blob: 43ca0a2cdd8f1cad9bcb0a77497de1246b07d4e3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
"""UI utilities for the auth system."""
from functools import wraps
from flask import flash, request, url_for, redirect
from gn_auth.session import logged_in, session_user, clear_session_info
from gn_auth.auth.authorisation.resources.system.models import (
user_roles_on_system)
from ....authentication.users import User
from ....db.sqlite3 import with_db_connection
def is_admin(func):
"""Verify user is a system admin."""
@wraps(func)
@logged_in
def __admin__(*args, **kwargs):
admin_roles = [
role for role in with_db_connection(
lambda conn: user_roles_on_system(
conn, User(**session_user())))
if role.role_name == "system-administrator"]
if len(admin_roles) > 0:
return func(*args, **kwargs)
flash("Expected a system administrator.", "alert-danger")
flash("You have been logged out of the system.", "alert-info")
clear_session_info()
return redirect(url_for("oauth2.admin.login", **dict(request.args)))
return __admin__
|