add permission layer for admins for backend API

2022-06-08 21:41:59 +02:00 · 2022-06-08 21:41:59 +02:00 · 907e0ecaab
commit 907e0ecaab
parent 62187e0b29
4 changed files with 33 additions and 1 deletions
--- a/areas/users/users.py
+++ b/areas/users/users.py
@ -5,6 +5,7 @@ from flask_expects_json import expects_json

 from areas import api_v1
 from helpers import KratosApi
+from helpers.auth_guard import admin_required

 from .validation import schema
 from .user_service import UserService
@ -13,6 +14,7 @@ from .user_service import UserService
@api_v1.route("/users", methods=["GET"])
@jwt_required()
@cross_origin()
+@admin_required()
 def get_users():
    res = UserService.get_users()
    return jsonify(res)
@ -49,6 +51,7 @@ def put_user(id):
@api_v1.route("/users/<string:id>", methods=["DELETE"])
@jwt_required()
@cross_origin()
+@admin_required()
 def delete_user(id):
    res = KratosApi.delete("/identities/{}".format(id))
    if res.status_code == 204: