covid-19-detector/flask_app/decorators.py

from functools import wraps
from flask import abort, render_template
from flask_login import current_user
from .models import Permission
def permission_required(permission):
    def decorator(f):
        @wraps(f)
        def decorated_function(*args, **kwargs):
            if not current_user.is_authenticated:
                abort(403)
            if not current_user.can(permission):
                abort(403)
            if 'username' in kwargs and kwargs['username'] != current_user.username:
                return render_template('error.html')
            if 'docid' in kwargs and kwargs['docid'] != str(current_user.id):
                return render_template('error.html')
            if 'uid' in kwargs and kwargs['uid'] != str(current_user.id):
                return render_template('error.html')
            return f(*args, **kwargs)
        return decorated_function
    return decorator


def doctor_required(f):
    return permission_required(Permission.DETECT)(f)