From cb7829f9cefb39f244d9cb016146249851f5eafb Mon Sep 17 00:00:00 2001
From: Shrikrishna Singh <krishnasingh.ss30@gmail.com>
Date: Fri, 29 Apr 2022 16:36:05 +0530
Subject: [PATCH] Add env variable to turn hijack/become feature on/off

---
 hypha/apply/users/urls.py  | 7 ++++++-
 hypha/apply/users/views.py | 2 +-
 hypha/settings/base.py     | 3 ++-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/hypha/apply/users/urls.py b/hypha/apply/users/urls.py
index 94bc9bb2f..53273023e 100644
--- a/hypha/apply/users/urls.py
+++ b/hypha/apply/users/urls.py
@@ -1,3 +1,4 @@
+from django.conf import settings
 from django.contrib.auth import views as auth_views
 from django.urls import include, path, reverse_lazy
 
@@ -37,7 +38,6 @@ public_urlpatterns = [
 urlpatterns = [
     path('account/', include([
         path('', AccountView.as_view(), name='account'),
-        path('become/', become, name='become'),
         path('password/', include([
             path('', EmailChangePasswordView.as_view(), name='email_change_confirm_password'),
             path(
@@ -94,3 +94,8 @@ urlpatterns = [
         path('oauth', oauth, name='oauth'),
     ])),
 ]
+
+if settings.HIJACK_ENABLE:
+    urlpatterns += [
+        path('account/become/', become, name='become'),
+    ]
diff --git a/hypha/apply/users/views.py b/hypha/apply/users/views.py
index 6bf3241b3..7a520c643 100644
--- a/hypha/apply/users/views.py
+++ b/hypha/apply/users/views.py
@@ -89,7 +89,7 @@ class AccountView(UpdateView):
         return reverse_lazy('users:account')
 
     def get_context_data(self, **kwargs):
-        if self.request.user.is_superuser:
+        if self.request.user.is_superuser and settings.HIJACK_ENABLE:
             swappable_form = BecomeUserForm()
         else:
             swappable_form = None
diff --git a/hypha/settings/base.py b/hypha/settings/base.py
index 8eb1f01fa..845ef28b7 100644
--- a/hypha/settings/base.py
+++ b/hypha/settings/base.py
@@ -143,10 +143,10 @@ MIDDLEWARE = [
     'django.middleware.clickjacking.XFrameOptionsMiddleware',
     'django_referrer_policy.middleware.ReferrerPolicyMiddleware',
     'django_otp.middleware.OTPMiddleware',
+    'hypha.apply.users.middleware.TwoFactorAuthenticationMiddleware',
 
     'hijack.middleware.HijackUserMiddleware',
 
-    'hypha.apply.users.middleware.TwoFactorAuthenticationMiddleware',
     'hypha.apply.users.middleware.SocialAuthExceptionMiddleware',
 
     'wagtail.contrib.redirects.middleware.RedirectMiddleware',
@@ -497,6 +497,7 @@ FILE_ALLOWED_EXTENSIONS = ['doc', 'docx', 'odp', 'ods', 'odt', 'pdf', 'ppt', 'pp
 FILE_ACCEPT_ATTR_VALUE = ', '.join(['.' + ext for ext in FILE_ALLOWED_EXTENSIONS])
 
 # Hijack Settings
+HIJACK_ENABLE = env.bool('HIJACK_ENABLE', False)
 HIJACK_LOGIN_REDIRECT_URL = '/dashboard/'
 HIJACK_LOGOUT_REDIRECT_URL = '/account/'
 HIJACK_DECORATOR = 'hypha.apply.users.decorators.superuser_decorator'
-- 
GitLab