequestFactory()
         request = factory.get('/')

lms/djangoapps/certificates/management/commands/gen_cert_report.py

@@ -70,14 +70,17 @@ class Command(BaseCommand):
         enrolled_total = User.objects.filter(
             courseenrollment__course_id=course_id
         )
-        verified_enrolled = GeneratedCertificate.objects.filter(
-            course_id__exact=course_id, mode__exact='verified'
+        verified_enrolled = GeneratedCertificate.objects.filter(  # pylint: disable=no-member
+            course_id__exact=course_id,
+            mode__exact='verified'
         )
-        honor_enrolled = GeneratedCertificate.objects.filter(
-            course_id__exact=course_id, mode__exact='honor'
+        honor_enrolled = GeneratedCertificate.objects.filter(  # pylint: disable=no-member
+            course_id__exact=course_id,
+            mode__exact='honor'
         )
-        audit_enrolled = GeneratedCertificate.objects.filter(
-            course_id__exact=course_id, mode__exact='audit'
+        audit_enrolled = GeneratedCertificate.objects.filter(  # pylint: disable=no-member
+            course_id__exact=course_id,
+            mode__exact='audit'
         )
 
         cert_data[course_id] = {
@@ -88,7 +91,7 @@ class Command(BaseCommand):
             'audit_enrolled': audit_enrolled.count()
         }
 
-        status_tally = GeneratedCertificate.objects.filter(
+        status_tally = GeneratedCertificate.objects.filter(  # pylint: disable=no-member
             course_id__exact=course_id
         ).values('status').annotate(
             dcount=Count('status')
@@ -100,7 +103,7 @@ class Command(BaseCommand):
             }
         )
 
-        mode_tally = GeneratedCertificate.objects.filter(
+        mode_tally = GeneratedCertificate.objects.filter(  # pylint: disable=no-member
             course_id__exact=course_id,
             status__exact='downloadable'
         ).values('mode').annotate(

lms/djangoapps/certificates/management/commands/resubmit_error_certificates.py

@@ -81,7 +81,7 @@ class Command(BaseCommand):
         # Retrieve the IDs of generated certificates with
         # error status in the set of courses we're considering.
         queryset = (
-            GeneratedCertificate.objects.select_related('user')
+            GeneratedCertificate.objects.select_related('user')  # pylint: disable=no-member
         ).filter(status=CertificateStatuses.error)
         if only_course_keys:
             queryset = queryset.filter(course_id__in=only_course_keys)

lms/djangoapps/certificates/migrations/0008_generatedcertificate_eligible_for_certificate.py

+# -*- coding: utf-8 -*-
+from __future__ import unicode_literals
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('certificates', '0007_certificateinvalidation'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='generatedcertificate',
+            name='eligible_for_certificate',
+            field=models.BooleanField(default=True),
+        ),
+    ]

lms/djangoapps/certificates/models.py

@@ -143,7 +143,7 @@ class CertificateWhitelist(models.Model):
         if student:
             white_list = white_list.filter(user=student)
         result = []
-        generated_certificates = GeneratedCertificate.objects.filter(
+        generated_certificates = GeneratedCertificate.eligible_certificates.filter(
             course_id=course_id,
             user__in=[exception.user for exception in white_list],
             status=CertificateStatuses.downloadable
@@ -168,11 +168,40 @@ class CertificateWhitelist(models.Model):
         return result
 
 
+class EligibleCertificateManager(models.Manager):
+    """
+    A manager for `GeneratedCertificate` models that automatically
+    filters out ineligible certs.
+
+    The idea is to prevent accidentally granting certificates to
+    students who have not enrolled in a cert-granting mode. The
+    alternative is to filter by eligible_for_certificate=True every
+    time certs are searched for, which is verbose and likely to be
+    forgotten.
+    """
+
+    def get_queryset(self):
+        """
+        Return a queryset for `GeneratedCertificate` models, filtering out
+        ineligible certificates.
+        """
+        return super(EligibleCertificateManager, self).get_queryset().filter(eligible_for_certificate=True)
+
+
 class GeneratedCertificate(models.Model):
     """
     Base model for generated certificates
     """
 
+    # Only returns eligible certificates. This should be used in
+    # preference to the default `objects` manager in most cases.
+    eligible_certificates = EligibleCertificateManager()
+
+    # Normal object manager, which should only be used when ineligible
+    # certificates (i.e. new audit certs) should be included in the
+    # results. Django requires us to explicitly declare this.
+    objects = models.Manager()
+
     MODES = Choices('verified', 'honor', 'audit', 'professional', 'no-id-professional')
 
     VERIFIED_CERTS_MODES = [CourseMode.VERIFIED, CourseMode.CREDIT_MODE]
@@ -191,6 +220,19 @@ class GeneratedCertificate(models.Model):
     created_date = models.DateTimeField(auto_now_add=True)
     modified_date = models.DateTimeField(auto_now=True)
     error_reason = models.CharField(max_length=512, blank=True, default='')
+    # Whether or not this GeneratedCertificate represents a
+    # certificate which can be shown to the user. Grading and
+    # certificate logic is intertwined here, so even enrollments
+    # without certificates (as of Jan 2016, this is only audit mode)
+    # create a GeneratedCertificate record to record the learner's
+    # final grade. Since audit enrollments used to have certificates
+    # and now do not, we need to be able to distinguish between old
+    # records and new in our analytics and reporting. The way we'll do
+    # this is by checking this field. By default it is True in order
+    # to make sure old records are counted correctly, and in
+    # `GeneratedCertificate.add_cert` we set it to False for new audit
+    # enrollments.
+    eligible_for_certificate = models.BooleanField(default=True)
 
     class Meta(object):
         unique_together = (('user', 'course_id'),)
@@ -410,7 +452,7 @@ def certificate_status_for_student(student, course_id):
     '''
 
     try:
-        generated_certificate = GeneratedCertificate.objects.get(
+        generated_certificate = GeneratedCertificate.objects.get(  # pylint: disable=no-member
             user=student, course_id=course_id)
         cert_status = {
             'status': generated_certificate.status,

lms/djangoapps/certificates/tests/test_api.py

@@ -231,7 +231,7 @@ class GenerateUserCertificatesTest(EventTestMixin, WebCertificateTestMixin, Modu
                 certs_api.generate_user_certificates(self.student, self.course.id)
 
         # Verify that the certificate has status 'generating'
-        cert = GeneratedCertificate.objects.get(user=self.student, course_id=self.course.id)
+        cert = GeneratedCertificate.eligible_certificates.get(user=self.student, course_id=self.course.id)
         self.assertEqual(cert.status, CertificateStatuses.generating)
         self.assert_event_emitted(
             'edx.certificate.created',
@@ -249,7 +249,7 @@ class GenerateUserCertificatesTest(EventTestMixin, WebCertificateTestMixin, Modu
                 certs_api.generate_user_certificates(self.student, self.course.id)
 
         # Verify that the certificate has been marked with status error
-        cert = GeneratedCertificate.objects.get(user=self.student, course_id=self.course.id)
+        cert = GeneratedCertificate.eligible_certificates.get(user=self.student, course_id=self.course.id)
         self.assertEqual(cert.status, 'error')
         self.assertIn(self.ERROR_REASON, cert.error_reason)
 
@@ -263,7 +263,7 @@ class GenerateUserCertificatesTest(EventTestMixin, WebCertificateTestMixin, Modu
             certs_api.generate_user_certificates(self.student, self.course.id)
 
         # Verify that the certificate has status 'downloadable'
-        cert = GeneratedCertificate.objects.get(user=self.student, course_id=self.course.id)
+        cert = GeneratedCertificate.eligible_certificates.get(user=self.student, course_id=self.course.id)
         self.assertEqual(cert.status, CertificateStatuses.downloadable)
 
     @patch.dict(settings.FEATURES, {'CERTIFICATES_HTML_VIEW': False})

lms/djangoapps/certificates/tests/test_cert_management.py

@@ -6,6 +6,7 @@ from nose.plugins.attrib import attr
 from django.test.utils import override_settings
 from mock import patch
 
+from course_modes.models import CourseMode
 from opaque_keys.edx.locator import CourseLocator
 from certificates.tests.factories import BadgeAssertionFactory
 from xmodule.modulestore.tests.django_utils import ModuleStoreTestCase
@@ -30,16 +31,17 @@ class CertificateManagementTest(ModuleStoreTestCase):
             for __ in range(3)
         ]
 
-    def _create_cert(self, course_key, user, status):
+    def _create_cert(self, course_key, user, status, mode=CourseMode.HONOR):
         """Create a certificate entry. """
         # Enroll the user in the course
         CourseEnrollmentFactory.create(
             user=user,
-            course_id=course_key
+            course_id=course_key,
+            mode=mode
         )
 
         # Create the certificate
-        GeneratedCertificate.objects.create(
+        GeneratedCertificate.eligible_certificates.create(
             user=user,
             course_id=course_key,
             status=status
@@ -52,7 +54,7 @@ class CertificateManagementTest(ModuleStoreTestCase):
 
     def _assert_cert_status(self, course_key, user, expected_status):
         """Check the status of a certificate. """
-        cert = GeneratedCertificate.objects.get(user=user, course_id=course_key)
+        cert = GeneratedCertificate.eligible_certificates.get(user=user, course_id=course_key)
         self.assertEqual(cert.status, expected_status)
 
 
@@ -61,9 +63,10 @@ class CertificateManagementTest(ModuleStoreTestCase):
 class ResubmitErrorCertificatesTest(CertificateManagementTest):
     """Tests for the resubmit_error_certificates management command. """
 
-    def test_resubmit_error_certificate(self):
+    @ddt.data(CourseMode.HONOR, CourseMode.VERIFIED)
+    def test_resubmit_error_certificate(self, mode):
         # Create a certificate with status 'error'
-        self._create_cert(self.courses[0].id, self.user, CertificateStatuses.error)
+        self._create_cert(self.courses[0].id, self.user, CertificateStatuses.error, mode)
 
         # Re-submit all certificates with status 'error'
         with check_mongo_calls(1):
@@ -198,7 +201,7 @@ class RegenerateCertificatesTest(CertificateManagementTest):
             username=self.user.email, course=unicode(key), noop=False, insecure=True, template_file=None,
             grade_value=None
         )
-        certificate = GeneratedCertificate.objects.get(
+        certificate = GeneratedCertificate.eligible_certificates.get(
             user=self.user,
             course_id=key
         )
@@ -236,7 +239,7 @@ class UngenerateCertificatesTest(CertificateManagementTest):
                 course=unicode(key), noop=False, insecure=True, force=False
             )
         self.assertTrue(mock_send_to_queue.called)
-        certificate = GeneratedCertificate.objects.get(
+        certificate = GeneratedCertificate.eligible_certificates.get(
             user=self.user,
             course_id=key
         )

lms/djangoapps/certificates/tests/test_create_fake_cert.py

@@ -28,7 +28,7 @@ class CreateFakeCertTest(TestCase):
             cert_mode='verified',
             grade='0.89'
         )
-        cert = GeneratedCertificate.objects.get(user=self.user, course_id=self.COURSE_KEY)
+        cert = GeneratedCertificate.eligible_certificates.get(user=self.user, course_id=self.COURSE_KEY)
         self.assertEqual(cert.status, 'downloadable')
         self.assertEqual(cert.mode, 'verified')
         self.assertEqual(cert.grade, '0.89')
@@ -41,7 +41,7 @@ class CreateFakeCertTest(TestCase):
             unicode(self.COURSE_KEY),
             cert_mode='honor'
         )
-        cert = GeneratedCertificate.objects.get(user=self.user, course_id=self.COURSE_KEY)
+        cert = GeneratedCertificate.eligible_certificates.get(user=self.user, course_id=self.COURSE_KEY)
         self.assertEqual(cert.mode, 'honor')
 
     def test_too_few_args(self):

lms/djangoapps/certificates/tests/test_models.py

@@ -8,13 +8,20 @@ from django.test.utils import override_settings
 from nose.plugins.attrib import attr
 from path import Path as path
 
-from opaque_keys.edx.locator import CourseLocator
 from certificates.models import (
     ExampleCertificate,
     ExampleCertificateSet,
     CertificateHtmlViewConfiguration,
     CertificateTemplateAsset,
-    BadgeImageConfiguration)
+    BadgeImageConfiguration,
+    EligibleCertificateManager,
+    GeneratedCertificate,
+)
+from certificates.tests.factories import GeneratedCertificateFactory
+from opaque_keys.edx.locator import CourseLocator
+from student.tests.factories import UserFactory
+from xmodule.modulestore.tests.django_utils import SharedModuleStoreTestCase
+from xmodule.modulestore.tests.factories import CourseFactory
 
 FEATURES_INVALID_FILE_PATH = settings.FEATURES.copy()
 FEATURES_INVALID_FILE_PATH['CERTS_HTML_VIEW_CONFIG_PATH'] = 'invalid/path/to/config.json'
@@ -234,3 +241,42 @@ class CertificateTemplateAssetTest(TestCase):
 
         certificate_template_asset = CertificateTemplateAsset.objects.get(id=1)
         self.assertEqual(certificate_template_asset.asset, 'certificate_template_assets/1/picture2.jpg')
+
+
+@attr('shard_1')
+class EligibleCertificateManagerTest(SharedModuleStoreTestCase):
+    """
+    Test the GeneratedCertificate model's object manager for filtering
+    out ineligible certs.
+    """
+
+    @classmethod
+    def setUpClass(cls):
+        super(EligibleCertificateManagerTest, cls).setUpClass()
+        cls.courses = (CourseFactory(), CourseFactory())
+
+    def setUp(self):
+        super(EligibleCertificateManagerTest, self).setUp()
+        self.user = UserFactory()
+        self.eligible_cert = GeneratedCertificateFactory.create(
+            eligible_for_certificate=True,
+            user=self.user,
+            course_id=self.courses[0].id  # pylint: disable=no-member
+        )
+        self.ineligible_cert = GeneratedCertificateFactory.create(
+            eligible_for_certificate=False,
+            user=self.user,
+            course_id=self.courses[1].id  # pylint: disable=no-member
+        )
+
+    def test_filter_ineligible_certificates(self):
+        """
+        Verify that the EligibleCertificateManager filters out
+        certificates marked as ineligible, and that the default object
+        manager for GeneratedCertificate does not filter them out.
+        """
+        self.assertEqual(list(GeneratedCertificate.eligible_certificates.filter(user=self.user)), [self.eligible_cert])
+        self.assertEqual(
+            list(GeneratedCertificate.objects.filter(user=self.user)),  # pylint: disable=no-member
+            [self.eligible_cert, self.ineligible_cert]
+        )

lms/djangoapps/certificates/tests/test_queue.py

@@ -9,6 +9,7 @@ from nose.plugins.attrib import attr
 from django.test import TestCase
 from django.test.utils import override_settings
 
+from course_modes.models import CourseMode
 from opaque_keys.edx.locator import CourseLocator
 from xmodule.modulestore.tests.django_utils import ModuleStoreTestCase
 from student.tests.factories import UserFactory, CourseEnrollmentFactory
@@ -22,13 +23,14 @@ from xmodule.modulestore.tests.factories import CourseFactory
 # in our `XQueueCertInterface` implementation.
 from capa.xqueue_interface import XQueueInterface
 
-from certificates.queue import XQueueCertInterface
 from certificates.models import (
     ExampleCertificateSet,
     ExampleCertificate,
     GeneratedCertificate,
     CertificateStatuses,
 )
+from certificates.queue import XQueueCertInterface
+from certificates.tests.factories import CertificateWhitelistFactory
 from lms.djangoapps.verify_student.tests.factories import SoftwareSecurePhotoVerificationFactory
 
 
@@ -74,7 +76,7 @@ class XQueueCertInterfaceAddCertificateTest(ModuleStoreTestCase):
 
         # Verify that add_cert method does not add message to queue
         self.assertFalse(mock_send.called)
-        certificate = GeneratedCertificate.objects.get(user=self.user, course_id=self.course.id)
+        certificate = GeneratedCertificate.eligible_certificates.get(user=self.user, course_id=self.course.id)
         self.assertEqual(certificate.status, CertificateStatuses.downloadable)
         self.assertIsNotNone(certificate.verify_uuid)
 
@@ -84,7 +86,11 @@ class XQueueCertInterfaceAddCertificateTest(ModuleStoreTestCase):
         template_name = 'certificate-template-{id.org}-{id.course}.pdf'.format(
             id=self.course.id
         )
-        self.assert_queue_response(mode, mode, template_name)
+        mock_send = self.add_cert_to_queue(mode)
+        if CourseMode.is_eligible_for_certificate(mode):
+            self.assert_certificate_generated(mock_send, mode, template_name)
+        else:
+            self.assert_ineligible_certificate_generated(mock_send, mode)
 
     @ddt.data('credit', 'verified')
     def test_add_cert_with_verified_certificates(self, mode):
@@ -95,10 +101,40 @@ class XQueueCertInterfaceAddCertificateTest(ModuleStoreTestCase):
             id=self.course.id
         )
 
-        self.assert_queue_response(mode, 'verified', template_name)
+        mock_send = self.add_cert_to_queue(mode)
+        self.assert_certificate_generated(mock_send, 'verified', template_name)
 
-    def assert_queue_response(self, mode, expected_mode, expected_template_name):
-        """Dry method for course enrollment and adding request to queue."""
+    def test_ineligible_cert_whitelisted(self):
+        """Test that audit mode students can receive a certificate if they are whitelisted."""
+        # Enroll as audit
+        CourseEnrollmentFactory(
+            user=self.user_2,
+            course_id=self.course.id,
+            is_active=True,
+            mode='audit'
+        )
+        # Whitelist student
+        CertificateWhitelistFactory(course_id=self.course.id, user=self.user_2)
+
+        # Generate certs
+        with patch('courseware.grades.grade', Mock(return_value={'grade': 'Pass', 'percent': 0.75})):
+            with patch.object(XQueueInterface, 'send_to_queue') as mock_send:
+                mock_send.return_value = (0, None)
+                self.xqueue.add_cert(self.user_2, self.course.id)
+
+        # Assert cert generated correctly
+        self.assertTrue(mock_send.called)
+        certificate = GeneratedCertificate.certificate_for_student(self.user_2, self.course.id)
+        self.assertIsNotNone(certificate)
+        self.assertEqual(certificate.mode, 'audit')
+
+    def add_cert_to_queue(self, mode):
+        """
+        Dry method for course enrollment and adding request to
+        queue. Returns a mock object containing information about the
+        `XQueueInterface.send_to_queue` method, which can be used in other
+        assertions.
+        """
         CourseEnrollmentFactory(
             user=self.user_2,
             course_id=self.course.id,
@@ -109,19 +145,42 @@ class XQueueCertInterfaceAddCertificateTest(ModuleStoreTestCase):
             with patch.object(XQueueInterface, 'send_to_queue') as mock_send:
                 mock_send.return_value = (0, None)
                 self.xqueue.add_cert(self.user_2, self.course.id)
+                return mock_send
 
+    def assert_certificate_generated(self, mock_send, expected_mode, expected_template_name):
+        """
+        Assert that a certificate was generated with the correct mode and
+        template type.
+        """
         # Verify that the task was sent to the queue with the correct callback URL
         self.assertTrue(mock_send.called)
         __, kwargs = mock_send.call_args_list[0]
 
         actual_header = json.loads(kwargs['header'])
         self.assertIn('https://edx.org/update_certificate?key=', actual_header['lms_callback_url'])
-        certificate = GeneratedCertificate.objects.get(user=self.user_2, course_id=self.course.id)
-        self.assertEqual(certificate.mode, expected_mode)
 
         body = json.loads(kwargs['body'])
         self.assertIn(expected_template_name, body['template_pdf'])
 
+        certificate = GeneratedCertificate.eligible_certificates.get(user=self.user_2, course_id=self.course.id)
+        self.assertEqual(certificate.mode, expected_mode)
+
+    def assert_ineligible_certificate_generated(self, mock_send, expected_mode):
+        """
+        Assert that an ineligible certificate was generated with the
+        correct mode.
+        """
+        # Ensure the certificate was not generated
+        self.assertFalse(mock_send.called)
+
+        certificate = GeneratedCertificate.objects.get(  # pylint: disable=no-member
+            user=self.user_2,
+            course_id=self.course.id
+        )
+
+        self.assertFalse(certificate.eligible_for_certificate)
+        self.assertEqual(certificate.mode, expected_mode)
+
 
 @attr('shard_1')
 @override_settings(CERT_QUEUE='certificates')

lms/djangoapps/certificates/tests/test_support_views.py

@@ -71,7 +71,7 @@ class CertificateSupportTestCase(ModuleStoreTestCase):
         )
 
         # Create certificates for the student
-        self.cert = GeneratedCertificate.objects.create(
+        self.cert = GeneratedCertificate.eligible_certificates.create(
             user=self.student,
             course_id=self.CERT_COURSE_KEY,
             grade=self.CERT_GRADE,
@@ -259,7 +259,7 @@ class CertificateRegenerateTests(CertificateSupportTestCase):
         # Check that the user's certificate was updated
         # Since the student hasn't actually passed the course,
         # we'd expect that the certificate status will be "notpassing"
-        cert = GeneratedCertificate.objects.get(user=self.student)
+        cert = GeneratedCertificate.eligible_certificates.get(user=self.student)
         self.assertEqual(cert.status, CertificateStatuses.notpassing)
 
     def test_regenerate_certificate_missing_params(self):
@@ -298,7 +298,7 @@ class CertificateRegenerateTests(CertificateSupportTestCase):
 
     def test_regenerate_user_has_no_certificate(self):
         # Delete the user's certificate
-        GeneratedCertificate.objects.all().delete()
+        GeneratedCertificate.eligible_certificates.all().delete()
 
         # Should be able to regenerate
         response = self._regenerate(
@@ -308,7 +308,7 @@ class CertificateRegenerateTests(CertificateSupportTestCase):
         self.assertEqual(response.status_code, 200)
 
         # A new certificate is created
-        num_certs = GeneratedCertificate.objects.filter(user=self.student).count()
+        num_certs = GeneratedCertificate.eligible_certificates.filter(user=self.student).count()
         self.assertEqual(num_certs, 1)
 
     def _regenerate(self, course_key=None, username=None):
@@ -412,7 +412,7 @@ class CertificateGenerateTests(CertificateSupportTestCase):
 
     def test_generate_user_has_no_certificate(self):
         # Delete the user's certificate
-        GeneratedCertificate.objects.all().delete()
+        GeneratedCertificate.eligible_certificates.all().delete()
 
         # Should be able to generate
         response = self._generate(
@@ -422,7 +422,7 @@ class CertificateGenerateTests(CertificateSupportTestCase):
         self.assertEqual(response.status_code, 200)
 
         # A new certificate is created
-        num_certs = GeneratedCertificate.objects.filter(user=self.student).count()
+        num_certs = GeneratedCertificate.eligible_certificates.filter(user=self.student).count()
         self.assertEqual(num_certs, 1)
 
     def _generate(self, course_key=None, username=None):

lms/djangoapps/certificates/tests/test_views.py

@@ -210,7 +210,7 @@ class MicrositeCertificatesViewsTests(ModuleStoreTestCase):
         self.user.profile.name = "Joe User"
         self.user.profile.save()
         self.client.login(username=self.user.username, password='foo')
-        self.cert = GeneratedCertificate.objects.create(
+        self.cert = GeneratedCertificate.eligible_certificates.create(
             user=self.user,
             course_id=self.course_id,
             download_uuid=uuid4(),

lms/djangoapps/certificates/tests/test_webview_views.py

@@ -13,6 +13,7 @@ from django.core.urlresolvers import reverse
 from django.test.client import Client
 from django.test.utils import override_settings
 
+from course_modes.models import CourseMode
 from openedx.core.lib.tests.assertions.events import assert_event_matches
 from student.tests.factories import UserFactory, CourseEnrollmentFactory
 from student.roles import CourseStaffRole
@@ -96,7 +97,8 @@ class CertificatesViewsTests(ModuleStoreTestCase, EventTrackingTestCase):
         )
         CourseEnrollmentFactory.create(
             user=self.user,
-            course_id=self.course_id
+            course_id=self.course_id,
+            mode=CourseMode.HONOR,
         )
         CertificateHtmlViewConfigurationFactory.create()
         LinkedInAddToProfileConfigurationFactory.create()
@@ -378,6 +380,32 @@ class CertificatesViewsTests(ModuleStoreTestCase, EventTrackingTestCase):
         self.assertIn("Cannot Find Certificate", response.content)
         self.assertIn("We cannot find a certificate with this URL or ID number.", response.content)
 
+    @ddt.data(True, False)
+    @override_settings(FEATURES=FEATURES_WITH_CERTS_ENABLED)
+    def test_audit_certificate_display(self, eligible_for_certificate):
+        """
+        Ensure that audit-mode certs are not shown in the web view.
+        """
+        # Convert the cert to audit, with the specified eligibility
+        self.cert.mode = 'audit'
+        self.cert.eligible_for_certificate = eligible_for_certificate
+        self.cert.save()
+
+        self._add_course_certificates(count=1, signatory_count=2)
+        test_url = get_certificate_url(
+            user_id=self.user.id,
+            course_id=unicode(self.course.id)
+        )
+        response = self.client.get(test_url)
+
+        if eligible_for_certificate:
+            self.assertIn(str(self.cert.verify_uuid), response.content)
+        else:
+            self.assertIn("Invalid Certificate", response.content)
+            self.assertIn("Cannot Find Certificate", response.content)
+            self.assertIn("We cannot find a certificate with this URL or ID number.", response.content)
+            self.assertNotIn(str(self.cert.verify_uuid), response.content)
+
     @override_settings(FEATURES=FEATURES_WITH_CERTS_ENABLED)
     def test_html_view_for_invalid_certificate(self):
         """
@@ -533,7 +561,7 @@ class CertificatesViewsTests(ModuleStoreTestCase, EventTrackingTestCase):
             course_id=unicode(self.course.id)
         )
         self.cert.delete()
-        self.assertEqual(len(GeneratedCertificate.objects.all()), 0)
+        self.assertEqual(len(GeneratedCertificate.eligible_certificates.all()), 0)
 
         response = self.client.get(test_url)
         self.assertIn('invalid', response.content)
@@ -556,7 +584,7 @@ class CertificatesViewsTests(ModuleStoreTestCase, EventTrackingTestCase):
         preview mode. Either the certificate is marked active or not.
         """
         self.cert.delete()
-        self.assertEqual(len(GeneratedCertificate.objects.all()), 0)
+        self.assertEqual(len(GeneratedCertificate.eligible_certificates.all()), 0)
         self._add_course_certificates(count=1, signatory_count=2)
         test_url = get_certificate_url(
             user_id=self.user.id,

lms/djangoapps/certificates/views/webview.py

@@ -342,7 +342,7 @@ def _get_user_certificate(request, user, course_key, course, preview_mode=None):
     else:
         # certificate is being viewed by learner or public
         try:
-            user_certificate = GeneratedCertificate.objects.get(
+            user_certificate = GeneratedCertificate.eligible_certificates.get(
                 user=user,
                 course_id=course_key,
                 status=CertificateStatuses.downloadable
@@ -459,7 +459,7 @@ def render_cert_by_uuid(request, certificate_uuid):
     This public view generates an HTML representation of the specified certificate
     """
     try:
-        certificate = GeneratedCertificate.objects.get(
+        certificate = GeneratedCertificate.eligible_certificates.get(
             verify_uuid=certificate_uuid,
             status=CertificateStatuses.downloadable
         )

lms/djangoapps/certificates/views/xqueue.py

@@ -75,7 +75,7 @@ def update_certificate(request):
         try:
             course_key = SlashSeparatedCourseKey.from_deprecated_string(xqueue_body['course_id'])
 
-            cert = GeneratedCertificate.objects.get(
+            cert = GeneratedCertificate.eligible_certificates.get(
                 user__username=xqueue_body['username'],
                 course_id=course_key,
                 key=xqueue_header['lms_key'])

lms/djangoapps/instructor/tests/test_certificates.py

@@ -619,7 +619,7 @@ class CertificateExceptionViewInstructorApiTest(SharedModuleStoreTestCase):
         # Verify that certificate exception successfully removed from CertificateWhitelist and GeneratedCertificate
         with self.assertRaises(ObjectDoesNotExist):
             CertificateWhitelist.objects.get(user=self.user2, course_id=self.course.id)
-            GeneratedCertificate.objects.get(
+            GeneratedCertificate.eligible_certificates.get(
                 user=self.user2, course_id=self.course.id, status__not=CertificateStatuses.unavailable
             )
 
@@ -1010,7 +1010,7 @@ class CertificateInvalidationViewTests(SharedModuleStoreTestCase):
             self.fail("The certificate is not invalidated.")
 
         # Validate generated certificate was invalidated
-        generated_certificate = GeneratedCertificate.objects.get(
+        generated_certificate = GeneratedCertificate.eligible_certificates.get(
             user=self.enrolled_user_1,
             course_id=self.course.id,
         )

lms/djangoapps/instructor/views/api.py

@@ -2785,7 +2785,7 @@ def add_certificate_exception(course_key, student, certificate_exception):
         }
     )
 
-    generated_certificate = GeneratedCertificate.objects.filter(
+    generated_certificate = GeneratedCertificate.eligible_certificates.filter(
         user=student,
         course_id=course_key,
         status=CertificateStatuses.downloadable,
@@ -2822,7 +2822,10 @@ def remove_certificate_exception(course_key, student):
         )
 
     try:
-        generated_certificate = GeneratedCertificate.objects.get(user=student, course_id=course_key)
+        generated_certificate = GeneratedCertificate.objects.get(  # pylint: disable=no-member
+            user=student,
+            course_id=course_key
+        )
         generated_certificate.invalidate()
     except ObjectDoesNotExist:
         # Certificate has not been generated yet, so just remove the certificate exception from white list

lms/djangoapps/instructor_analytics/basic.py

@@ -185,7 +185,7 @@ def issued_certificates(course_key, features):
 
     report_run_date = datetime.date.today().strftime("%B %d, %Y")
     certificate_features = [x for x in CERTIFICATE_FEATURES if x in features]
-    generated_certificates = list(GeneratedCertificate.objects.filter(
+    generated_certificates = list(GeneratedCertificate.eligible_certificates.filter(
         course_id=course_key,
         status=CertificateStatuses.downloadable
     ).values(*certificate_features).annotate(total_issued_certificate=Count('mode')))

lms/djangoapps/instructor_task/tasks_helper.py

@@ -1584,7 +1584,7 @@ def invalidate_generated_certificates(course_id, enrolled_students, certificate_
     :param enrolled_students: (queryset or list) students enrolled in the course
     :param certificate_statuses: certificates statuses for whom to remove generated certificate
     """
-    certificates = GeneratedCertificate.objects.filter(
+    certificates = GeneratedCertificate.objects.filter(  # pylint: disable=no-member
         user__in=enrolled_students,
         course_id=course_id,
         status__in=certificate_statuses,

lms/djangoapps/instructor_task/tests/test_tasks_helper.py

@@ -1802,7 +1802,7 @@ class TestCertificateGeneration(InstructorTaskModuleTestCase):
             },
             result
         )
-        generated_certificates = GeneratedCertificate.objects.filter(
+        generated_certificates = GeneratedCertificate.eligible_certificates.filter(
             user__in=students,
             course_id=self.course.id,
             mode='honor'
@@ -1912,7 +1912,7 @@ class TestCertificateGeneration(InstructorTaskModuleTestCase):
             result
         )
 
-        generated_certificates = GeneratedCertificate.objects.filter(
+        generated_certificates = GeneratedCertificate.eligible_certificates.filter(
             user__in=students,
             course_id=self.course.id,
             mode='honor'