From 25a890d8edee2c4dbaee8d0052daa5bbbcbbff9e Mon Sep 17 00:00:00 2001
From: Jordan Milne <jordan.milne@saynotolinux.com>
Date: Fri, 15 Aug 2014 13:25:02 -0300
Subject: [PATCH] Replace `disable_require_employee_https` with a feature flag

---
 r2/example.ini           | 5 ++++-
 r2/r2/controllers/api.py | 6 +++---
 r2/r2/lib/app_globals.py | 1 -
 r2/r2/models/account.py  | 3 ++-
 4 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/r2/example.ini b/r2/example.ini
index f44b53c7a..a861ee270 100644
--- a/r2/example.ini
+++ b/r2/example.ini
@@ -129,7 +129,6 @@ disable_ads = false
 disable_captcha = false
 disable_ratelimit = false
 disable_require_admin_otp = false
-disable_require_employee_https = false
 disable_wiki = false
 
 
@@ -672,4 +671,8 @@ cflag_lower_bound = 0.4
 cflag_upper_bound = 0.6
 
 feature_search_auto_restrict_sr = off
+
+# Availability for the "force HTTPS" option
 feature_allow_force_https = {"employee": true}
+# Who is required to use HTTPS?
+feature_require_https = off
diff --git a/r2/r2/controllers/api.py b/r2/r2/controllers/api.py
index 4f70686a5..1cff2a33b 100644
--- a/r2/r2/controllers/api.py
+++ b/r2/r2/controllers/api.py
@@ -1052,9 +1052,9 @@ class ApiController(RedditController):
         """
         if form.has_errors("curpass", errors.WRONG_PASSWORD):
             return
-        can_disable = g.disable_require_employee_https or not c.user.employee
-        if not force_https and not can_disable:
-            form.set_html(".status", _("employees are required to use HTTPS"))
+        if not force_https and feature.is_enabled("require_https"):
+            form.set_html(".status",
+                          _("you may not disable HTTPS on this account"))
             return
         c.user.pref_force_https = force_https
         # Most pages we'd try to frame would be http:, and most browsers
diff --git a/r2/r2/lib/app_globals.py b/r2/r2/lib/app_globals.py
index 5361b1778..6bea6b71f 100644
--- a/r2/r2/lib/app_globals.py
+++ b/r2/r2/lib/app_globals.py
@@ -213,7 +213,6 @@ class Globals(object):
             'disable_captcha',
             'disable_ads',
             'disable_require_admin_otp',
-            'disable_require_employee_https',
             'trust_local_proxies',
             'shard_link_vote_queues',
             'shard_commentstree_queues',
diff --git a/r2/r2/models/account.py b/r2/r2/models/account.py
index c18ab0cf0..81eef82f9 100644
--- a/r2/r2/models/account.py
+++ b/r2/r2/models/account.py
@@ -20,6 +20,7 @@
 # Inc. All Rights Reserved.
 ###############################################################################
 
+from r2.config import feature
 from r2.lib.db.thing     import Thing, Relation, NotFound
 from r2.lib.db.operators import lower
 from r2.lib.db.userrel   import UserRel
@@ -655,7 +656,7 @@ class Account(Thing):
     @property
     def https_forced(self):
         """Return whether this account may only be used via HTTPS."""
-        if not g.disable_require_employee_https and self.employee:
+        if feature.is_enabled_for("require_https", self):
             return True
         return self.pref_force_https