Add decorator for role protection

2018-09-23 01:33:31 +02:00 · 2018-09-23 01:33:31 +02:00 · bea29b4e42
parent 562e2653c9
commit bea29b4e42
2 changed files with 18 additions and 1 deletions
--- a/app/api/init.py
+++ b/app/api/init.py
@ -33,6 +33,22 @@ def protected(func):
    return protected_function


+def requires_permission(permission, action_name='Action'):
+    def requires_permission_decorator(func):
+        @wraps(func)
+        def permission_protected_function(*args, **kwargs):
+            if permission not in g.current_account.role.permissions:
+                abort(403,
+                      message=(action_name+' is not allowed'),
+                      status='error')
+
+            return func(*args, **kwargs)
+
+        return permission_protected_function
+
+    return requires_permission_decorator
+
+
 class ProtectedResource(Resource):
    method_decorators = [protected]

--- a/app/api/resources/account.py
+++ b/app/api/resources/account.py
@ -4,7 +4,7 @@ from marshmallow import Schema, fields
 from webargs.flaskparser import use_args
 from flasgger import swag_from
 import app.accounts as accounts
-from app.api import ProtectedResource
+from app.api import ProtectedResource, requires_permission


 class UserSchema(Schema):
@ -65,6 +65,7 @@ class RoleResource(ProtectedResource):
 class RolesResource(ProtectedResource):
    @use_args(RoleCreationWrapperSchema())
    @swag_from('swagger/create_role_spec.yaml')
+    @requires_permission('CREATE_ROLE', 'Role creation')
    def post(self, args):
        args = args['role']
        success = accounts.create_role(args['display_name'],