do some lamda magic to refactor out the whitelist checking code to be shared between LMS and CMS

cms/djangoapps/contentstore/views/preview.py

@@ -1,9 +1,7 @@
 import logging
 import sys
 from functools import partial
-import re
 
-from django.conf import settings
 from django.http import HttpResponse, Http404, HttpResponseBadRequest, HttpResponseForbidden
 from django.core.urlresolvers import reverse
 from django.contrib.auth.decorators import login_required
@@ -19,6 +17,8 @@ from xmodule.modulestore.mongo import MongoUsage
 from xmodule.x_module import ModuleSystem
 from xblock.runtime import DbModel
 
+from util.sandboxing import can_execute_unsafe_code
+
 import static_replace
 from .session_kv_store import SessionKeyValueStore
 from .requests import render_from_lms
@@ -102,14 +102,6 @@ def preview_module_system(request, preview_id, descriptor):
     # access to the course_id
     course_id = get_course_for_item(descriptor.location).location.course_id
 
-    def can_execute_unsafe_code():
-        # To decide if we can run unsafe code, we check the course id against
-        # a list of regexes configured on the server.
-        for regex in settings.COURSES_WITH_UNSAFE_CODE:
-            if re.match(regex, course_id):
-                return True
-        return False
-
     return ModuleSystem(
         ajax_url=reverse('preview_dispatch', args=[preview_id, descriptor.location.url(), '']).rstrip('/'),
         # TODO (cpennington): Do we want to track how instructors are using the preview problems?
@@ -121,7 +113,7 @@ def preview_module_system(request, preview_id, descriptor):
         replace_urls=partial(static_replace.replace_static_urls, data_directory=None, course_namespace=descriptor.location),
         user=request.user,
         xblock_model_data=preview_model_data,
-        can_execute_unsafe_code=can_execute_unsafe_code,
+        can_execute_unsafe_code=(lambda: can_execute_unsafe_code(course_id)),
     )
 
 

common/djangoapps/util/sandboxing.py

@@ -0,0 +1,11 @@
+import re
+from django.conf import settings
+
+
+def can_execute_unsafe_code(course_id):
+    # To decide if we can run unsafe code, we check the course id against
+    # a list of regexes configured on the server.
+    for regex in settings.COURSES_WITH_UNSAFE_CODE:
+        if re.match(regex, course_id):
+            return True
+    return False

lms/djangoapps/courseware/module_render.py

@@ -37,7 +37,7 @@ from courseware.access import has_access
 from courseware.masquerade import setup_masquerade
 from courseware.model_data import LmsKeyValueStore, LmsUsage, ModelDataCache
 from courseware.models import StudentModule
-
+from util.sandboxing import can_execute_unsafe_code
 
 log = logging.getLogger(__name__)
 
@@ -313,14 +313,6 @@ def get_module_for_descriptor_internal(user, descriptor, model_data_cache, cours
 
         statsd.increment("lms.courseware.question_answered", tags=tags)
 
-    def can_execute_unsafe_code():
-        # To decide if we can run unsafe code, we check the course id against
-        # a list of regexes configured on the server.
-        for regex in settings.COURSES_WITH_UNSAFE_CODE:
-            if re.match(regex, course_id):
-                return True
-        return False
-
     # TODO (cpennington): When modules are shared between courses, the static
     # prefix is going to have to be specific to the module, not the directory
     # that the xml was loaded from
@@ -348,7 +340,7 @@ def get_module_for_descriptor_internal(user, descriptor, model_data_cache, cours
                           open_ended_grading_interface=open_ended_grading_interface,
                           s3_interface=s3_interface,
                           cache=cache,
-                          can_execute_unsafe_code=can_execute_unsafe_code,
+                          can_execute_unsafe_code=(lambda: can_execute_unsafe_code(course_id)),
                           )
     # pass position specified in URL to module through ModuleSystem
     system.set('position', position)