Coverage for app_modules/security.py: 88%

26 statements  

« prev     ^ index     » next       coverage.py v7.10.4, created at 2025-08-20 00:55 +0200

1""" 

2security.py 

3 

4Purpose: 

5 Provide authentication and authorization decorators for views. This keeps 

6 access control concerns centralized and testable. 

7 

8Exports: 

9 - login_required(view): redirects to login if not authenticated 

10 - admin_required(view): ensures the current user has admin privileges 

11""" 

12 

13from functools import wraps 

14from flask import session, redirect, url_for, flash 

15from .db import get_db 

16 

17 

18def login_required(view_func): 

19 @wraps(view_func) 

20 def wrapper(*args, **kwargs): 

21 if 'user_id' not in session: 

22 return redirect(url_for('views.login_root')) 

23 return view_func(*args, **kwargs) 

24 return wrapper 

25 

26 

27def admin_required(view_func): 

28 @wraps(view_func) 

29 def wrapper(*args, **kwargs): 

30 if 'user_id' not in session: 

31 return redirect(url_for('views.login_root')) 

32 try: 

33 db = get_db() 

34 row = db.execute('SELECT is_admin FROM users WHERE id = ?', (session['user_id'],)).fetchone() 

35 if not row or int(row['is_admin'] or 0) != 1: 

36 flash('Nema ovlasti.', 'error') 

37 return redirect(url_for('views.select_page')) 

38 except Exception: 

39 flash('Nema ovlasti.', 'error') 

40 return redirect(url_for('views.select_page')) 

41 return view_func(*args, **kwargs) 

42 return wrapper 

43 

44