Permissions¶
Permissions determine whether a request should be granted or denied access. Unless otherwise noted, all of the classes below adhere to the Django REST Framework’s API for permission classes.
-
class
IsStaff
¶ Allows access to “global” staff users..
-
has_permission
(request, view)¶ Return True if permission is granted, False otherwise.
-
-
class
IsSuperuser
¶ Allows access only to superusers.
-
has_permission
(request, view)¶ Return True if permission is granted, False otherwise.
-
-
class
IsUserInUrl
¶ Allows access if the requesting user matches the user in the URL.
-
has_permission
(request, view)¶ Return True if permission is granted, False otherwise.
-
-
class
JwtHasContentOrgFilterForRequestedCourse
¶ The JWT used to authenticate contains the appropriate content provider filter for the requested course resource.
-
has_permission
(request, view)¶ Ensure that the course_id kwarg provided to the view contains one of the organizations specified in the content provider filters in the JWT used to authenticate.
-
-
class
JwtHasScope
¶ The request is authenticated as a user and the token used has the right scope.
-
has_permission
(request, view)¶ Return True if permission is granted, False otherwise.
-
-
class
JwtHasUserFilterForRequestedUser
¶ The JWT used to authenticate contains the appropriate user filter for the requested user resource.
-
has_permission
(request, view)¶ If the JWT has a user filter, verify that the filtered user value matches the user in the URL.
-
-
class
JwtRestrictedApplication
¶ Allows access if the request was successfully authenticated with JwtAuthentication by a RestrictedApplication.
-
has_permission
(request, view)¶ Return True if permission is granted, False otherwise.
-
-
class
LoginRedirectIfUnauthenticated
¶ A DRF permission class that will login redirect unauthorized users.
It can be used to convert a plain Django view that was using @login_required into a DRF APIView, which is useful to enable our DRF JwtAuthentication class.
Requires JwtRedirectToLoginIfUnauthenticatedMiddleware to work.
-
class
NotJwtRestrictedApplication
¶ Allows access if either the request was not authenticated with JwtAuthentication, or if it was successfully authenticated with JwtAuthentication and the Jwt was not flagged as restricted.
Note: Anonymous access will also pass this permission.
-
has_permission
(request, view)¶ Return True if permission is granted, False otherwise.
-