def tmp(*args, **kwargs): def no_session(): if on_login: return f(*args, **kwargs) else: redirect("/login") cookie = request.get_cookie("session") if cookie is None: return no_session() session = Session.objects(id=cookie).first() if session is None: return no_session() user = session.user if user is None: return no_session() if roles_require is not None: if user['group'].name not in roles_require: return "Access denied" if(on_login): redirect("/account") else: return f(user, *args, **kwargs)
def logout(): cookie = request.get_cookie("session") session = Session.objects(id=cookie).delete() redirect("/login")