6
我有一組用戶角色,在Flask-User的網頁上進行佈局和保護。現在我想允許他們對我的API進行REST調用,它將使用@roles_required
進行劃分以過濾請求。如何執行REST登錄並將標記\憑證傳遞給Flask-USER以使@roles_required
正常工作?如何使用Flask-USER管理來保護Flask-RESTful?
我有一組用戶角色,在Flask-User的網頁上進行佈局和保護。現在我想允許他們對我的API進行REST調用,它將使用@roles_required
進行劃分以過濾請求。如何執行REST登錄並將標記\憑證傳遞給Flask-USER以使@roles_required
正常工作?如何使用Flask-USER管理來保護Flask-RESTful?
您必須檢查Dillon Dixan的資源庫,他在那裏提出了一個非常漂亮的示例,可幫助您完成您的查詢。下面是示例代碼:
from flask import Flask
from flask_basic_roles import BasicRoleAuth
app = Flask(__name__)
auth = BasicRoleAuth()
# Let's add some users.
auth.add_user(user='bob', password='secret123', roles='producer')
auth.add_user(user='alice', password='drowssap', roles=('producer','consumer'))
auth.add_user(user='bill', password='54321')
auth.add_user(user='steve', password='12345', roles='admin')
# Only producers and admins can post, while consumers can only get.
# Admins can also perform all other verbs.
@app.route("/task")
@auth.require(roles={
'POST': 'producer',
'GET': 'consumer',
'DELETE,POST,PATCH,PUT,GET': 'admin'
})
def tasks_endpoint(methods=(...)):
return "Here tasks get produced and consumed!"
# We can secure by user too. Steve can use any verb on this
# endpoint and everyone else is denied access.
@app.route("/task_status")
@auth.require(users='steve')
def task_status_endpoint(methods=(...)):
return "Here are the task statuses!"
# Alice, Bill and users with an 'admin' role can access this, while everyone
# else is denied on all verbs.
@app.route("/task_failures")
@auth.require(users=('alice', 'bill'), roles='admin')
def task_failures(methods=(...)):
return "Here are the task failures!"
# Everyone including unauthenticated users can view task results.
@app.route("/task_results")
def task_results(methods=(...)):
return "Here are the task results!"
if __name__ == "__main__":
app.run()
所有你需要做的就是安裝使用pip
庫flask_basic_roles
。 休息你可以檢查的例子,當然會幫助你。
此外,您還可以參觀和看:https://github.com/raddevon/flask-permissions
請從這裏閱讀燒瓶權限:https://pythonhosted.org/Flask-Security/。