pikram/user-microservice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added possibility to customize error messages

Browse Source
This commit is contained in:
Marcin-Ramotowski 2025-03-15 19:57:51 +00:00
parent 822ca69ccb
commit 796a8faf54
1 changed files with 4 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
api/user_views.py
View File

@ -5,23 +5,17 @@ from werkzeug.security import check_password_hash, generate_password_hash
user_bp = Blueprint('user_bp', __name__) user_bp = Blueprint('user_bp', __name__)
def admin_required(user_id): def admin_required(user_id, message='Access denied.'):
user = User.query.get(user_id) user = User.query.get(user_id)
if user is None or user.role != "Administrator": if user is None or user.role != "Administrator":
abort(403, {'error': f'Access denied.'}) abort(403, {'error': message})
def validate_access(owner_id): def validate_access(owner_id, message='Access denied.'):
# Check if user try to access or edit resource that does not belong to them # Check if user try to access or edit resource that does not belong to them
logged_user_id = int(get_jwt_identity()) logged_user_id = int(get_jwt_identity())
logged_user_role = User.query.get(logged_user_id).role logged_user_role = User.query.get(logged_user_id).role
if logged_user_role != "Administrator" and logged_user_id != owner_id: if logged_user_role != "Administrator" and logged_user_id != owner_id:
abort(403, {'error': f'Access denied.'}) abort(403, {'error': message})
@user_bp.errorhandler(403)
def forbidden_error(error):
response = jsonify(error.description)
response.status_code = 403
return response
@user_bp.route('/users', methods=['GET']) @user_bp.route('/users', methods=['GET'])
@jwt_required() @jwt_required()