limit course reload to localhost or user.is_staff

9de6e281 · ichuang · 10f53d62 · 9de6e281 · 9de6e281
Commit 9de6e281 authored Aug 03, 2012 by ichuang
Hide whitespace changes
Inline Side-by-side

Showing with 9 additions and 4 deletions

lms/djangoapps/lms_migration/migrate.py
+8 -3

lms/envs/dev.py
+1 -1

No files found.
--- a/lms/djangoapps/lms_migration/migrate.py
+++ b/lms/djangoapps/lms_migration/migrate.py
@@ -38,11 +38,16 @@ def manage_modulestores(request,reload_dir=None):
    
    if LOCAL_DEBUG:
        html += '<h3>IP address: %s ' % ip
+        log.debug('request from ip=%s' % ip)

    if not (ip in ALLOWED_IPS or 'any' in ALLOWED_IPS):
-        html += 'Permission denied'
-        html += "</body></html>"
-        return HttpResponse(html)    
+        if request.user and request.user.is_staff:
+            log.debug('request allowed because user=%s is staff' % request.user)
+        else:
+            html += 'Permission denied'
+            html += "</body></html>"
+            log.debug('request denied, ALLOWED_IPS=%s' % ALLOWED_IPS)
+            return HttpResponse(html)    

    #----------------------------------------
    # reload course if specified

--- a/lms/envs/dev.py
+++ b/lms/envs/dev.py
@@ -62,7 +62,7 @@ SECRET_KEY = '85920908f28904ed733fe576320db18cabd7b6cd'
 MITX_FEATURES['ENABLE_LMS_MIGRATION'] = True
 MITX_FEATURES['ACCESS_REQUIRE_STAFF_FOR_COURSE'] = True

-LMS_MIGRATION_ALLOWED_IPS = ['any']
+LMS_MIGRATION_ALLOWED_IPS = ['127.0.0.1']

 ################################ OpenID Auth #################################
 MITX_FEATURES['AUTH_USE_OPENID'] = True