def get_current_user(): app = server.get_app() dbo = app.user_dbo token = request.headers['X-API-KEY'] user = dbo.read_by_key(token) return user
def decorated(*args, **kwargs): app = server.get_app() dbo = app.user_dbo token = request.headers['X-API-KEY'] user = dbo.read_by_key(token) user_role = UserRole.select().where(UserRole.id==user.role_id).get() if not user_role.role in roles: return {'message' : 'You are not authorized.'}, 401 return f(*args, **kwargs)
def decorated(*args, **kwargs): app = server.get_app() dbo = app.user_dbo user = dbo.read_by_id(current_user.id) user_role = UserRole.select().where( UserRole.id == user.role_id).get() if not user_role.role in roles: message = "Unauthorized" description = "You do not have authorization to enter this page" return render_message(message, description) return f(*args, **kwargs)
def decorated(*args, **kwargs): app = server.get_app() dbo = app.user_dbo token = None if 'X-API-KEY' in request.headers: token = request.headers['X-API-KEY'] if not token: return {'message' : 'Key is missing.'}, 401 if not dbo.verify_key(token): return {'message' : 'Invalid credentials!!!'}, 401 return f(*args, **kwargs)
# -*- coding: utf-8 -*- # app/api/supervisor.py from flask import request from flask_restplus import Resource, fields from playhouse.shortcuts import model_to_dict from app.server import server from app.models import OrderState from .utils import token_required, role_required, get_current_user api = server.get_api() app = server.get_app() ns = server.get_namespace("supervisor") @ns.route('/states') class SupervisorStateCollectionResource(Resource): @api.doc(security='apikey') @token_required def get(self): result = list() states = OrderState.select() for state in states: result.append(state.state) return result