'Flask endpoint admin authority
I have two users "admin" and "normal user". I created "rollId" for admin auth. For ex. admin's "rollId" is 1 and other one 0. Now, I want only the "normal user" to see the restaurants. I tried that;
This is my User model:
class User(Model):
""" User model for storing user related data """
id = Column(db.Integer, primary_key=True)
email = Column(db.String(64), unique=True, index=True)
username = Column(db.String(15), unique=True, index=True)
name = Column(db.String(64))
password_hash = Column(db.String(128))
joined_date = Column(db.DateTime, default=datetime.utcnow)
roleId = Column(db.Integer)
clientService:
class ClientService:
@staticmethod
def get_all_restorants():
if not (restorants := Restorant.query.all()):
return err_resp("No restorant defined", 404)
try:
response = []
for restorant in restorants:
restorant_info = {"id": restorant.id, "name": restorant.name}
response.append(restorant_info)
resp = message(True, response)
return resp, 200
except Exception as e:
print("Error User:", e)
current_app.logger.error(e)
return internal_err_resp()
And controller:
@api.route("/getRestorants")
class Client(Resource):
@api.doc("get all restorants", response={
200: ("Success"),
400: "Service not available",
})
@jwt_required()
def get(self):
if User.roleId == 1:
return err_resp("You are not authorized", 401)
else:
try:
return ClientService.get_all_restorants()
except Exception as e:
print("Error User:", e)
It doesn't matter to me what the role is, I get the following output every time. I want it to give an error when rollid = 1.
{
"status": true,
"response": [
{
"id": 4,
"name": "Dombili Burger"
},
{
"id": 5,
"name": "Dumblemumble"
}
]
}
What is my problem?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|