This commit is contained in:
Matt Wright
2012-03-08 17:36:08 -05:00
parent 7ea3929718
commit 9c8b8b8e39
2 changed files with 14 additions and 16 deletions
+12 -14
View File
@@ -118,19 +118,18 @@ def roles_required(*args):
def wrapper(fn):
@wraps(fn)
def decorated_view(*args, **kwargs):
if current_user.is_authenticated() and perm.can():
if not current_user.is_authenticated():
c = current_app.config[AUTH_CONFIG_KEY]
return redirect(c[LOGIN_VIEW_KEY])
if perm.can():
return fn(*args, **kwargs)
logger.debug('Identity does not provide all of the '
'following roles: %s' % [r for r in roles])
flash(FLASH_PERMISSIONS, 'error')
if current_user.is_authenticated():
return redirect(request.referrer)
c = current_app.config[AUTH_CONFIG_KEY]
return redirect(c[LOGIN_VIEW_KEY])
return redirect(request.referrer or '/')
return decorated_view
return wrapper
@@ -140,20 +139,19 @@ def roles_accepted(*args):
def wrapper(fn):
@wraps(fn)
def decorated_view(*args, **kwargs):
if not current_user.is_authenticated():
c = current_app.config[AUTH_CONFIG_KEY]
return redirect(c[LOGIN_VIEW_KEY])
for perm in perms:
if current_user.is_authenticated() and perm.can():
if perm.can():
return fn(*args, **kwargs)
logger.debug('Identity does not provide at least one of '
'the following roles: %s' % [r for r in roles])
flash(FLASH_PERMISSIONS, 'error')
if current_user.is_authenticated():
return redirect(request.referrer)
c = current_app.config[AUTH_CONFIG_KEY]
return redirect(c[LOGIN_VIEW_KEY])
return redirect(request.referrer or '/')
return decorated_view
return wrapper
+2 -2
View File
@@ -87,7 +87,7 @@ class DefaultSecurityTests(SecurityTest):
def test_invalid_admin_role(self):
self.authenticate("joe", "password")
r = self._get("/admin", follow_redirects=True)
assert 'Login Page' in r.data
assert 'Home Page' in r.data
def test_roles_accepted(self):
for user in ("matt", "joe"):
@@ -98,7 +98,7 @@ class DefaultSecurityTests(SecurityTest):
self.authenticate("jill", "password")
r = self._get("/admin_or_editor", follow_redirects=True)
self.assertIn('Login Page', r.data)
self.assertIn('Home Page', r.data)
class ConfiguredSecurityTests(SecurityTest):