如何使用Flask-USER管理来保护Flask-RESTful？

我有一组用户角色，在Flask-User的网页上进行布局和保护。现在我想允许他们对我的API进行REST调用，它将使用@roles_required进行划分以过滤请求。如何执行REST登录并将标记\凭证传递给Flask-USER以使@roles_required正常工作？如何使用Flask-USER管理来保护Flask-RESTful？

来源

2017-07-31 DuckQueen

您必须检查Dillon Dixan的资源库，他在那里提出了一个非常漂亮的示例，可帮助您完成您的查询。下面是示例代码：

from flask import Flask 
from flask_basic_roles import BasicRoleAuth 
app = Flask(__name__) 
auth = BasicRoleAuth() 

# Let's add some users. 
auth.add_user(user='bob', password='secret123', roles='producer') 
auth.add_user(user='alice', password='drowssap', roles=('producer','consumer')) 
auth.add_user(user='bill', password='54321') 
auth.add_user(user='steve', password='12345', roles='admin') 

# Only producers and admins can post, while consumers can only get. 
# Admins can also perform all other verbs. 
@app.route("/task") 
@auth.require(roles={ 
    'POST': 'producer', 
    'GET': 'consumer', 
    'DELETE,POST,PATCH,PUT,GET': 'admin' 
}) 
def tasks_endpoint(methods=(...)): 
    return "Here tasks get produced and consumed!" 

# We can secure by user too. Steve can use any verb on this 
# endpoint and everyone else is denied access. 
@app.route("/task_status") 
@auth.require(users='steve') 
def task_status_endpoint(methods=(...)): 
    return "Here are the task statuses!" 

# Alice, Bill and users with an 'admin' role can access this, while everyone 
# else is denied on all verbs. 
@app.route("/task_failures") 
@auth.require(users=('alice', 'bill'), roles='admin') 
def task_failures(methods=(...)): 
    return "Here are the task failures!" 

# Everyone including unauthenticated users can view task results. 
@app.route("/task_results") 
def task_results(methods=(...)): 
    return "Here are the task results!" 

if __name__ == "__main__": 
    app.run()

所有你需要做的就是安装使用pip库flask_basic_roles。休息你可以检查的例子，当然会帮助你。

此外，您还可以参观和看：https://github.com/raddevon/flask-permissions
请从这里阅读烧瓶权限：https://pythonhosted.org/Flask-Security/。

来源

2017-08-03 07:35:20

如何使用Flask-USER管理来保护Flask-RESTful？

回答

相关问题