mirror of
https://github.com/wassname/flask-security.git
synced 2026-07-19 11:23:28 +08:00
correct roles_* decorator signature expectations
Having multiple RoleNeed objects in a Permission does not require all to be satisfied in order to .can(), but will return True if any are present. This makes the previous roles_required logic more elegant for roles_accepted. roles_required decorator needs to check all permissions individually and return only if all permissions exist
This commit is contained in:
@@ -28,6 +28,7 @@ def create_roles():
|
||||
def create_users():
|
||||
for u in (('matt@lp.com', 'password', ['admin'], True),
|
||||
('joe@lp.com', 'password', ['editor'], True),
|
||||
('dave@lp.com', 'password', ['admin', 'editor'], True),
|
||||
('jill@lp.com', 'password', ['author'], True),
|
||||
('tiya@lp.com', 'password', [], False)):
|
||||
current_app.security.datastore.create_user(
|
||||
@@ -96,6 +97,11 @@ def create_app(auth_config):
|
||||
def admin():
|
||||
return render_template('index.html', content='Admin Page')
|
||||
|
||||
@app.route('/admin_and_editor')
|
||||
@roles_required('admin', 'editor')
|
||||
def admin_and_editor():
|
||||
return render_template('index.html', content='Admin and Editor Page')
|
||||
|
||||
@app.route('/admin_or_editor')
|
||||
@roles_accepted('admin', 'editor')
|
||||
def admin_or_editor():
|
||||
|
||||
Reference in New Issue
Block a user