feat: upgrading simple api to drf compatible.

lms/djangoapps/instructor/views/api.py

@@ -119,7 +119,7 @@
 from openedx.core.djangoapps.site_configuration import helpers as configuration_helpers
 from openedx.core.djangoapps.user_api.preferences.api import get_user_preference
 from openedx.core.djangolib.markup import HTML, Text
-from openedx.core.lib.api.authentication import BearerAuthenticationAllowInactiveUser, BearerAuthentication
+from openedx.core.lib.api.authentication import BearerAuthentication, BearerAuthenticationAllowInactiveUser
 from rest_framework.authentication import SessionAuthentication
 from openedx.core.lib.api.view_utils import DeveloperErrorViewMixin, view_auth_classes
 from openedx.core.lib.courses import get_course_by_id
@@ -233,6 +233,30 @@ def wrapped(*args, **kwargs):
  return decorator
 
 
+def verify_course_permission(permission):
+ """
+ Decorator with argument that requires a specific permission of the requesting
+ user. If the requirement is not satisfied, returns an
+ HttpResponseForbidden (403).
+ Assumes that request is in self.
+ Assumes that course_id is in kwargs['course_id'].
+ """
+
+ def decorator(func):
+ def wrapped(self, *args, **kwargs):
+ request = self.request
+ course = get_course_by_id(CourseKey.from_string(kwargs['course_id']))
+
+ if request.user.has_perm(permission, course):
+ return func(self, *args, **kwargs)
+ else:
+ return HttpResponseForbidden()
+
+ return wrapped
+
+ return decorator
+
+
 def require_sales_admin(func):
  """
  Decorator for checking sales administrator access before executing an HTTP endpoint. This decorator
@@ -1121,6 +1145,7 @@ def post(self, request, course_id):
  return Response(response_payload, status=status.HTTP_200_OK)
 
 
+
 class ProblemResponseReportPostParamsSerializer(serializers.Serializer): # pylint: disable=abstract-method
  """
  Serializer that describes that POST parameters for the report generation API.