From 5af90fbef520d767783fbc72019de4ae21b03eb1 Mon Sep 17 00:00:00 2001
From: Asad Ali <asad.ali@arbisoft.com>
Date: Fri, 29 Nov 2024 19:01:51 +0500
Subject: [PATCH] chore: add permissions

---
 courses/views/v1/__init__.py | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/courses/views/v1/__init__.py b/courses/views/v1/__init__.py
index 27c88be20..db41df1da 100644
--- a/courses/views/v1/__init__.py
+++ b/courses/views/v1/__init__.py
@@ -4,7 +4,7 @@
 from mitol.digitalcredentials.mixins import DigitalCredentialsRequestViewSetMixin
 from rest_framework import status, viewsets
 from rest_framework.authentication import SessionAuthentication
-from rest_framework.permissions import IsAuthenticated
+from rest_framework.permissions import IsAdminUser, IsAuthenticated
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
@@ -210,13 +210,12 @@ class EmeritusCourseListView(APIView):
     ReadOnly View to list Emeritus courses.
     """
 
+    permission_classes = [IsAdminUser]
+
     def get(self, request, *args, **kwargs):  # noqa: ARG002
         """
         Get Emeritus courses list from the Emeritus API and return it.
         """
-        if not request.user.is_authenticated or not request.user.is_superuser:
-            return Response(status=status.HTTP_401_UNAUTHORIZED)
-
         try:
             data = fetch_emeritus_courses()
             return Response(data, status=status.HTTP_200_OK)