def decorated(*args, **kwargs): user_role_repo = UserRoleRepo() role_repo = RoleRepo() user_id = Auth.user('id') user_role = user_role_repo.find_first(**{'user_id': user_id}) if not user_id: return make_response( jsonify({'msg': 'Missing User ID in token'})), 401 if not user_role: return make_response( jsonify({'msg': 'Access Error - No Role Granted'})), 401 if role_repo.get(user_role.role_id).name != role: return make_response( jsonify({ 'msg': 'Access Error - This role does not have the access rights' })), 401 return f(*args, **kwargs)
def __init__(self, request): BaseController.__init__(self, request) self.role_repo = RoleRepo() self.user_role_repo = UserRoleRepo() self.user_repo = UserRepo() self.permission_repo = PermissionRepo() self.redis_set = RedisSet()
def __init__(self, request): BaseController.__init__(self, request) self.role_repo = RoleRepo() self.user_role_repo = UserRoleRepo() self.permission_repo = PermissionRepo() self.andela_service = AndelaService()