56 lines
1.4 KiB
Python
56 lines
1.4 KiB
Python
from flask import abort, session, current_app
|
|
from flask_login import current_user
|
|
from flask_login.signals import user_logged_out
|
|
import requests
|
|
import functools
|
|
import time
|
|
|
|
|
|
def cap_check(capability, user=None):
|
|
'''Checks if specified user (or current user) has desired capacifier
|
|
capability'''
|
|
if not user and not current_user.is_authenticated:
|
|
return False
|
|
|
|
user = user or current_user.get_id()
|
|
|
|
cache_key = '{}-{}'.format(user, capability)
|
|
cached_cap = session.get('_caps', {}).get(cache_key, (False, 0))
|
|
|
|
if cached_cap[1] > time.time():
|
|
return cached_cap[0]
|
|
|
|
allowed = requests.get(
|
|
'https://capacifier.hackerspace.pl/%s/%s' % (capability, user)
|
|
).status_code == 200
|
|
|
|
if '_caps' not in session:
|
|
session['_caps'] = {}
|
|
|
|
session['_caps'][cache_key] = \
|
|
(allowed, time.time() + current_app.config.get('CAP_TTL', 3600))
|
|
|
|
return allowed
|
|
|
|
|
|
@user_logged_out.connect
|
|
def caps_cleanup(app, user):
|
|
# Cleanup caps cache
|
|
session.pop('_caps', None)
|
|
|
|
|
|
def cap_required(capability):
|
|
'''Decorator to check if user has desired capacifier capability, returns
|
|
403 otherwise'''
|
|
|
|
def inner(func):
|
|
@functools.wraps(func)
|
|
def wrapped(*args, **kwargs):
|
|
if not cap_check(capability):
|
|
abort(403)
|
|
|
|
return func(*args, **kwargs)
|
|
|
|
return wrapped
|
|
return inner
|