def decorated_function(username, *args, **kwargs):
user = User.findOne(username=username, excludes=["password"])
if not user:
raise Unauthorized()
user_role = user.role
if user_role not in roles:
raise Forbidden()
return f(username, *args, **kwargs)
def decorator(*args, **kwargs):
auth_token = request.headers.get("Authorization")
if not auth_token:
raise Unauthorized
username = User.decode_auth_token(auth_token)
user = User.findOne(username=username)
if not user:
raise Unauthorized()
return f(username, *args, **kwargs)
def get_user(username):
"""
Gets a User.
---
tags:
- user
summary: Gets a User
parameters:
- id: username
in: path
description: The username of the user to be fetched.
required: true
schema:
type: string
responses:
200:
description: Successful Operation
content:
application/json:
schema:
type: object
properties:
status:
type: string
example: success
data:
$ref: "#components/schemas/User"
400:
description: Invalid username supplied
404:
description: User not found
"""
user = User.findOne(username=username, excludes=["password"])
if not user:
raise NotFound(description="User does not exist.")
res = {"status": "success", "data": user}
return res, 200