Source code for flask_stormpath.decorators

Custom decorators to make handling authentication and authorization

from functools import wraps

from flask import current_app
from flask_login import current_user

[docs]def groups_required(groups, all=True): """ This decorator requires that a user be part of one or more Groups before they are granted access. :param list groups: (required) A list of Groups to restrict access to. A group can be: - A Group object. - A Group name (as a string). - A Group href (as a string). :param bool all: (optional) Should we ensure the user is a member of every group listed? Default: True. If this is set to False, we'll let the user into the view if the user is part of at least one of the specified groups. Usage:: @groups_required(['admins', 'developers']) def private_view(): '''Only admins and developers will be able to visit this page.''' return 'hi!' """ def decorator(func): @wraps(func) def wrapper(*args, **kwargs): # If authentication stuff is disabled, do nothing. if current_app.login_manager._login_disabled: return func(*args, **kwargs) # If the user is NOT authenticated, this user is unauthorized. elif not current_user.is_authenticated(): return current_app.login_manager.unauthorized() # If the user authenticated, and the all flag is set, we need to # see if the user is a member of *ALL* groups. if all and not current_user.has_groups(groups): return current_app.login_manager.unauthorized() # If the all flag is NOT set, we need to make sure the user is a # member of at least one group. elif not current_user.has_groups(groups, all=False): return current_app.login_manager.unauthorized() # Lastly, if the user has successfully passsed all authentication / # authorization challenges, we'll allow them in. return func(*args, **kwargs) return wrapper return decorator