Merge pull request #372 from edx/fix/cdodge/update-localdev-setting-for-unsafe-courses

Fix/cdodge/update localdev setting for unsafe courses
2013-07-11 13:01:45 -07:00
parent 50ea165a8e fbe2cde6e5
commit cf2b1e0595
3 changed files with 12 additions and 1 deletions
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -368,3 +368,5 @@ MKTG_URL_LINK_MAP = {
    'HONOR': 'honor',
    'PRIVACY': 'privacy_edx',
 }
+
+COURSES_WITH_UNSAFE_CODE = []
--- a/common/djangoapps/util/sandboxing.py
+++ b/common/djangoapps/util/sandboxing.py
@@ -14,7 +14,9 @@ def can_execute_unsafe_code(course_id):
    """
    # To decide if we can run unsafe code, we check the course id against
    # a list of regexes configured on the server.
-    for regex in settings.COURSES_WITH_UNSAFE_CODE:
+    # If this is not defined in the environment variables then default to the most restrictive, which
+    # is 'no unsafe courses'
+    for regex in getattr(settings, 'COURSES_WITH_UNSAFE_CODE', []):
        if re.match(regex, course_id):
            return True
    return False
--- a/common/djangoapps/util/tests/test_sandboxing.py
+++ b/common/djangoapps/util/tests/test_sandboxing.py
@@ -25,3 +25,10 @@ class SandboxingTest(TestCase):
        """
        self.assertTrue(can_execute_unsafe_code('edX/full/2012_Fall'))
        self.assertTrue(can_execute_unsafe_code('edX/full/2013_Spring'))
+
+    def test_courses_with_unsafe_code_default(self):
+        """
+        Test that the default setting for COURSES_WITH_UNSAFE_CODE is an empty setting, e.g. we don't use @override_settings in these tests
+        """
+        self.assertFalse(can_execute_unsafe_code('edX/full/2012_Fall'))
+        self.assertFalse(can_execute_unsafe_code('edX/full/2013_Spring'))