def user_required(*permissions):
def decorator(fn):
def wrapper(*args, **kwargs):
session_id = request.get_cookie("sid")
if not session_id:
return redirect("/login")
session = Session.get(session_id)
if not session:
return redirect("/login")
user = session.user.get()
if user is None:
return redirect("/login")
for permission in permissions:
if permission not in user.permissions:
return abort(403)
return fn(user, *args, **kwargs)
return wrapper
return decorator
# [END user-required]
# [START create-session]
评论列表
文章目录
