frest/decorators.py


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40

from flask import request, abort
from frest.auth.models import Token
from functools import wraps


def check_token(f):
    @wraps(f)
    def inner(*args, **kwargs):
        userid = request.url.split("/")[-1]
        headers = request.headers
        if not headers.get("Authorization"):
            abort(403)

        auth = request.headers.get("Authorization")
        token = Token.query.filter_by(string=auth).first()
        if not token:
            abort(403)

        if userid.isdigit():
            if int(userid) != token.user.userId and not token.user.is_admin:
                abort(403)

        return f(*args, **kwargs)

    return inner


def admin_required(f):
    @wraps(f)
    def inner(*args, **kwargs):
        header = request.headers

        auth = request.headers.get("Authorization")
        token = Token.query.filter_by(string=auth).first()
        if not token.user.is_admin:
            abort(403)

        return f(*args, **kwargs)

    return inner