| 12345678910111213141516171819202122232425262728 |
- from functools import wraps
- from ninja.errors import HttpError
- from .authentication import AuthHttpRequest
- def has_permission(permissions: list[str]):
- """
- Check scoped permissions. At this time only token authentication is checked.
- Example: @has_permission(["event:write", "event:admin"])
- The decorated function requires at least one of the specified permissions.
- """
- def decorator(f):
- @wraps(f)
- async def decorated_function(request: AuthHttpRequest, *args, **kwargs):
- if request.auth.auth_type == "token":
- scopes = request.auth.data.get_scopes()
- if not any(s in permissions for s in scopes):
- raise HttpError(403, "Permission denied")
- return await f(request, *args, **kwargs)
- return decorated_function
- return decorator
|
