Andal.LND/edx-platform
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
079f43f40d399cfc0da17039b6dede4e06bda2fb
edx-platform/common/djangoapps/entitlements/rest_api/v1/permissions.py
Albert (AJ) St. Aubin e91c837173 Added Python API and renamed rest_api folder 
[MICROBA-281]
2020-06-04 12:44:06 -04:00

23 lines
815 B
Python
Raw Blame History

"""
This module provides a custom DRF Permission class for supporting SAFE_METHODS to Authenticated Users, but
requiring Superuser access for all other Request types on an API endpoint.
"""
from rest_framework.permissions import SAFE_METHODS, BasePermission
from lms.djangoapps.courseware.access import has_access
class IsAdminOrSupportOrAuthenticatedReadOnly(BasePermission):
"""
Method that will require admin or support access for all methods not
in the SAFE_METHODS list. For example GET requests will not
require an Admin or Support user.
"""
def has_permission(self, request, view):
if request.method in SAFE_METHODS:
return request.user.is_authenticated
else:
return request.user.is_staff or has_access(request.user, "support", "global")
Reference in New Issue View Git Blame Copy Permalink