如何使用Flask-USER管理來保護Flask-RESTful？

我有一組用戶角色，在Flask-User的網頁上進行佈局和保護。現在我想允許他們對我的API進行REST調用，它將使用@roles_required進行劃分以過濾請求。如何執行REST登錄並將標記\憑證傳遞給Flask-USER以使@roles_required正常工作？如何使用Flask-USER管理來保護Flask-RESTful？

來源

2017-07-31 DuckQueen

您必須檢查Dillon Dixan的資源庫，他在那裏提出了一個非常漂亮的示例，可幫助您完成您的查詢。下面是示例代碼：

from flask import Flask 
from flask_basic_roles import BasicRoleAuth 
app = Flask(__name__) 
auth = BasicRoleAuth() 

# Let's add some users. 
auth.add_user(user='bob', password='secret123', roles='producer') 
auth.add_user(user='alice', password='drowssap', roles=('producer','consumer')) 
auth.add_user(user='bill', password='54321') 
auth.add_user(user='steve', password='12345', roles='admin') 

# Only producers and admins can post, while consumers can only get. 
# Admins can also perform all other verbs. 
@app.route("/task") 
@auth.require(roles={ 
    'POST': 'producer', 
    'GET': 'consumer', 
    'DELETE,POST,PATCH,PUT,GET': 'admin' 
}) 
def tasks_endpoint(methods=(...)): 
    return "Here tasks get produced and consumed!" 

# We can secure by user too. Steve can use any verb on this 
# endpoint and everyone else is denied access. 
@app.route("/task_status") 
@auth.require(users='steve') 
def task_status_endpoint(methods=(...)): 
    return "Here are the task statuses!" 

# Alice, Bill and users with an 'admin' role can access this, while everyone 
# else is denied on all verbs. 
@app.route("/task_failures") 
@auth.require(users=('alice', 'bill'), roles='admin') 
def task_failures(methods=(...)): 
    return "Here are the task failures!" 

# Everyone including unauthenticated users can view task results. 
@app.route("/task_results") 
def task_results(methods=(...)): 
    return "Here are the task results!" 

if __name__ == "__main__": 
    app.run()

所有你需要做的就是安裝使用pip庫flask_basic_roles。休息你可以檢查的例子，當然會幫助你。

此外，您還可以參觀和看：https://github.com/raddevon/flask-permissions
請從這裏閱讀燒瓶權限：https://pythonhosted.org/Flask-Security/。

來源

2017-08-03 07:35:20

如何使用Flask-USER管理來保護Flask-RESTful？

回答

相關問題