middleware for CMS logging out all sneakpeek users

19e79a0d · Jason Bau · 198f23ed · 19e79a0d · 19e79a0d · 19e79a0d
Commit 19e79a0d authored Jun 23, 2014 by Jason Bau
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 0 deletions

cms/djangoapps/sneakpeek/__init__.py
+0 -0

cms/djangoapps/sneakpeek/middleware.py
+26 -0

cms/envs/common.py
+3 -0

No files found.
--- a/cms/djangoapps/sneakpeek/__init__.py
+++ b/cms/djangoapps/sneakpeek/__init__.py
--- a/cms/djangoapps/sneakpeek/middleware.py
+++ b/cms/djangoapps/sneakpeek/middleware.py
+"""
+Middleware class handling sneakpeek in cms, which should never be allowed
+"""
+from student.models import UserProfile
+from django.contrib.auth import logout
+from django.shortcuts import redirect
+class SneakPeekLogoutMiddleware(object):
+    """
+    Middleware that logs out all sneakpeek users and then retries (redirects) the same URL
+    """
+    def process_request(self, request):
+        """
+        logs out all sneakpeek users and then retries (redirects) the same URL
+        """
+        #Do nothing with AnonymousUser
+        if request.user.is_anonymous():
+            return None
+        #Do nothing with non-sneakpeek user
+        if UserProfile.has_registered(request.user):
+            return None
+        logout(request)
+        return redirect(request.get_full_path())
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -229,6 +229,9 @@ MIDDLEWARE_CLASSES = (
    # use Django built in clickjacking protection
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+    # Log out sneakpeek users
+    'sneakpeek.middleware.SneakPeekLogoutMiddleware',
 )
 # Clickjacking protection can be enabled by setting this to 'DENY'