Add decorator that requirers the logged in user to be an instructor

backend/app/routes.py

@@ -1,3 +1,4 @@
+from functools import wraps
 from flask_login import login_required, login_user, logout_user
 from app.bp import bp
 from flask import jsonify, request
@@ -20,6 +21,17 @@ def check_data(data, required_fields):
     return None
 
 
+def instructor_required(func):
+    @wraps(func)
+    def dec(*args, **kwargs):
+        print(current_user)
+        if current_user.role != "instructor":
+            return error_response(400, "User is not instructor!")
+        return func(*args, **kwargs)
+
+    return dec
+
+
 @bp.route("/login", methods=["POST"])
 def login_route():
     data = request.get_json()
@@ -88,7 +100,9 @@ def create_course():
 
     c = Course.query.filter_by(course_code=data["course_code"]).first()
     if c:
-        return error_response(400, f"Course with course code {data['course_code']} already exists")
+        return error_response(
+            400, f"Course with course code {data['course_code']} already exists"
+        )
 
     if u.role != "instructor":
         return error_response(400, "User is not instructor")
@@ -114,6 +128,7 @@ def get_courses(id):
 
 @bp.route("/user/<int:uid>/enroll/<int:cid>", methods=["POST", "DELETE"])
 @login_required
+@instructor_required
 def enroll_student(uid, cid):
     u = User.query.get(uid)
     if not u:
@@ -125,7 +140,9 @@ def enroll_student(uid, cid):
 
     if request.method == "POST":
         if not u.enroll(c):
-            return error_response(400, f"User {uid} is already enrolled in course {cid}")
+            return error_response(
+                400, f"User {uid} is already enrolled in course {cid}"
+            )
 
     elif request.method == "DELETE":
         if not u.unenroll(c):