55 lines
1.5 KiB
Python
55 lines
1.5 KiB
Python
from functools import wraps
|
|
from flask import session, request, jsonify, redirect, url_for
|
|
import sqlite3
|
|
from config import MAIN_DB
|
|
|
|
def login_required(f):
|
|
@wraps(f)
|
|
def decorated_function(*args, **kwargs):
|
|
if 'user_id' not in session:
|
|
if request.is_json:
|
|
return jsonify({'success': False, 'error': 'No autorizado'}), 401
|
|
return redirect(url_for('auth.login'))
|
|
return f(*args, **kwargs)
|
|
return decorated_function
|
|
|
|
def user_has_role(user_id, required_role):
|
|
"""Verificar si usuario tiene un rol específico (desde DB)"""
|
|
if not user_id:
|
|
return False
|
|
|
|
conn = sqlite3.connect(MAIN_DB)
|
|
c = conn.cursor()
|
|
c.execute('SELECT role FROM users WHERE id = ?', (user_id,))
|
|
result = c.fetchone()
|
|
conn.close()
|
|
|
|
if not result:
|
|
return False
|
|
|
|
user_role = result[0] or 'subscriber'
|
|
|
|
# Jerarquía de roles GKACHELE™
|
|
role_hierarchy = {
|
|
'administrator': 4,
|
|
'editor': 3,
|
|
'author': 2,
|
|
'subscriber': 1
|
|
}
|
|
|
|
user_level = role_hierarchy.get(user_role, 1)
|
|
required_level = role_hierarchy.get(required_role, 1)
|
|
|
|
return user_level >= required_level
|
|
|
|
def user_can(user_id, capability):
|
|
"""Verificar capacidad específica (desde DB)"""
|
|
if not user_id:
|
|
return False
|
|
|
|
# Si es admin, puede todo
|
|
if user_has_role(user_id, 'administrator'):
|
|
return True
|
|
|
|
return False
|