Created
November 7, 2019 00:48
-
-
Save Allianzcortex/374f3713ac3e0b898e978b0850865bb1 to your computer and use it in GitHub Desktop.
使用 __call__ 来控制基本权限
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 有一个装饰器 @require_user,这是对用户进行的权限管理。试想一下,一名用户可能会有多个角色 | |
| # 如果对这些角色每个都定义一个装饰器,就会造成太多的冗余和重复。在这种情况下我们来看看作者是怎么做的: | |
| # 定义了一个基本类 | |
| def __init__(self, role): | |
| self.role = role | |
| def __call__(self, method): | |
| @functools.wraps(method) | |
| def wrapper(*args, **kwargs): | |
| if not g.user: | |
| url = url_for('account.signin') | |
| if '?' not in url: | |
| url += '?next=' + request.url | |
| return redirect(url) | |
| if self.role is None: | |
| return method(*args, **kwargs) | |
| if g.user.id == 1: | |
| # this is superuser, have no limitation | |
| return method(*args, **kwargs) | |
| if g.user.role == 'new': | |
| flash(_('Please verify your email'), 'warn') | |
| return redirect(url_for('account.setting')) | |
| if g.user.role == 'spam': | |
| flash(_('You are a spammer'), 'error') | |
| return redirect('/') | |
| if self.roles[g.user.role] < self.roles[self.role]: | |
| return abort(403) | |
| return method(*args, **kwargs) | |
| return wrapper | |
| # 之后定义不同的权限限制 | |
| require_login = require_role(None) | |
| require_user = require_role('user') | |
| require_staff = require_role('staff') | |
| require_admin = require_role('admin') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment