Use standard django authorization and Bridgekeeper in edx-platform

Description

Currently, edx-platform uses (in most places) an authorization pattern where a users role is checked before completing an action, rather than a named permission being checked to determine if the user has access.

This takes the form of something like:

if has_access(request.user, 'staff', course):
... do action

We would like to improve this by naming the actions, and then checking the permissions for those actions explicitly, like:

if request.user.has_perm('this_django_app.do_action', course):
... do action

The full rationale for this change is laid out in https://github.com/edx/edx-platform/blob/master/lms/djangoapps/courseware/docs/decisions/0002-permissions-via-django-rules.rst and https://github.com/edx/edx-platform/blob/master/lms/djangoapps/courseware/docs/decisions/0003-permissions-via-bridgekeeper.rst.

The tickets in this epic each deal with converting one instance of checking authorization by checking user roles to an instance of checking user permissions via user.has_perm.

Status

Assignee

Unassigned

Reporter

Calen Pennington

Labels

None

Priority

Unset

Epic Name

Authorization in edx-platform
Configure