Skip to content

E
edx-platform
Commit bf3a7287 by Chris Dodge
Options

do some lamda magic to refactor out the whitelist checking code to be shared between LMS and CMS

parent 11ef3961
Showing with 16 additions and 21 deletions
cms/djangoapps/contentstore/views/preview.py
import logging import logging
import sys import sys
from functools import partial from functools import partial
import re
from django.conf import settings
from django.http import HttpResponse, Http404, HttpResponseBadRequest, HttpResponseForbidden from django.http import HttpResponse, Http404, HttpResponseBadRequest, HttpResponseForbidden
from django.core.urlresolvers import reverse from django.core.urlresolvers import reverse
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
...@@ -19,6 +17,8 @@ from xmodule.modulestore.mongo import MongoUsage ...@@ -19,6 +17,8 @@ from xmodule.modulestore.mongo import MongoUsage
from xmodule.x_module import ModuleSystem from xmodule.x_module import ModuleSystem
from xblock.runtime import DbModel from xblock.runtime import DbModel
from util.sandboxing import can_execute_unsafe_code
import static_replace import static_replace
from .session_kv_store import SessionKeyValueStore from .session_kv_store import SessionKeyValueStore
from .requests import render_from_lms from .requests import render_from_lms
...@@ -102,14 +102,6 @@ def preview_module_system(request, preview_id, descriptor): ...@@ -102,14 +102,6 @@ def preview_module_system(request, preview_id, descriptor):
# access to the course_id # access to the course_id
course_id = get_course_for_item(descriptor.location).location.course_id course_id = get_course_for_item(descriptor.location).location.course_id
def can_execute_unsafe_code():
# To decide if we can run unsafe code, we check the course id against
# a list of regexes configured on the server.
for regex in settings.COURSES_WITH_UNSAFE_CODE:
if re.match(regex, course_id):
return True
return False
return ModuleSystem( return ModuleSystem(
ajax_url=reverse('preview_dispatch', args=[preview_id, descriptor.location.url(), '']).rstrip('/'), ajax_url=reverse('preview_dispatch', args=[preview_id, descriptor.location.url(), '']).rstrip('/'),
# TODO (cpennington): Do we want to track how instructors are using the preview problems? # TODO (cpennington): Do we want to track how instructors are using the preview problems?
...@@ -121,7 +113,7 @@ def preview_module_system(request, preview_id, descriptor): ...@@ -121,7 +113,7 @@ def preview_module_system(request, preview_id, descriptor):
replace_urls=partial(static_replace.replace_static_urls, data_directory=None, course_namespace=descriptor.location), replace_urls=partial(static_replace.replace_static_urls, data_directory=None, course_namespace=descriptor.location),
user=request.user, user=request.user,
xblock_model_data=preview_model_data, xblock_model_data=preview_model_data,
can_execute_unsafe_code=can_execute_unsafe_code, can_execute_unsafe_code=(lambda: can_execute_unsafe_code(course_id)),
) )
......
common/djangoapps/util/sandboxing.py 0 → 100644
import re
from django.conf import settings
def can_execute_unsafe_code(course_id):
# To decide if we can run unsafe code, we check the course id against
# a list of regexes configured on the server.
for regex in settings.COURSES_WITH_UNSAFE_CODE:
if re.match(regex, course_id):
return True
return False
lms/djangoapps/courseware/module_render.py
...@@ -37,7 +37,7 @@ from courseware.access import has_access ...@@ -37,7 +37,7 @@ from courseware.access import has_access
from courseware.masquerade import setup_masquerade from courseware.masquerade import setup_masquerade
from courseware.model_data import LmsKeyValueStore, LmsUsage, ModelDataCache from courseware.model_data import LmsKeyValueStore, LmsUsage, ModelDataCache
from courseware.models import StudentModule from courseware.models import StudentModule
from util.sandboxing import can_execute_unsafe_code
log = logging.getLogger(__name__) log = logging.getLogger(__name__)
...@@ -313,14 +313,6 @@ def get_module_for_descriptor_internal(user, descriptor, model_data_cache, cours ...@@ -313,14 +313,6 @@ def get_module_for_descriptor_internal(user, descriptor, model_data_cache, cours
statsd.increment("lms.courseware.question_answered", tags=tags) statsd.increment("lms.courseware.question_answered", tags=tags)
def can_execute_unsafe_code():
# To decide if we can run unsafe code, we check the course id against
# a list of regexes configured on the server.
for regex in settings.COURSES_WITH_UNSAFE_CODE:
if re.match(regex, course_id):
return True
return False
# TODO (cpennington): When modules are shared between courses, the static # TODO (cpennington): When modules are shared between courses, the static
# prefix is going to have to be specific to the module, not the directory # prefix is going to have to be specific to the module, not the directory
# that the xml was loaded from # that the xml was loaded from
...@@ -348,7 +340,7 @@ def get_module_for_descriptor_internal(user, descriptor, model_data_cache, cours ...@@ -348,7 +340,7 @@ def get_module_for_descriptor_internal(user, descriptor, model_data_cache, cours
open_ended_grading_interface=open_ended_grading_interface, open_ended_grading_interface=open_ended_grading_interface,
s3_interface=s3_interface, s3_interface=s3_interface,
cache=cache, cache=cache,
can_execute_unsafe_code=can_execute_unsafe_code, can_execute_unsafe_code=(lambda: can_execute_unsafe_code(course_id)),
) )
# pass position specified in URL to module through ModuleSystem # pass position specified in URL to module through ModuleSystem
system.set('position', position) system.set('position', position)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment