@@ -123,6 +123,44 @@ def required_user_wrapper(*args, **kwargs):
123123 return required_user_wrapper
124124
125125
126+ def require_mod (room , * , admin = False ):
127+ """Checks a room for moderator or admin permission; aborts with 401 Unauthorized if there is no
128+ user in the request, and 403 Forbidden if g.user does not have moderator (or admin, if
129+ specified) permission."""
130+ require_user ()
131+ if not (room .check_admin (g .user ) if admin else room .check_moderator (g .user )):
132+ abort_with_reason (
133+ http .FORBIDDEN ,
134+ f"This endpoint requires { 'admin' if admin else 'moderator' } ,
135+ )
136+
137+
138+ def mod_required (f ):
139+ """Decorator for an endpoint that requires a user that has moderator permission in the given
140+ room. The function must take a `room` argument by name, as is typically used with flask
141+ endpoints with a <Room:room> argument."""
142+
143+ @wraps (f )
144+ def required_mod_wrapper (* args , room , ** kwargs ):
145+ require_mod (room )
146+ return f (* args , room = room , ** kwargs )
147+
148+ return required_mod_wrapper
149+
150+
151+ def admin_required (f ):
152+ """Decorator for an endpoint that requires a user that has admin permission in the given room.
153+ The function must take a `room` argument by name, as is typically used with flask endpoints with
154+ a <Room:room> argument."""
155+
156+ @wraps (f )
157+ def required_admin_wrapper (* args , room , ** kwargs ):
158+ require_mod (room , admin = True )
159+ return f (* args , room = room , ** kwargs )
160+
161+ return required_admin_wrapper
162+
163+
126164@app .before_request
127165def handle_http_auth ():
128166 """
0 commit comments