RestrictionService

class RestrictionService

Methods

create_entry_ticket	Create a short-lived entry ticket.
put_allowed_ip	Add a single IP range to a restriction.
delete_allowed_ip	Remove a single IP range from a restriction.
get_all_entries	List all enrolled students with their entry counts and overrides.
enter	Enter a restricted course, recording an entry event.
get_all_allowed_ips	Get all IP ranges for a restriction.
get	Get the full settings for a restriction (admin only).
patch	Update restriction settings.
patch_entry_override	Set or remove a per-student entry override for a restriction.
heartbeat	Send a heartbeat to keep an isolated exam session alive.

create_entry_ticket(json_body, *, restriction_id)

Create a short-lived entry ticket.

Authenticates the caller via bearer token, validates the password (when set), and pre-checks the entry limit so a dead ticket isn’t issued. Writes an unused ticket to Redis and returns the ticket string.

Rejects when the calling token is itself an exam token for this course, since activating another ticket would kill the active session.

Parameters:

• json_body (CreateEntryTicketRestrictionData) – The body of the request. See CreateEntryTicketRestrictionData for information about the possible fields. You can provide this data as a CreateEntryTicketRestrictionData or as a dictionary.

• restriction_id (str) – The id of the restriction.

• self (RestrictionService[AuthenticatedClient])

Returns:

A tagged response (EntryTicketResponse) carrying the ticket.

Return type:

EntryTicketResponse

put_allowed_ip(*, restriction_id, ip_range)

Add a single IP range to a restriction.

Parameters:

• restriction_id (str) – The id of the restriction.

• ip_range (str) – The IP range to add in CIDR notation.

• self (RestrictionService[AuthenticatedClient])

Returns:

The added IP range.

Return type:

IPRange

delete_allowed_ip(*, restriction_id, ip_range)

Remove a single IP range from a restriction.

Parameters:

• restriction_id (str) – The ID of the restriction.

• ip_range (str) – The IP range to remove.

• self (RestrictionService[AuthenticatedClient])

Returns:

An empty response.

Return type:

None

get_all_entries(*, restriction_id, q='', page_size=50)

List all enrolled students with their entry counts and overrides.

Parameters:

• restriction_id (str) – The ID of the restriction.

• q (str) – Only retrieve students whose name or username matches this value.

• page_size (int) – The size of a single page, maximum is 100.

• self (RestrictionService[AuthenticatedClient])

Returns:

A paginated list of entry overview entries per student.

Return type:

Response[EntryOverviewEntry]

enter(json_body, *, restriction_id)

Enter a restricted course, recording an entry event.

Two paths, dispatched on which field the body carries:

1. {password}: legacy entry. Authenticates with the caller’s bearer token and reuses it as the session token. 2. {entry_ticket}: activates a previously created entry ticket. The ticket is the credential, the Authorization header is ignored, and a new session token is created while every previously issued token for the user is invalidated.

Parameters:

• json_body (TypeAliasType) – The body of the request. See EnterRestrictionData for information about the possible fields. You can provide this data as a EnterRestrictionData or as a dictionary.

• restriction_id (str) – The ID of the restriction.

Returns:

A login response containing the (updated) access token.

Return type:

UserLoginResponse

get_all_allowed_ips(*, restriction_id, page_size=50)

Get all IP ranges for a restriction.

Parameters:

• restriction_id (str) – The ID of the restriction.

• page_size (int) – The size of a single page, maximum is 100.

• self (RestrictionService[AuthenticatedClient])

Returns:

A paginated list of IP ranges.

Return type:

Response[IPRange]

get(*, restriction_id)

Get the full settings for a restriction (admin only).

Parameters:

• restriction_id (str) – The id of the restriction.

• self (RestrictionService[AuthenticatedClient])

Returns:

The restriction object including the password.

Return type:

Restriction

patch(json_body, *, restriction_id)

Update restriction settings.

The request body mirrors the restriction JSON shape. All fields are optional; omitted fields are left unchanged.

Parameters:

• json_body (PatchRestrictionData) – The body of the request. See PatchRestrictionData for information about the possible fields. You can provide this data as a PatchRestrictionData or as a dictionary.

• restriction_id (str) – The id of the restriction.

• self (RestrictionService[AuthenticatedClient])

Returns:

The updated restriction.

Return type:

Restriction

patch_entry_override(json_body, *, restriction_id, user_id)

Set or remove a per-student entry override for a restriction.

Sending null removes the override row entirely (the student falls back to the global session_lockdown limit). Sending a positive integer creates or updates the override for this student.

Parameters:

• json_body (PatchEntryOverrideRestrictionData) – The body of the request. See PatchEntryOverrideRestrictionData for information about the possible fields. You can provide this data as a PatchEntryOverrideRestrictionData or as a dictionary.

• restriction_id (str) – The ID of the restriction.

• user_id (int) – The ID of the student.

• self (RestrictionService[AuthenticatedClient])

Returns:

The updated entry overview for this student.

Return type:

EntryOverviewEntry

heartbeat()

Send a heartbeat to keep an isolated exam session alive.

When heartbeat enforcement is active, the session’s expires_at is set to a short window (5 minutes). This endpoint extends it forward, capped by max_expires_at.

If the session is already expired, the auth flow rejects the request before it reaches this endpoint (401).

Returns:

The session’s expires_at after the refresh.

Parameters:

self (RestrictionService[AuthenticatedClient])

Return type:

HeartbeatResponse