From 9c6b46f68fd4145c6aebdae65212312d85ad1e98 Mon Sep 17 00:00:00 2001 From: Jagraj Aulakh Date: Thu, 6 Apr 2023 23:08:18 -0400 Subject: [PATCH] Add decorator that requirers the logged in user to be an instructor --- backend/app/routes.py | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/backend/app/routes.py b/backend/app/routes.py index 89dfa1e..38b7f9b 100644 --- a/backend/app/routes.py +++ b/backend/app/routes.py @@ -1,3 +1,4 @@ +from functools import wraps from flask_login import login_required, login_user, logout_user from app.bp import bp from flask import jsonify, request @@ -20,6 +21,17 @@ def check_data(data, required_fields): return None +def instructor_required(func): + @wraps(func) + def dec(*args, **kwargs): + print(current_user) + if current_user.role != "instructor": + return error_response(400, "User is not instructor!") + return func(*args, **kwargs) + + return dec + + @bp.route("/login", methods=["POST"]) def login_route(): data = request.get_json() @@ -88,7 +100,9 @@ def create_course(): c = Course.query.filter_by(course_code=data["course_code"]).first() if c: - return error_response(400, f"Course with course code {data['course_code']} already exists") + return error_response( + 400, f"Course with course code {data['course_code']} already exists" + ) if u.role != "instructor": return error_response(400, "User is not instructor") @@ -114,6 +128,7 @@ def get_courses(id): @bp.route("/user//enroll/", methods=["POST", "DELETE"]) @login_required +@instructor_required def enroll_student(uid, cid): u = User.query.get(uid) if not u: @@ -125,7 +140,9 @@ def enroll_student(uid, cid): if request.method == "POST": if not u.enroll(c): - return error_response(400, f"User {uid} is already enrolled in course {cid}") + return error_response( + 400, f"User {uid} is already enrolled in course {cid}" + ) elif request.method == "DELETE": if not u.unenroll(c):