o Fý¤hiã@sHdZddlmZddlmZmZmZmZddlm Z dd„Z dd „Z d S) a+ security.py Purpose: Provide authentication and authorization decorators for views. This keeps access control concerns centralized and testable. Exports: - login_required(view): redirects to login if not authenticated - admin_required(view): ensures the current user has admin privileges é©Úwraps)ÚsessionÚredirectÚurl_forÚflashé)Úget_dbcótˆƒ‡fdd„ƒ}|S)Ncs"dtvr ttdƒƒSˆ|i|¤ŽS)NÚuser_idúviews.login_root)rrr)ÚargsÚkwargs©Ú view_func©ú%/var/www/html/app_modules/security.pyÚwrappers zlogin_required..wrapperr©rrrrrÚlogin_requiredsrcr )Ncsœdtvr ttdƒƒSz(tƒ}| dtdf¡ ¡}|r%t|dp!dƒdkr1tddƒttd ƒƒWSWntyFtddƒttd ƒƒYSwˆ|i|¤ŽS) Nr r z'SELECT is_admin FROM users WHERE id = ?Úis_adminrrz Nema ovlasti.Úerrorzviews.select_page) rrrr ÚexecuteÚfetchoneÚintrÚ Exception)r rÚdbÚrowrrrrs  þ  þzadmin_required..wrapperrrrrrÚadmin_requireds rN) Ú__doc__Ú functoolsrÚflaskrrrrrr rrrrrrÚs