Permissions

Permissions determine whether a request should be granted or denied access. Unless otherwise noted, all of the classes below adhere to the Django REST Framework’s API for permission classes.

class IsStaff

Allows access to “global” staff users..

class IsSuperuser

Allows access only to superusers.

class IsUserInUrl

Allows access if the requesting user matches the user in the URL.

class JwtHasContentOrgFilterForRequestedCourse

The JWT used to authenticate contains the appropriate content provider filter for the requested course resource.

has_permission(request, view)

Ensure that the course_id kwarg provided to the view contains one of the organizations specified in the content provider filters in the JWT used to authenticate.

class JwtHasScope

The request is authenticated as a user and the token used has the right scope.

class JwtHasUserFilterForRequestedUser

The JWT used to authenticate contains the appropriate user filter for the requested user resource.

has_permission(request, view)

If the JWT has a user filter, verify that the filtered user value matches the user in the URL.

class JwtRestrictedApplication

Returns whether the request was successfully authenticated with JwtAuthentication by a RestrictedApplication.