def go(*args, **kwargs): if 'role' in session and session['role'] == 'Admin': #if 'mod' in session: return fn(*args, **kwargs) else: raise err.Forbidden('You must be an admin to see this page' ) # proper would be 401 Unauthorized
def wrapped(*args, **kwargs): if not 'role' in session: return Response( 'Could not verify your access level for that URL.\n' 'You have to login with proper credentials', 401, {'WWW-Authenticate': 'Basic realm="Login Required"'}) if session['role'] not in roles: raise err.Forbidden( 'You do not have permission to access this page' ) # proper would be 401 Unauthorized return f(*args, **kwargs)
async def request(http, endpoint, obj=None): '''Used to request to the Discord API''' if http == 'POST': resp = await SESSION.post(API_BASE + endpoint, json=obj, headers=HEADERS) elif http == 'DELETE': resp = await SESSION.delete(API_BASE + endpoint, json=obj, headers=HEADERS) if resp.status == 204: return obj = await resp.json() print(resp) if 300 > resp.status >= 200: return #ok elif resp.status == 403: raise errors.Forbidden(resp, obj) elif resp.status == 404: raise errors.NotFound(resp, obj) elif resp.status == 429: raise errors.RateLimit(resp, obj)
pass elif self._allow_anonymous(request): request.user = AnonymousUser() else: raise exc_obj # first, make sure that the request carries `user` attribute ensure_user_obj() if self.authentication: # authentication handler is configured try: self.authentication.authenticate(request) except errors.Unauthorized, exc: # http request doesn't carry any authentication information anonymous_access(exc) else: # no authentication configured anonymous_access(errors.Forbidden()) def _check_permission(self, request): """ Check user permissions. @raise Forbidden if user doesn't have access to the resource. """ if self.access_controller: self.access_controller.check_perm(request, self) # # resource.py ends here