这三种方法都可以应用于设置权限
方法一:封装成装饰器(推荐) 实际应用:运行时间、加载权重
from App.models import User
def login_required(fun):
def wrap(*args, **kwargs):
u_token = request.args.get("u_token")
users = User.query.filter(User.u_token == u_token).all()
if not users:
abort(401, message="用户身份失效")
user = users[0]
g.user = user
return fun(*args, **kwargs)
return wrap
def require_permission(permission):
def login_required(fun):
def wrap(*args, **kwargs):
u_token = request.args.get("u_token")
users = User.query.filter(User.u_token == u_token).all()
if not users:
abort(401, message="用户身份失效")
user = users[0]
if not user.check_permission(permission):
abort(403, message="你无权限操作此模块,请联系管理员")
g.user = user
return fun(*args, **kwargs)
return wrap
return login_required
"***********************不同的文件***************************"
from flask import request, g
from flask_restful import Resource
from App.apis.user_dectorator import login_required
from App.models import User
class BlogsResource(Resource):
@login_required
def post(self):
user = g.user
return {"msg": "哈哈%s" % user.u_name}
方法二:通过继承实现
from flask import request, g
from flask_restful import Resource, abort
from App.models import User
class BaseResource(Resource):
def check_login(self):
u_token = request.args.get("u_token")
users = User.query.filter(User.u_token == u_token).all()
if not users:
abort(401, message="用户身份失效")
user = users[0]
g.user = user
"***********************不同的文件***************************"
from App.apis.base_login_api import BaseResource
class CommentResource(BaseResource):
def post(self):
self.check_login()
return {"msg": "评论成功"}
方法三:钩子函数(中间件-AOP) 在request响应之前做操作(普通用户、VIP用户)
from flask import request, g
from flask_restful import abort
from App.models import User
PATH_LIST = ["/goods/"]
PERMISSION_BUY_LIST = []
def load_middleware(app):
@app.before_request
def before():
path = request.path
if path in PATH_LIST:
u_token = request.args.get("u_token")
users = User.query.filter(User.u_token == u_token).all()
if not users:
abort(401, message="用户身份失效")
user = users[0]