def go(*args, **kwargs):
if 'role' in session and session['role'] == 'Admin':
#if 'mod' in session:
return fn(*args, **kwargs)
else:
raise err.Forbidden('You must be an admin to see this page'
) # proper would be 401 Unauthorized
def wrapped(*args, **kwargs):
if not 'role' in session:
return Response(
'Could not verify your access level for that URL.\n'
'You have to login with proper credentials', 401,
{'WWW-Authenticate': 'Basic realm="Login Required"'})
if session['role'] not in roles:
raise err.Forbidden(
'You do not have permission to access this page'
) # proper would be 401 Unauthorized
return f(*args, **kwargs)
async def request(http, endpoint, obj=None):
'''Used to request to the Discord API'''
if http == 'POST':
resp = await SESSION.post(API_BASE + endpoint, json=obj, headers=HEADERS)
elif http == 'DELETE':
resp = await SESSION.delete(API_BASE + endpoint, json=obj, headers=HEADERS)
if resp.status == 204:
return
obj = await resp.json()
print(resp)
if 300 > resp.status >= 200:
return #ok
elif resp.status == 403:
raise errors.Forbidden(resp, obj)
elif resp.status == 404:
raise errors.NotFound(resp, obj)
elif resp.status == 429:
raise errors.RateLimit(resp, obj)
pass
elif self._allow_anonymous(request):
request.user = AnonymousUser()
else:
raise exc_obj
# first, make sure that the request carries `user` attribute
ensure_user_obj()
if self.authentication:
# authentication handler is configured
try:
self.authentication.authenticate(request)
except errors.Unauthorized, exc:
# http request doesn't carry any authentication information
anonymous_access(exc)
else:
# no authentication configured
anonymous_access(errors.Forbidden())
def _check_permission(self, request):
""" Check user permissions.
@raise Forbidden if user doesn't have access to the resource.
"""
if self.access_controller:
self.access_controller.check_perm(request, self)
#
# resource.py ends here