Skip to content
Snippets Groups Projects
Select Git revision
  • 2da3aaa6f3212c5b4a0bdac661a2f44367ee38fb
  • master default protected
  • md-export
  • th/mail
  • 179-einladungen-zum-aushaengen-drucken
5 results

decorators.py

Blame
    • Code owners
    Assign users and groups as approvers for specific file changes. Learn more.
    decorators.py 2.97 KiB
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    63
    64
    65
    66
    67
    68
    69
    70
    71
    72
    73
    74
    75
    76
    77
    78
    79
    80
    81 
    

    

    

    from flask import redirect, flash, request, url_for

from functools import wraps

from models.database import ALL_MODELS
from shared import db, current_user

ID_KEY = "id"
KEY_NOT_PRESENT_MESSAGE = "Missing {}_id."
OBJECT_DOES_NOT_EXIST_MESSAGE = "There is no {} with id {}."

MISSING_VIEW_RIGHT = "Dir fehlenden die nötigen Zugriffsrechte."

def default_redirect():
    return redirect(request.args.get("next") or url_for("index"))

def login_redirect():
    return redirect(request.args.get("next") or url_for("login"))

def db_lookup(*models, check_exists=True):
    def _decorator(function):
        @wraps(function)
        def _decorated_function(*args, **kwargs):
            for model in models:
                key = model.__model_name__
                id_key = "{}_{}".format(key, ID_KEY)
                if id_key not in kwargs:
                    flash(KEY_NOT_PRESENT_MESSAGE.format(key), "alert-error")
                    return default_redirect()
                obj_id = kwargs[id_key]
                obj = model.query.filter_by(id=obj_id).first()
                if check_exists and obj is None:
                    model_name = model.__class__.__name__
                    flash(OBJECT_DOES_NOT_EXIST_MESSAGE.format(model_name, obj_id),
                        "alert-error")
                    return default_redirect()
                kwargs[key] = obj
                kwargs.pop(id_key)
            return function(*args, **kwargs)
        return _decorated_function
    return _decorator

def require_right(right, require_exist):
    necessary_right_name = "has_{}_right".format(right)
    def _decorator(function):
        @wraps(function)
        def _decorated_function(*args, **kwargs):
            user = current_user()
            for model in ALL_MODELS:
                model_name = model.__model_name__
                if model_name in kwargs:
                    model = kwargs[model_name]
                    if model is None:
                        if require_exist:
                            flash(MISSING_VIEW_RIGHT, "alert-error")
                            return login_redirect()
                        else:
                            continue
                    necessary_right = getattr(model, necessary_right_name)
                    if not necessary_right(user):
                        flash(MISSING_VIEW_RIGHT, "alert-error")
                        return login_redirect()
            return function(*args, **kwargs)
        return _decorated_function
    return _decorator

def require_public_view_right(require_exist=True):
    return require_right("public_view", require_exist)

def require_private_view_right(require_exist=True):
    return require_right("private_view", require_exist)

def require_modify_right(require_exist=True):
    return require_right("modify", require_exist)

def require_publish_right(require_exist=True):
    return require_right("publish", require_exist)

def require_admin_right(require_exist=True):
    return require_right("admin", require_exist)