def decorated_function(*args, **kwargs): res = _check_internal_request(request, session, False, True, SystemPermissions.PERMIT_ADMIN_USERS) # If not admin_users, allow GET and PUT for current user's record if res: allow = (request.method == 'GET' or request.method == 'PUT') and \ 'user_id' in kwargs and \ kwargs['user_id'] == get_session_user_id() if not allow: return res return f(*args, **kwargs)
def admin_login_required(): return _check_internal_request(request, session, True, True, 'admin_any')