Merge pull request #47 from Stanford-Online/jbau/direct-access-logout-studio

middleware for CMS logging out all sneakpeek users

Merge pull request #47 from Stanford-Online/jbau/direct-access-logout-studio
middleware for CMS logging out all sneakpeek users
6f2af37b · Jason Bau · 57217ed8 · 19e79a0d · 6f2af37b · 6f2af37b
Commit 6f2af37b authored Jun 24, 2014 by Jason Bau
Hide whitespace changes
Inline Side-by-side

Showing with 29 additions and 0 deletions

cms/djangoapps/sneakpeek/__init__.py
+0 -0

cms/djangoapps/sneakpeek/middleware.py
+26 -0

cms/envs/common.py
+3 -0

No files found.
--- a/cms/djangoapps/sneakpeek/__init__.py
+++ b/cms/djangoapps/sneakpeek/__init__.py
--- a/cms/djangoapps/sneakpeek/middleware.py
+++ b/cms/djangoapps/sneakpeek/middleware.py
+"""
+Middleware class handling sneakpeek in cms, which should never be allowed
+"""
+from student.models import UserProfile
+from django.contrib.auth import logout
+from django.shortcuts import redirect
+
+class SneakPeekLogoutMiddleware(object):
+    """
+    Middleware that logs out all sneakpeek users and then retries (redirects) the same URL
+    """
+    def process_request(self, request):
+        """
+        logs out all sneakpeek users and then retries (redirects) the same URL
+        """
+        #Do nothing with AnonymousUser
+        if request.user.is_anonymous():
+            return None
+
+        #Do nothing with non-sneakpeek user
+        if UserProfile.has_registered(request.user):
+            return None
+
+        logout(request)
+        return redirect(request.get_full_path())
+
--- a/cms/envs/common.py
+++ b/cms/envs/common.py
@@ -226,6 +226,9 @@ MIDDLEWARE_CLASSES = (

    # use Django built in clickjacking protection
    'django.middleware.clickjacking.XFrameOptionsMiddleware',
+
+    # Log out sneakpeek users
+    'sneakpeek.middleware.SneakPeekLogoutMiddleware',
 )

 # Clickjacking protection can be enabled by setting this to 'DENY'