Decorators¶
-
class
keg_auth.libs.decorators.RequiresPermissions(condition, on_authentication_failure=None, on_authorization_failure=None, http_methods_excluded=None, request_loaders=None)¶ Require a user to be conditionally authorized before proceeding to decorated target. May be used as a class decorator or method decorator.
Usage: @requires_permissions(condition)
- Note: if using along with a route decorator (e.g. Blueprint.route), requires_permissions
- should be the closest decorator to the method
Examples: - @requires_permissions((‘token1’, ‘token2’)) - @requires_permissions(has_any(‘token1’, ‘token2’)) - @requires_permissions(has_all(‘token1’, ‘token2’)) - @requires_permissions(has_all(has_any(‘token1’, ‘token2’), ‘token3’)) - @requires_permissions(custom_authorization_callable that takes user arg) - @requires_permissions(‘token1’, on_authorization_failure=lambda: flask.abort(404))
-
class
keg_auth.libs.decorators.RequiresUser(on_authentication_failure=None, http_methods_excluded=None, request_loaders=None)¶ Require a user to be authenticated before proceeding to decorated target. May be used as a class decorator or method decorator.
Usage: @requires_user
- Note: if using along with a route decorator (e.g. Blueprint.route), requires_user
- should be the closest decorator to the method
Examples: - @requires_user - @requires_user() - @requires_user(on_authentication_failure=lambda: flask.abort(400)) - @requires_user(http_methods_excluded=[‘OPTIONS’]) - @requires_user(request_loaders=[JwtRequestLoader])
-
keg_auth.libs.decorators.requires_permissions¶
-
keg_auth.libs.decorators.requires_user(arg=None, *args, **kwargs)¶ Require a user to be authenticated before proceeding to decorated target. May be used as a class decorator or method decorator.
Usage: @requires_user OR @requires_user() (both usage forms are identical)
- Parameters:
- on_authentication_failure: method called on authentication failures. If one is not
- specified, behavior is derived from login manager (redirect or 401)
- on_authorization_failure: method called on authorization failures. If one is not
- specified, response will be 403
