|
|
from functools import wraps |
|
|
from flask import request, jsonify |
|
|
from .authentication import auth_manager |
|
|
|
|
|
class Authorization: |
|
|
def __init__(self): |
|
|
self.roles = { |
|
|
'student': 1, |
|
|
'instructor': 2, |
|
|
'admin': 3 |
|
|
} |
|
|
|
|
|
def require_role(self, required_role): |
|
|
"""دکوراتور برای بررسی سطح دسترسی""" |
|
|
def decorator(f): |
|
|
@wraps(f) |
|
|
@auth_manager.login_required |
|
|
def decorated(*args, **kwargs): |
|
|
current_role = getattr(request, 'user_role', 'student') |
|
|
|
|
|
if self.roles.get(current_role, 0) < self.roles.get(required_role, 0): |
|
|
return jsonify({ |
|
|
'message': f'Insufficient permissions. Required role: {required_role}' |
|
|
}), 403 |
|
|
|
|
|
return f(*args, **kwargs) |
|
|
return decorated |
|
|
return decorator |
|
|
|
|
|
def require_roles(self, required_roles): |
|
|
"""دکوراتور برای بررسی چندین سطح دسترسی""" |
|
|
def decorator(f): |
|
|
@wraps(f) |
|
|
@auth_manager.login_required |
|
|
def decorated(*args, **kwargs): |
|
|
current_role = getattr(request, 'user_role', 'student') |
|
|
|
|
|
if current_role not in required_roles: |
|
|
return jsonify({ |
|
|
'message': f'Insufficient permissions. Required roles: {required_roles}' |
|
|
}), 403 |
|
|
|
|
|
return f(*args, **kwargs) |
|
|
return decorated |
|
|
return decorator |
|
|
|
|
|
def can_access_lesson(self, user_id, lesson_id): |
|
|
"""بررسی دسترسی کاربر به درس""" |
|
|
|
|
|
|
|
|
return True |
|
|
|
|
|
def can_edit_content(self, user_id, content_id): |
|
|
"""بررسی امکان ویرایش محتوا""" |
|
|
current_role = getattr(request, 'user_role', 'student') |
|
|
return current_role in ['instructor', 'admin'] |
|
|
|
|
|
|
|
|
authz_manager = Authorization() |
|
|
|
|
|
|
|
|
require_student = authz_manager.require_role('student') |
|
|
require_instructor = authz_manager.require_role('instructor') |
|
|
require_admin = authz_manager.require_role('admin') |
