Permissions#

Permissions determine whether a request should be granted or denied access. Unless otherwise noted, all of the classes below adhere to the Django REST Framework’s API for permission classes.

class IsStaff#

Allows access to “global” staff users..

has_permission(request, view)#

Return True if permission is granted, False otherwise.

class IsSuperuser#

Allows access only to superusers.

has_permission(request, view)#

Return True if permission is granted, False otherwise.

class IsUserInUrl#

Allows access if the requesting user matches the user in the URL.

has_permission(request, view)#

Return True if permission is granted, False otherwise.

class JwtHasContentOrgFilterForRequestedCourse#

The JWT used to authenticate contains the appropriate content provider filter for the requested course resource.

has_permission(request, view)#

Ensure that the course_id kwarg provided to the view contains one of the organizations specified in the content provider filters in the JWT used to authenticate.

class JwtHasScope#

The request is authenticated as a user and the token used has the right scope.

has_permission(request, view)#

Return True if permission is granted, False otherwise.

class JwtHasUserFilterForRequestedUser#

The JWT used to authenticate contains the appropriate user filter for the requested user resource.

has_permission(request, view)#

If the JWT has a user filter, verify that the filtered user value matches the user in the URL.

class JwtRestrictedApplication#

Allows access if the request was successfully authenticated with JwtAuthentication by a RestrictedApplication.

has_permission(request, view)#

Return True if permission is granted, False otherwise.

class LoginRedirectIfUnauthenticated#

A DRF permission class that will login redirect unauthorized users.

It can be used to convert a plain Django view that was using @login_required into a DRF APIView, which is useful to enable our DRF JwtAuthentication class.

Requires JwtRedirectToLoginIfUnauthenticatedMiddleware to work.

class NotJwtRestrictedApplication#

Allows access if either the request was not authenticated with JwtAuthentication, or if it was successfully authenticated with JwtAuthentication and the Jwt was not flagged as restricted.

Note: Anonymous access will also pass this permission.

has_permission(request, view)#

Return True if permission is granted, False otherwise.