Vulnerability in EPiServer.Forms
I have a 3-for-2 campaign (BuyQuantityGetFreeItems) within a category.
I buy quantity 2 of item A and 1 quantity B, and end up getting B for free. I also add item C that has no discount to the order.
The problem occurs when retrieving skuIds connected to promotion:
// fetching all active promotions on orderForm
foreach (var promotion in orderForm.Promotions)
var skuIds = promotion.Entries.Select(e => e.EntryCode).ToList();
Here I would expect to get both item A and B, but I only get item B.
Both A and B are active on the promotion, and B would not have been free had I not bought 2 of item A.
Am I missing something here, or is this a bug?
I believe promotions.entries just shows what line items have been affected by an applied promotion.
So in your example, it would contain a collection of 1 with line item B's sku id and discounted amount.
Found a solution with help from support.
I wrote a blog post about the issue, read it here:https://www.getadigital.com/blog/working-with-promotions-in-optimizely-commerce-cloud