根据session里面保存的管理员id查询出对于的角色,根据角色查询出权限,根据权限查询出能够访问的路径
# 权限控制装饰器
def admin_auth(f):
@wraps(f)
def decorated_function(*args, **kwargs): # 让某个函数来继承我们的参数
admin = Admin.query.join(
Role
).filter(
Role.id == Admin.role_id,
Admin.id == session[‘admin_id‘]
).first()
auths = admin.role.auths
auths = list(map(lambda v: int(v), auths.split(‘,‘)))
auth_list = Auth.query().all()
urls = [v.url for v in auth_list for val in auths if v.id == val.id]
rule=request.url_rule
if rule not in urls:
abort(404)
return f(*args, **kwargs)
return decorated_function
