Flask-User
Flask-User copied to clipboard
Published
20 hours ago •
lingthio
lingthio
Enhancement for roles
Hi everyone,
Sometimes may be useful to know about rights (roles) of a user for a particular view by its URL.
Something like this:
{% if current_user.can_view('myapp.list_objects') %}
<a href="{{ url_for('myapp.list_objects') }}">Link</a>
{% endif %}
Of course, we can write:
{% if current_user.has_roles('role1', 'role2') %}
...
And then for a view:
@myapp.route('/list')
@roles_required('role1', 'role2')
def list_objects():
...
But in this case, we have a duplicate list of roles and we need to maintain these two pieces.
I propose are two things:
- Modify the
@roles_requireddecorator for tracking views and their roles, e.g. like this:
def roles_required(*role_names):
def wrapper(func):
func.ROLES = role_names
@wraps(func)
def decorated_view(*args, **kwargs):
...
- Add
UserMixin.has_roles_for_viewmethod. Something like this:
def has_roles_for_view(self, url):
default = True # If it's not deny - is allow
try:
view_func = app.view_functions['users.users_list']
except KeyError:
return default
roles = getattr(view_func, 'ROLES', None)
if roles is None:
return default
return self.has_roles(*roles)
I can prepare PR with these changes if needed.
