def wraps(self, *args, **kwargs):
# Apply method permission name override if exists
permission_str = f"{PERMISSION_PREFIX}{f._permission_name}"
if self.method_permission_name:
_permission_name = self.method_permission_name.get(f.__name__)
if _permission_name:
permission_str = f"{PERMISSION_PREFIX}{_permission_name}"
class_permission_name = self.class_permission_name
# Check if permission is allowed on the class
if permission_str not in self.base_permissions:
return response_unauthorized(self)
# Check if the resource is public
if current_app.appbuilder.sm.is_item_public(
permission_str, class_permission_name):
return f(self, *args, **kwargs)
# if no browser login then verify JWT
if not (self.allow_browser_login or allow_browser_login):
verify_jwt_in_request()
# Verify resource access
if current_app.appbuilder.sm.has_access(permission_str,
class_permission_name):
return f(self, *args, **kwargs)
# If browser login?
elif self.allow_browser_login or allow_browser_login:
# no session cookie (but we allow it), then try JWT
if not current_user.is_authenticated:
verify_jwt_in_request()
if current_app.appbuilder.sm.has_access(
permission_str, class_permission_name):
return f(self, *args, **kwargs)
log.warning(
LOGMSG_ERR_SEC_ACCESS_DENIED.format(permission_str,
class_permission_name))
return response_unauthorized(self)
def wraps(self, *args, **kwargs):
permission_str = PERMISSION_PREFIX + f._permission_name
if self.appbuilder.sm.has_access(
permission_str, self.__class__.__name__):
return f(self, *args, **kwargs)
else:
logging.warning(LOGMSG_ERR_SEC_ACCESS_DENIED.format(
permission_str, self.__class__.__name__))
flash(as_unicode(FLAMSG_ERR_SEC_ACCESS_DENIED), "danger")
# adds next arg to forward to the original path once user is logged in.
return redirect(url_for(
self.appbuilder.sm.auth_view.__class__.__name__ + ".login",
next=request.path))
def wraps(self, *args, **kwargs):
permission_str = PERMISSION_PREFIX + f._permission_name
if self.appbuilder.sm.has_access(
permission_str, self.__class__.__name__):
return f(self, *args, **kwargs)
else:
logging.warning(LOGMSG_ERR_SEC_ACCESS_DENIED.format(
permission_str, self.__class__.__name__))
flash(as_unicode(FLAMSG_ERR_SEC_ACCESS_DENIED), "danger")
# adds next arg to forward to the original path once user is logged in.
return redirect(url_for(
self.appbuilder.sm.auth_view.__class__.__name__ + ".login",
next=request.path))
def wraps(self, *args, **kwargs):
permission_str = f"{PERMISSION_PREFIX}{f._permission_name}"
if self.method_permission_name:
_permission_name = self.method_permission_name.get(f.__name__)
if _permission_name:
permission_str = f"{PERMISSION_PREFIX}{_permission_name}"
if permission_str in self.base_permissions and self.appbuilder.sm.has_access(
permission_str, self.class_permission_name):
return f(self, *args, **kwargs)
else:
log.warning(
LOGMSG_ERR_SEC_ACCESS_DENIED.format(permission_str,
self.__class__.__name__))
return response_unauthorized_mvc()
def wraps(self, *args, **kwargs):
permission_str = f"{PERMISSION_PREFIX}{f._permission_name}"
if self.method_permission_name:
_permission_name = self.method_permission_name.get(f.__name__)
if _permission_name:
permission_str = f"{PERMISSION_PREFIX}{_permission_name}"
if permission_str in self.base_permissions and self.appbuilder.sm.has_access(
permission_str, self.class_permission_name):
return f(self, *args, **kwargs)
else:
log.warning(
LOGMSG_ERR_SEC_ACCESS_DENIED.format(permission_str,
self.__class__.__name__))
flash(as_unicode(FLAMSG_ERR_SEC_ACCESS_DENIED), "danger")
return redirect(
url_for(
self.appbuilder.sm.auth_view.__class__.__name__ + ".login",
next=request.url,
))
def wraps(self, *args, **kwargs):
permission_str = "{}{}".format(PERMISSION_PREFIX, f._permission_name)
if self.method_permission_name:
_permission_name = self.method_permission_name.get(f.__name__)
if _permission_name:
permission_str = "{}{}".format(PERMISSION_PREFIX,
_permission_name)
if (permission_str in self.base_permissions
and self.appbuilder.sm.has_access(permission_str,
self.class_permission_name)):
return f(self, *args, **kwargs)
else:
log.warning(
LOGMSG_ERR_SEC_ACCESS_DENIED.format(permission_str,
self.__class__.__name__))
response = make_response(
jsonify({
'message': str(FLAMSG_ERR_SEC_ACCESS_DENIED),
'severity': 'danger'
}), 401)
response.headers['Content-Type'] = "application/json"
return response
