def requires_roles(_roles):
"""
endpoint decorator to lock down an endpoint
on a set of roles (comma delimitered)
"""
def wrapper(fn):
@wraps(fn)
def decorator(*args, **kwargs):
if not _roles:
return fn(*args, **kwargs)
current_user = query_current_user()
if not current_user:
abort_unauthorized("You do not have access to this resource."
" It requires role '%s'" % _roles)
required_roles = set(_roles.split(","))
user_roles = set(current_user.get("roles", []))
if not required_roles.intersection(user_roles):
log.warning("User does not have the needed roles for this "
"call. User roles = '%s', Required roles = "
"'%s'. current_user = '%s'",
current_user.get("roles", ""),
_roles, repr(current_user))
abort_unauthorized("You do not have access to this resource. "
"It requires role '%s'" % _roles)
return fn(*args, **kwargs)
return decorator
return wrapper
# List of open endpoints, i.e. not requiring a valid JWT.
评论列表
文章目录
