根据session里面保存的管理员id查询出对于的角色,根据角色查询出权限,根据权限查询出能够访问的路径
# 权限控制装饰器def admin_auth(f): @wraps(f) def decorated_function(*args, **kwargs): # 让某个函数来继承我们的参数 admin = Admin.query.join( Role ).filter( Role.id == Admin.role_id, Admin.id == session[‘admin_id‘] ).first() auths = admin.role.auths auths = list(map(lambda v: int(v), auths.split(‘,‘))) auth_list = Auth.query().all() urls = [v.url for v in auth_list for val in auths if v.id == val.id] rule=request.url_rule if rule not in urls: abort(404) return f(*args, **kwargs) return decorated_function
原文地址:https://www.cnblogs.com/onlyhold/p/8724292.html
时间: 2024-11-02 22:51:25