Skip to content

E
edx-platform
Switch branch/tag
Find file
Normal viewHistoryPermalink
permissions.py 685 Bytes
Newer Older
Updated the permissions to all non staff users to get their entitlements
dbbe52ab
 
Albert St. Aubin committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 
"""
This module provides a custom DRF Permission class for supporting SAFE_METHODS to Authenticated Users, but
requiring Superuser access for all other Request types on an API endpoint.
"""

from rest_framework.permissions import BasePermission, SAFE_METHODS


class IsAdminOrAuthenticatedReadOnly(BasePermission):
    """
    Method that will require staff access for all methods not
    in the SAFE_METHODS list.  For example GET requests will not
    require a Staff or Admin user.
    """
    def has_permission(self, request, view):
        if request.method in SAFE_METHODS:
            return request.user.is_authenticated
        else:
            return request.user.is_staff