Permissions#
Permissions determine whether a request should be granted or denied access. Unless otherwise noted, all of the classes below adhere to the Django REST Framework’s API for permission classes.
- class IsStaff#
Allows access to “global” staff users..
- has_permission(request, view)#
Return True if permission is granted, False otherwise.
- class IsSuperuser#
Allows access only to superusers.
- has_permission(request, view)#
Return True if permission is granted, False otherwise.
- class IsUserInUrl#
Allows access if the requesting user matches the user in the URL.
- has_permission(request, view)#
Return True if permission is granted, False otherwise.
- class JwtHasContentOrgFilterForRequestedCourse#
The JWT used to authenticate contains the appropriate content provider filter for the requested course resource.
- has_permission(request, view)#
Ensure that the course_id kwarg provided to the view contains one of the organizations specified in the content provider filters in the JWT used to authenticate.
- class JwtHasScope#
The request is authenticated as a user and the token used has the right scope.
- has_permission(request, view)#
Return True if permission is granted, False otherwise.
- class JwtHasUserFilterForRequestedUser#
The JWT used to authenticate contains the appropriate user filter for the requested user resource.
- has_permission(request, view)#
If the JWT has a user filter, verify that the filtered user value matches the user in the URL.
- class JwtRestrictedApplication#
Allows access if the request was successfully authenticated with JwtAuthentication by a RestrictedApplication.
- has_permission(request, view)#
Return True if permission is granted, False otherwise.
- class LoginRedirectIfUnauthenticated#
A DRF permission class that will login redirect unauthorized users.
It can be used to convert a plain Django view that was using @login_required into a DRF APIView, which is useful to enable our DRF JwtAuthentication class.
Requires JwtRedirectToLoginIfUnauthenticatedMiddleware to work.
- class NotJwtRestrictedApplication#
Allows access if either the request was not authenticated with JwtAuthentication, or if it was successfully authenticated with JwtAuthentication and the Jwt was not flagged as restricted.
Note: Anonymous access will also pass this permission.
- has_permission(request, view)#
Return True if permission is granted, False otherwise.