Permissions¶
DRF¶
Module: keysmith.drf.permissions
RequireKeysmithToken¶
Requires request.auth to be a token instance.
- Missing →
NotAuthenticated+auth_failedaudit - Present → passes
HasKeysmithScopes¶
Checks token scope codenames against required_scopes.
Scope source precedence:
view.required_scopesif defined-
permission.required_scopeson the class/instance -
Missing scopes →
PermissionDenied
ScopedPermission¶
from keysmith.drf.permissions import ScopedPermission
ScopedPermission("write", "admin") # requires ALL scopes
Django¶
Module: keysmith.django.permissions
keysmith_scopes¶
from keysmith.django.permissions import keysmith_scopes
@keysmith_required
@keysmith_scopes("write")
def view(request): ...
@keysmith_scopes("read", "write") # requires ALL scopes
| Condition | Result |
|---|---|
No keysmith_token |
401 unauthorized |
| Missing scope codename | PermissionDenied (403) |
Compares against Permission.codename values on the token's scopes M2M.