-
Notifications
You must be signed in to change notification settings - Fork 30
/
Copy pathdecorators.py
66 lines (48 loc) · 2.13 KB
/
decorators.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
"""
Custom decorators to make handling authentication and authorization
simpler.
"""
from functools import wraps
from flask import current_app
from flask_login import current_user
def groups_required(groups, all=True):
"""
This decorator requires that a user be part of one or more Groups before
they are granted access.
:param list groups: (required) A list of Groups to restrict access to. A
group can be:
- A Group object.
- A Group name (as a string).
- A Group href (as a string).
:param bool all: (optional) Should we ensure the user is a member of every
group listed? Default: True. If this is set to False, we'll let the
user into the view if the user is part of at least one of the specified
groups.
Usage::
@groups_required(['admins', 'developers'])
def private_view():
'''Only admins and developers will be able to visit this page.'''
return 'hi!'
"""
def decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
# If authentication stuff is disabled, do nothing.
if current_app.login_manager._login_disabled:
return func(*args, **kwargs)
# If the user is NOT authenticated, this user is unauthorized.
elif not current_user.is_authenticated:
return current_app.login_manager.unauthorized()
# If the user authenticated, and the all flag is set, we need to
# see if the user is a member of *ALL* groups.
if all and not current_user.has_groups(groups):
return current_app.login_manager.unauthorized()
# If the all flag is NOT set, we need to make sure the user is a
# member of at least one group.
elif not current_user.has_groups(groups, all=False):
return current_app.login_manager.unauthorized()
# Lastly, if the user has successfully passsed all authentication /
# authorization challenges, we'll allow them in.
return func(*args, **kwargs)
return wrapper
return decorator