Role Verification
Role verification with proper permission. It also ipmpliments custom decorators for different roles. Also injects permission to mail app. Signed-off-by: kelepirci <ozkasgarli@gmail.com> Change-Id I95f00eb480128bb5a672f5e1f1f91503e6fe8f09
This commit is contained in:
parent
551cc3f5a7
commit
72f4ec9269
|
@ -0,0 +1,19 @@
|
|||
from functools import wraps
|
||||
from flask import abort
|
||||
from flask_login import current_user
|
||||
|
||||
from .models import Permission
|
||||
|
||||
def permission_required(permission):
|
||||
def decorator(f):
|
||||
@wraps(f)
|
||||
def decorated_function(*args, **kwargs):
|
||||
if not current_user.can(permission):
|
||||
abort(403)
|
||||
return f(*args, **kwargs)
|
||||
return decorated_function
|
||||
return decorator
|
||||
|
||||
def admin_required(f):
|
||||
return permission_required(Permission.ADMINISTER)(f)
|
||||
|
|
@ -1,5 +1,11 @@
|
|||
from flask import Blueprint
|
||||
|
||||
from ..models import Permission
|
||||
|
||||
main = Blueprint('main', __name__)
|
||||
|
||||
@main.app_context_processor
|
||||
def inject_permissions():
|
||||
return dict(Permission=Permission)
|
||||
|
||||
from . import views, errors
|
|
@ -4,11 +4,13 @@ from flask import render_template, session, redirect, url_for, current_app
|
|||
|
||||
from flask_login import login_required
|
||||
|
||||
|
||||
from .. import db
|
||||
from ..models import User
|
||||
from ..models import User, Permission
|
||||
from ..email import send_email
|
||||
from . import main
|
||||
from .forms import NameForm
|
||||
from ..decorators import admin_required, permission_required
|
||||
|
||||
|
||||
@main.route('/', methods=['GET', 'POST'])
|
||||
|
@ -19,4 +21,16 @@ def index():
|
|||
@main.route('/lockscreen')
|
||||
def lockscreen():
|
||||
current_user = User()
|
||||
return render_template('lockscreen.html', current_user=current_user)
|
||||
return render_template('lockscreen.html', current_user=current_user)
|
||||
|
||||
@main.route('/admin')
|
||||
@login_required
|
||||
@admin_required
|
||||
def for_admins_only():
|
||||
return "For administrators only!"
|
||||
|
||||
@main.route('/reseller')
|
||||
@login_required
|
||||
@permission_required(Permission.LIST_USER)
|
||||
def for_resellers_only():
|
||||
return "For resellers only! We mean it..."
|
|
@ -5,7 +5,7 @@ from itsdangerous import TimedJSONWebSignatureSerializer as Serializer
|
|||
|
||||
from flask import current_app
|
||||
|
||||
from flask_login import UserMixin
|
||||
from flask_login import UserMixin, AnonymousUserMixin
|
||||
|
||||
from . import db
|
||||
from . import login_manager
|
||||
|
@ -38,6 +38,7 @@ class Permission:
|
|||
MODIFY_TENANT_QUOTA = 0xB4
|
||||
|
||||
# administrator permissions
|
||||
ADMINISTER = 0xff
|
||||
|
||||
class Role(db.Model):
|
||||
__tablename__ = 'roles'
|
||||
|
@ -175,9 +176,25 @@ class User(UserMixin, db.Model):
|
|||
if self.role is None:
|
||||
self.role = Role.query.filter_by(default=True).first()
|
||||
|
||||
def can(self, permissions):
|
||||
return self.role is not None and \
|
||||
(self.role.permissions & permissions) == permissions
|
||||
|
||||
def is_administrator(self):
|
||||
return self.can(Permission.ADMINISTER)
|
||||
|
||||
def __repr__(self):
|
||||
return '<User %r>' % self.username
|
||||
|
||||
class AnonymousUser(AnonymousUserMixin):
|
||||
def can(self, permissions):
|
||||
return False
|
||||
|
||||
def is_administrator():
|
||||
return False
|
||||
|
||||
login_manager.anonymous_user = AnonymousUser
|
||||
|
||||
@login_manager.user_loader
|
||||
def load_user(user_id):
|
||||
return User.query.get(int(user_id))
|
Loading…
Reference in New Issue