def tmp(*args, **kwargs):
def no_session():
if on_login:
return f(*args, **kwargs)
else:
redirect("/login")
cookie = request.get_cookie("session")
if cookie is None:
return no_session()
session = Session.objects(id=cookie).first()
if session is None:
return no_session()
user = session.user
if user is None:
return no_session()
if roles_require is not None:
if user['group'].name not in roles_require:
return "Access denied"
if(on_login):
redirect("/account")
else:
return f(user, *args, **kwargs)
def logout():
cookie = request.get_cookie("session")
session = Session.objects(id=cookie).delete()
redirect("/login")
