diff options
Diffstat (limited to 'api/hierarchy.py')
| -rw-r--r-- | api/hierarchy.py | 32 |
1 files changed, 18 insertions, 14 deletions
diff --git a/api/hierarchy.py b/api/hierarchy.py index 6844fe6..f080c45 100644 --- a/api/hierarchy.py +++ b/api/hierarchy.py @@ -4,24 +4,28 @@ from db import cursor ranks = ["none", "user", "moderator", "admin", "bot"] + # @auth_required function decorator (use after @flask.Blueprint.route() decorator) def auth_required(level): - def decorator(func): - def wrapper(): - token = request.cookies.get("token") or "" - if not token: return "", 403 + def decorator(func): + def wrapper(): + token = request.cookies.get("token") or "" + if not token: return "", 403 + + user_id = token_login(token) + if not user_id: return "", 403 - user_id = token_login(token) - if not user_id: return "", 403 + user_rank_text = cursor.execute( + "select type from users where user_id = ?", [user_id] + ).fetchone()[0] - user_rank_text = cursor.execute("select type from users where user_id = ?", [user_id]).fetchone()[0] + required_rank = ranks.index(level) + user_rank = ranks.index(user_rank_text) + if required_rank > user_rank: return "", 403 - required_rank = ranks.index(level) - user_rank = ranks.index(user_rank_text) - if required_rank > user_rank: return "", 403 + return func(user_id) - return func(user_id) - wrapper.__name__ = func.__name__ - return wrapper - return decorator + wrapper.__name__ = func.__name__ + return wrapper + return decorator |