diff options
Diffstat (limited to 'app/utils.py')
| -rw-r--r-- | app/utils.py | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/app/utils.py b/app/utils.py index 3a08535..e6a7c95 100644 --- a/app/utils.py +++ b/app/utils.py @@ -1,7 +1,9 @@ from functools import wraps -from flask import request, render_template, url_for +from flask import flash, request, render_template, url_for from flask import redirect as _redirect +from .login import current_user + def _gen_tpl(endpoint): return endpoint.replace('.', '/') + '.jinja' @@ -33,3 +35,29 @@ def redirect (target, **kwargs): return _redirect(url) else: return _redirect(url, code) + +def assert_authorisation(constructor, param): + def decorator(f): + @wraps(f) + def decorated_function(*args, **kwargs): + p = kwargs.get(param, None) + + if p is None: + raise TypeError("Keyword %s expected but not received." % param) + + obj = constructor(p) + if obj is None: + flash(u"Eintrag existiert nicht!", u'error') + return redirect('index') + + if not hasattr(obj, 'user_id'): + return f(*args, **kwargs) + + # explicitly use user_id to avoid having to load the user object + if obj.user_id != current_user.id: + flash(u"Nicht erlaubte Operation!", u'error') + return redirect('index') + else: + return f(*args, **kwargs) + return decorated_function + return decorator |