-
Notifications
You must be signed in to change notification settings - Fork 1
@role_required
Julien Pilla edited this page Apr 13, 2018
·
4 revisions
@role_required(*role_names) is a Python decorator that will check the user roles to ensure s·he has the right to access a given resource.
If the user doesn't have the required roles or is anonymous, it will be either redirected to "/", either given a JSON response with a 401 status @auth.login_required is also used.
Examples:
@app_bp.route('/users')
@role_required('admin')
def users():
"""
I can neither be accessed by a student nor a teacher
"""
return render_template('admin/users.html')@app_api.route('/user/<user_id>/grades')
@auth.login_required
@role_required('teacher')
def api_check_student_grades(user_id):
"""
I cannot be accessed by a student
As every admin also has a teacher role, so it's ok.
"""
return {"data": [10, 15]}