diff options
| author |  Gareth Coles <[email protected]> | 2018-03-30 15:20:43 +0100 |
|---|---|---|
| committer | Gareth Coles <[email protected]> | 2018-03-30 15:20:43 +0100 |
| commit | 81a29c38f63b08f942bf64a8f2c0c82b5ce5384c (patch) | |
| tree | 0f4b1ea750973400d4021ccf3e49b8db9d52a00e | |
| parent | Collect all roles from users instead of just a single one (diff) | |
Decorator for routes that require a login with one of a set of roles
| -rw-r--r-- | pysite/constants.py | 1 | ||||
| -rw-r--r-- | pysite/decorators.py | 28 |
2 files changed, 25 insertions, 4 deletions
diff --git a/pysite/constants.py b/pysite/constants.py index 3ccebf18..6339267d 100644 --- a/pysite/constants.py +++ b/pysite/constants.py @@ -20,6 +20,7 @@ class ValidationTypes(Enum): OWNER_ROLE = 267627879762755584 ADMIN_ROLE = 267628507062992896 MODERATOR_ROLE = 267629731250176001 +DEVOPS_ROLE = 409416496733880320 HELPER_ROLE = 267630620367257601 SERVER_ID = 267624335836053506 diff --git a/pysite/decorators.py b/pysite/decorators.py index 447c17e4..3e07c6d2 100644 --- a/pysite/decorators.py +++ b/pysite/decorators.py @@ -2,14 +2,34 @@ import os from functools import wraps from json import JSONDecodeError -from typing import List -from flask import request +from flask import request, redirect, url_for from schema import Schema, SchemaError +from werkzeug.exceptions import Forbidden +from pysite.base_route import APIView, BaseView from pysite.constants import ErrorCodes, ValidationTypes +def require_roles(*roles: int): + def inner_decorator(f): + + @wraps(f) + def inner(self: BaseView, *args, **kwargs): + data = self.user_data + + if data: + for role in roles: + if role in data["roles"]: + return f(self, *args, **kwargs) + + raise Forbidden() + return redirect(url_for("discord.login")) + return inner + + return inner_decorator + + def api_key(f): """ Decorator to check if X-API-Key is valid. @@ -18,7 +38,7 @@ def api_key(f): """ @wraps(f) - def inner(self, *args, **kwargs): + def inner(self: APIView, *args, **kwargs): if not request.headers.get("X-API-Key") == os.environ.get("BOT_API_KEY"): return self.error(ErrorCodes.invalid_api_key) return f(self, *args, **kwargs) @@ -39,7 +59,7 @@ def api_params(schema: Schema, validation_type: ValidationTypes = ValidationType def inner_decorator(f): @wraps(f) - def inner(self, *args, **kwargs): + def inner(self: BaseView, *args, **kwargs): if validation_type == ValidationTypes.json: try: if not request.is_json: |