Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add a 'can_execute_unsafe_code' callback method (ala LMS) to allow for whitelisting of courses with respect to codejailing

Browse Source
This commit is contained in:
Chris Dodge
2013-07-01 12:57:52 -04:00
parent 221db93f01
commit 63ed16e118
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
cms/djangoapps/contentstore/views/preview.py
View File

@@ -1,7 +1,9 @@
import logging
import sys
from functools import partial
import re
from django.conf import settings
from django.http import HttpResponse, Http404, HttpResponseBadRequest, HttpResponseForbidden
from django.core.urlresolvers import reverse
from django.contrib.auth.decorators import login_required
@@ -21,6 +23,7 @@ import static_replace
from .session_kv_store import SessionKeyValueStore
from .requests import render_from_lms
from .access import has_access
from ..utils import get_course_for_item
__all__ = ['preview_dispatch', 'preview_component']
@@ -93,6 +96,20 @@ def preview_module_system(request, preview_id, descriptor):
MongoUsage(preview_id, descriptor.location.url()),
)
# unfortunately this is duplicate code from module_render.py (LMS)
# refactoring this to be more DRY means having the change the call signature
# to pass along a course_id, however, deep in the code where the call is actually made, we don't always have
# access to the course_id
course_id = get_course_for_item(descriptor.location).location.course_id
def can_execute_unsafe_code():
# To decide if we can run unsafe code, we check the course id against
# a list of regexes configured on the server.
for regex in settings.COURSES_WITH_UNSAFE_CODE:
if re.match(regex, course_id):
return True
return False
return ModuleSystem(
ajax_url=reverse('preview_dispatch', args=[preview_id, descriptor.location.url(), '']).rstrip('/'),
# TODO (cpennington): Do we want to track how instructors are using the preview problems?
@@ -104,6 +121,7 @@ def preview_module_system(request, preview_id, descriptor):
replace_urls=partial(static_replace.replace_static_urls, data_directory=None, course_namespace=descriptor.location),
user=request.user,
xblock_model_data=preview_model_data,
can_execute_unsafe_code=can_execute_unsafe_code,
)