Modularización de GKACHELE SaaS

demo/utils/auth_decorators.py

@@ -0,0 +1,54 @@
+from functools import wraps
+from flask import session, request, jsonify, redirect, url_for
+import sqlite3
+from config import MAIN_DB
+
+def login_required(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if 'user_id' not in session:
+            if request.is_json:
+                return jsonify({'success': False, 'error': 'No autorizado'}), 401
+            return redirect(url_for('auth.login'))
+        return f(*args, **kwargs)
+    return decorated_function
+
+def user_has_role(user_id, required_role):
+    """Verificar si usuario tiene un rol específico (desde DB)"""
+    if not user_id:
+        return False
+    
+    conn = sqlite3.connect(MAIN_DB)
+    c = conn.cursor()
+    c.execute('SELECT role FROM users WHERE id = ?', (user_id,))
+    result = c.fetchone()
+    conn.close()
+    
+    if not result:
+        return False
+    
+    user_role = result[0] or 'subscriber'
+    
+    # Jerarquía de roles GKACHELE™
+    role_hierarchy = {
+        'administrator': 4,
+        'editor': 3,
+        'author': 2,
+        'subscriber': 1
+    }
+    
+    user_level = role_hierarchy.get(user_role, 1)
+    required_level = role_hierarchy.get(required_role, 1)
+    
+    return user_level >= required_level
+
+def user_can(user_id, capability):
+    """Verificar capacidad específica (desde DB)"""
+    if not user_id:
+        return False
+    
+    # Si es admin, puede todo
+    if user_has_role(user_id, 'administrator'):
+        return True
+    
+    return False