def wrapped(*args, **kwargs): # user has no roles or no roles that match if not current_user.get_roles() or not ( list(set(roles) & set(current_user.get_roles()))): flash( "Not authorized. You do not have a role that allows access to this feature.", "warning", ) return redirect(url_for("index")) return f(*args, **kwargs)
def _authenticate(self): app = self.get_app() assert app, "Please initialize your application into Flask-RBAC." assert self._role_model, "Please set role model before authenticate." assert self._user_model, "Please set user model before authenticate." assert self._user_loader, "Please set user loader before authenticate." current_user = self._user_loader() if current_user is not None and not isinstance(current_user, self._user_model): return jsonify({"jsonrpc": "2.0", "result": False, "error": "%s is not an instance of %s" % (current_user, self._user_model.__class__)}), 401 endpoint = request.endpoint resource = app.view_functions.get(endpoint, None) if not resource: abort(404) method = request.method if not hasattr(current_user, 'get_roles'): roles = [anonymous] else: roles = current_user.get_roles() permit = self._check_permission(roles, method, resource) if not permit: return self._deny_hook()
def _authenticate(self): app = self.get_app() assert app, "Please initialize your application into Flask-RBAC." assert self._role_model, "Please set role model before authenticate." assert self._user_model, "Please set user model before authenticate." assert self._user_loader, "Please set user loader before authenticate." current_user = self._user_loader() if current_user is not None and not isinstance(current_user, self._user_model): raise TypeError("%s is not an instance of %s" % (current_user, self._user_model.__class__)) endpoint = request.endpoint resource = app.view_functions.get(endpoint, None) if not resource: abort(404) method = request.method if not hasattr(current_user, 'get_roles'): roles = [anonymous] else: roles = current_user.get_roles() permit = self._check_permission(roles, method, resource) if not permit: return self._deny_hook()
def register(): current_user.add_role('test') result = current_user.remove_role('athor') print(current_user.get_roles()) print(result) form = registerForm() if request.method == "POST": if form.validate_on_submit(): hashPassword = generate_password_hash( form.password.data, method='sha256') newUser = Users( username=form.username.data, email=form.email.data, password=hashPassword) db.session.add(newUser) db.session.commit() return jsonify( code=301, message="Registration Succesful") else: return jsonify( code=401, message="Validation Error", errors=form.errors) return render_template("admin-login.html", form=form)
def _authenticate(self): app = self.get_app() assert app, "Please initialize your application into Flask-RBAC." assert self._role_model, "Please set role model before authenticate." assert self._user_model, "Please set user model before authenticate." assert self._user_loader, "Please set user loader before authenticate." current_user = self._user_loader() # Compatible with flask-login anonymous user if hasattr(current_user, '_get_current_object'): current_user = current_user._get_current_object() if (current_user is not None and not isinstance(current_user, (self._user_model, anonymous_model))): raise TypeError("%s is not an instance of %s" % (current_user, self._user_model.__class__)) resource = request.endpoint if not resource: abort(404) method = request.method if not hasattr(current_user, 'get_roles'): roles = [anonymous] else: roles = current_user.get_roles() permit = self._check_permission(roles, method, resource) if not permit: return self._deny_hook()
def decorated_view(*args, **kwargs): if not current_user.is_authenticated: return flask_app.login_manager.unauthorized() uroles = current_user.get_roles() if (len(set(roles).intersection(uroles)) == 0) and ("ANY" not in roles): return flask_app.login_manager.unauthorized() return fn(*args, **kwargs)
def decorated_view(*args, **kwargs): if not (current_user and current_user.is_authenticated): return login_manager.unauthorized() if role not in current_user.get_roles(current_user.id): return login_manager.unauthorized() return func(*args, **kwargs)
def check(*args, **kwargs): if current_user.is_authenticated: if role in current_user.get_roles(): return function(*args, **kwargs) else: if role == "Merchant": flash('Permission Denied', "danger") if "Admin" in current_user.get_roles(): return redirect(url_for("admin.login")) elif "Delivery" in current_user.get_roles(): return redirect(url_for("delivery.login")) elif "User" in current_user.get_roles(): return redirect(url_for(".login")) else: flash('Permission Denied', "danger") return redirect(url_for(".dashboard")) return redirect(url_for(".login"))
def decorated_view(*args, **kwargs): if not current_user.is_authenticated: return login.unauthorized() urole = current_user.get_roles() if ((roles[0] not in urole) and (roles[0] != "ANY") and (roles[1] not in urole) and (roles[0] != "ANY")): print("Error!!!") return login.unauthorized_callback() return fn(*args, **kwargs)
def navbar_access(): uroles = current_user.get_roles() user_access = {} for page, auth_roles in PAGE_ACCESS.items(): if (len(set(uroles).intersection(auth_roles)) > 0) or ("ANY" in auth_roles): user_access[page] = True else: user_access[page] = False return user_access
def wrapped(*args, **kwargs): # Store whether or not the user is authenticated authenticated = current_user.is_authenticated # Check for an authenticated user with the proper roles if authenticated and set(roles).issubset(current_user.get_roles()): return f(*args, **kwargs) # Abort at this point as the user is not authorized abort(401)
def get_roles(self): try: if current_user.is_superuser(): return super().get_roles() except AttributeError: pass user_roles = current_user.get_roles() roles = super().get_roles() return { key: list(set(values) & set(user_roles)) for key, values in roles.items() }
def func_wrapper(*args, **kwargs): if config.LOGIN_DISABLED == 'True': return func(*args, **kwargs) if current_user.is_authenticated: current_app.logger.info('LIST OF ROLES: ' + str(current_user.get_roles())) if current_user.has_role(role): return func(*args, **kwargs) else: error = errors.get("verification_ui", "ADFS_ROLE_LOGGED_IN_ERROR", filler=str(role)) raise ApplicationError(*error) else: raise ApplicationError(*errors.get("verification_ui", "ADFS_ROLE_LOGGED_OUT_ERROR", filler=str(role)))
def user_info(): prepare = { "id": current_user.get_id(), "email": current_user.email, "username": current_user.username, "password_hash": current_user.password_hash, "is_active": current_user.is_active, "is_anonymous": current_user.is_anonymous, "is_authenticated": current_user.is_authenticated, "metadata": current_user.metadata.info, "uroles": current_user.get_roles(), } return jsonify(prepare)
def messages_delete(message_id): m = Message.query.get(message_id) topic_id = m.topic_id if "ADMIN" not in current_user.get_roles(): if str(m.account_id) != str(current_user.id): return redirect(url_for('messages_index', topic_id = topic_id)) # if user is ADMIN or the creator of the message db.session().delete(m) db.session().commit() return redirect(url_for('messages_index', topic_id = topic_id))
def get_highest_role(): """ If a user has more than one role pick the `highest` role :rtype string :return the role name for the current_user or None """ try: roles = current_user.get_roles() except Exception: return None if ROLE_ADMIN in roles: return ROLE_ADMIN if ROLE_TECHNICIAN in roles: return ROLE_TECHNICIAN return None
def profile_delete(account_id): # Tarkista että käyttäjän oma profiili if "ADMIN" not in current_user.get_roles(): if str(current_user.id) != str(account_id): return redirect( url_for('profile_settings', account_id=current_user.id)) # Hae user. Päivitä ennen jokaista jos tarve u = User.query.get(account_id) # Poista Category jonka account_id on account_id categories = u.categories for c in categories: c_topics = c.topics # Poista kategorian topicit for t in c_topics: c_t_messages = t.messages # Poista topicin viestit for m in c_t_messages: db.session().delete(m) db.session().delete(t) db.session().delete(c) # Poista Role jonka account_id on account_id roles = u.roles for r in roles: db.session().delete(r) # Poista Topic jonka account_id on account_id topics = u.topics for t in topics: t_messages = t.messages # Poista topicin viestit for m in t_messages: db.session().delete(m) db.session().delete(t) # Poista Message, jonka account_id on account_id messages = u.messages for m in messages: db.session().delete(m) # POISTA LOPUKSI USER db.session().delete(u) db.session().commit() return redirect(url_for('categories_index'))
def login(): if current_user.is_authenticated: return (403, 'USER_ALREADY_LOGGED_IN') email = request.form['email'] password = request.form['password'] remember = request.form['remember'] user = User.get(User.email == email) if bcrypt.check_password_hash(user.password, password): login_user(user, remember=remember) data = model_to_dict(user, exclude=[User.password]) if current_user.has_role('ADMIN'): data['roles'] = current_user.get_roles() else: data['roles'] = [] return data return abort(401, 'INCORRECT_PASSWORD')
def get_role_landing_page(): """ Get the landing page for a user with specific role :return None if the """ if not hasattr(current_user, 'roles'): return None roles = current_user.get_roles() if ROLE_ADMIN in roles: role_landing_page = url_for('admin') elif ROLE_TECHNICIAN in roles: role_landing_page = url_for('start_upload') elif ROLE_RESEARCHER_ONE in roles: role_landing_page = url_for('researcher_one') elif ROLE_RESEARCHER_TWO in roles: role_landing_page = url_for('researcher_two') return request.args.get('next') or role_landing_page
def decorated_view(*args, **kwargs): if not current_user: return login_manager.unauthorized() if not current_user.is_authenticated: return login_manager.unauthorized() unauthorized = False if role != "ANY": unauthorized = True for user_role in current_user.get_roles(): if user_role == role: unauthorized = False break if unauthorized: return login_manager.unauthorized() return fn(*args, **kwargs)
def get_highest_role(): """ If a user has more than one role pick the `highest` role :rtype string :return the role name for the current_user or None """ try: roles = current_user.get_roles() except Exception as exc: app.logger.debug("get_highest_role() problem: {}".format(exc)) return None if ROLE_ADMIN in roles: return ROLE_ADMIN if ROLE_TECHNICIAN in roles: return ROLE_TECHNICIAN if ROLE_RESEARCHER_ONE in roles: return ROLE_RESEARCHER_ONE if ROLE_RESEARCHER_TWO in roles: return ROLE_RESEARCHER_TWO return None
def _authenticate(self): app = self.get_app() assert app, "Please initialize your application into Flask-RBAC." assert self._role_model, "Please set role model before authenticate." assert self._user_model, "Please set user model before authenticate." assert self._user_loader, "Please set user loader before authenticate." current_user = self._user_loader() # Compatible with flask-login anonymous user if hasattr(current_user, '_get_current_object'): current_user = current_user._get_current_object() if (current_user is not None and not isinstance(current_user, (self._user_model, anonymous_model))): raise TypeError( "%s is not an instance of %s" % (current_user, self._user_model.__class__)) resource = request.endpoint if not resource: abort(404) method = request.method if not hasattr(current_user, 'get_roles'): roles = [anonymous] else: roles = current_user.get_roles() permit = self._check_permission(roles, method, resource) if not permit: return self._deny_hook()
def _fn(): is_authorized = any( [role in current_user.get_roles() for role in allowed_roles]) if not is_authorized: flash("You are not authorized to view this page.") return redirect(url_for('index')) if has_form: form = form_class()() html = "" if form.validate_on_submit(): data = { field.name: field.data for field in form if field.name not in ["submit", "csrf_token"] } ret = callback(data) html = ret if ret is not None else "" if redirect_index: flash("Form successfully submitted") return redirect(url_for('index')) else: html = callback({}) form = None return render_template_string(fread(template_path / 'form_template.html'), body=html, form=form, title=pretty_name, has_form=has_form)
def get_authorized(): roles = [role.name for role in current_user.get_roles()] return jsonify({'status': 200, 'message': HTTP_STATUS_CODES[200], 'roles': roles}), 200
def funcao_decorada(*args, **kwargs): if not any([role in current_user.get_roles() for role in roles]): return redirect(url_for('denied')) return f(*args, **kwargs)
def is_accessible(self): return 'dev' in current_user.get_roles( ) if current_user.is_authenticated else False
def endpoints(self): if current_user.is_superuser(): return super().endpoints() user_roles = current_user.get_roles() endpoints = super().endpoints() return self._filter(endpoints, user_roles)
def is_accessible(self): return "admin" in current_user.get_roles()
def index(): roles = current_user.get_roles() pages = registry.get_pages(roles) return render_template('index.html', pages=pages)