30 lines
810 B
Python
30 lines
810 B
Python
# app/utils/decorators.py
|
|
from functools import wraps
|
|
from flask_jwt_extended import get_jwt
|
|
from flask import jsonify
|
|
|
|
|
|
def role_required(*roles):
|
|
"""
|
|
自定义装饰器:检查用户角色
|
|
使用方法: @role_required('super_admin', 'finance')
|
|
"""
|
|
|
|
def wrapper(fn):
|
|
@wraps(fn)
|
|
def decorator(*args, **kwargs):
|
|
claims = get_jwt()
|
|
user_role = claims.get('role')
|
|
|
|
# 如果是超级管理员,拥有上帝视角,直接放行 (可选)
|
|
if user_role == 'super_admin':
|
|
return fn(*args, **kwargs)
|
|
|
|
if user_role not in roles:
|
|
return jsonify(msg='权限不足:您没有访问此资源的权限'), 403
|
|
|
|
return fn(*args, **kwargs)
|
|
|
|
return decorator
|
|
|
|
return wrapper |