def require(self, users=(), roles=(), test_auth=None, test_method=None):
"""
Authenticates/authorizes a request based on the content of the
request.authorization parameter.
users -- users permitted to call this method
roles -- roles permitted to call this method
test_auth -- credentials only for testing
test_method -- method only for testing
"""
users = self._process_targets(users)
roles = self._process_targets(roles)
def loaded_decorated(f):
@wraps(f)
def decorated(*args, **kwargs):
auth = test_auth or request.authorization
method = test_method.upper() if test_method else request.method
authenticated = auth and (auth.username in self.users) and \
self.users[auth.username] == auth.password
if not authenticated:
return self.no_authentication()
allowed_users = users[method] if users else None
allowed_roles = roles[method] if roles else None
if allowed_users or allowed_roles:
auth_as_user = auth.username in allowed_users
auth_as_role = allowed_roles & self.roles[auth.username]
if not auth_as_user and not auth_as_role:
return self.no_authorization()
return f(*args, **kwargs)
return decorated
return loaded_decorated
评论列表
文章目录
