From e07c4e423a99d8aff28cbc56826d8e137b2d5e5e Mon Sep 17 00:00:00 2001
From: Yannik Brunner <yannik.brunner@student.hpi.uni-potsdam.de>
Date: Mon, 5 Aug 2024 20:08:16 +0200
Subject: [PATCH 1/2] added check whether user has staff permission in
 middleware

---
 evap/staff/staff_mode.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/evap/staff/staff_mode.py b/evap/staff/staff_mode.py
index 0ba8300ba7..0eb06cedaf 100644
--- a/evap/staff/staff_mode.py
+++ b/evap/staff/staff_mode.py
@@ -15,6 +15,7 @@ def staff_mode_middleware(get_response):
     """
 
     def middleware(request):
+        print("jetzt hier")
         if is_in_staff_mode(request):
             current_time = time.time()
             if current_time <= request.session.get("staff_mode_start_time", 0) + STAFF_MODE_TIMEOUT:
@@ -52,6 +53,9 @@ def is_in_staff_mode(request):
 
 
 def update_staff_mode(request):
+    if not request.user.has_staff_permission: 
+        exit_staff_mode(request)
+        return
     assert request.user.has_staff_permission
 
     request.session["staff_mode_start_time"] = time.time()

From 9a6e6e7c08ced1204e4917c17fd2f637faec2ab6 Mon Sep 17 00:00:00 2001
From: Yannik Brunner <yannik.brunner@student.hpi.uni-potsdam.de>
Date: Mon, 25 Nov 2024 18:40:16 +0100
Subject: [PATCH 2/2] removed old print statement meant for debugging

---
 evap/staff/staff_mode.py | 1 -
 1 file changed, 1 deletion(-)

diff --git a/evap/staff/staff_mode.py b/evap/staff/staff_mode.py
index 0eb06cedaf..8b0a96bde7 100644
--- a/evap/staff/staff_mode.py
+++ b/evap/staff/staff_mode.py
@@ -15,7 +15,6 @@ def staff_mode_middleware(get_response):
     """
 
     def middleware(request):
-        print("jetzt hier")
         if is_in_staff_mode(request):
             current_time = time.time()
             if current_time <= request.session.get("staff_mode_start_time", 0) + STAFF_MODE_TIMEOUT: