Skip to content
Snippets Groups Projects
Select Git revision
  • master default
  • 2021.04.06
  • 2020.11.25
  • 2020.11.13
  • 2020.10.30
  • 2020.10.27
  • 2020.10.06
  • 2020.07.08
  • 2020.06.12
  • 2020.04.16
  • 2020.03.17
  • 2020.03.09
  • 2020.03.05
  • 2020.02.25
  • 2020.02.24
  • 0.29.0
  • 0.28.0
  • 0.27.1
  • 0.27.0
  • 0.26.1
  • 0.26.0
21 results
Blame Permalink
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
decorators.py 2.30 KiB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77 






# -*- coding: utf-8 -*-
"""
app.decorators
~~~~~~~~~~~~~~

This module defines some useful decorators.

:copyright: (c) 2017 European Spallation Source ERIC
:license: BSD 2-Clause, see LICENSE for more details.

"""
from functools import wraps
from flask import current_app, abort
from flask_login import current_user
from flask_jwt_extended import get_current_user
from .utils import CSEntryError


def jwt_groups_accepted(*groups):
    """Decorator which specifies that a user must have at least one of the specified groups.

    This shall be used for users logged in using a JWT (API).

    Example::
        @bp.route('/models', methods=['POST'])
        @jwt_required
        @jwt_groups_accepted('admin', 'create')
        def create_model():
            return create()

    The current user must be in either 'admin' or 'create' group
    to access this route.

    :param groups: accepted groups
    """
    def wrapper(fn):
        @wraps(fn)
        def decorated_view(*args, **kwargs):
            user = get_current_user()
            if user is None:
                raise CSEntryError('Invalid indentity', status_code=403)
            if not user.is_member_of_one_group(groups):
                raise CSEntryError("User doesn't have the required group", status_code=403)
            return fn(*args, **kwargs)
        return decorated_view
    return wrapper


def login_groups_accepted(*groups):
    """Decorator which specifies that a user must have at least one of the specified groups.

    This shall be used for users logged in using a cookie (web UI).

    Example::
        @bp.route('/models', methods=['POST'])
        @login_groups_accepted('admin', 'create')
        def create_model():
            return create()

    The current user must be in either 'admin' or 'create' group
    to access this route.
    This checks that the user is logged in. There is no need to
    use the @login_required decorator.

    :param groups: accepted groups
    """
    def wrapper(fn):
        @wraps(fn)
        def decorated_view(*args, **kwargs):
            if not current_user.is_authenticated:
                return current_app.login_manager.unauthorized()
            if not current_user.is_member_of_one_group(groups):
                abort(403)
            return fn(*args, **kwargs)
        return decorated_view
    return wrapper