diff options
Diffstat (limited to 'gn_auth/auth/authorisation/users/admin/ui.py')
-rw-r--r-- | gn_auth/auth/authorisation/users/admin/ui.py | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/gn_auth/auth/authorisation/users/admin/ui.py b/gn_auth/auth/authorisation/users/admin/ui.py new file mode 100644 index 0000000..242c7a6 --- /dev/null +++ b/gn_auth/auth/authorisation/users/admin/ui.py @@ -0,0 +1,27 @@ +"""UI utilities for the auth system.""" +from functools import wraps +from flask import flash, url_for, redirect + +from gn3.auth.authentication.users import User +from gn3.auth.db_utils import with_db_connection +from gn3.auth.authorisation.roles.models import user_roles + +from gn3.session import logged_in, session_user, clear_session_info + +def is_admin(func): + """Verify user is a system admin.""" + @wraps(func) + @logged_in + def __admin__(*args, **kwargs): + admin_roles = [ + role for role in with_db_connection( + lambda conn: user_roles( + conn, User(**session_user()))) + if role.role_name == "system-administrator"] + if len(admin_roles) > 0: + return func(*args, **kwargs) + flash("Expected a system administrator.", "alert-danger") + flash("You have been logged out of the system.", "alert-info") + clear_session_info() + return redirect(url_for("oauth2.admin.login")) + return __admin__ |