117. Decorators for Authorization

Here are 10 Python snippets demonstrating how to use decorators for handling authentication and authorization in web applications:

1. Basic Authorization Decorator

from functools import wraps

def require_login(func):
    @wraps(func)
    def wrapper(*args, **kwargs):
        user = {"authenticated": False}  # Simulated user object
        if not user.get("authenticated"):
            return "Access denied: Please log in."
        return func(*args, **kwargs)
    return wrapper

@require_login
def view_profile():
    return "Welcome to your profile!"

print(view_profile())

2. Role-Based Access Control (RBAC)

from functools import wraps

def require_role(role):
    def decorator(func):
        @wraps(func)
        def wrapper(*args, **kwargs):
            user = {"role": "user"}  # Simulated user object
            if user.get("role") != role:
                return f"Access denied: Requires {role} role."
            return func(*args, **kwargs)
        return wrapper
    return decorator

@require_role("admin")
def admin_dashboard():
    return "Welcome to the admin dashboard!"

print(admin_dashboard())

3. Checking Multiple Roles

from functools import wraps

def require_any_role(*roles):
    def decorator(func):
        @wraps(func)
        def wrapper(*args, **kwargs):
            user = {"role": "editor"}  # Simulated user object
            if user.get("role") not in roles:
                return f"Access denied: Requires one of {roles} roles."
            return func(*args, **kwargs)
        return wrapper
    return decorator

@require_any_role("admin", "editor")
def edit_content():
    return "Content editing page."

print(edit_content())

4. Custom Authorization Logic

from functools import wraps

def custom_authorization(func):
    @wraps(func)
    def wrapper(*args, **kwargs):
        user = {"username": "guest", "permissions": ["read"]}  # Simulated user
        if "write" not in user.get("permissions", []):
            return "Access denied: Insufficient permissions."
        return func(*args, **kwargs)
    return wrapper

@custom_authorization
def write_post():
    return "Post creation page."

print(write_post())

5. Token-Based Authorization

from functools import wraps

def require_token(func):
    @wraps(func)
    def wrapper(*args, **kwargs):
        headers = {"Authorization": "Bearer valid_token"}  # Simulated request headers
        token = headers.get("Authorization")
        if not token or token != "Bearer valid_token":
            return "Access denied: Invalid token."
        return func(*args, **kwargs)
    return wrapper

@require_token
def sensitive_data():
    return "Here is some sensitive data."

print(sensitive_data())

6. Checking API Key

from functools import wraps

def require_api_key(func):
    @wraps(func)
    def wrapper(*args, **kwargs):
        api_key = "12345"  # Simulated API key
        if api_key != "12345":
            return "Access denied: Invalid API key."
        return func(*args, **kwargs)
    return wrapper

@require_api_key
def fetch_data():
    return "Data fetched successfully!"

print(fetch_data())

7. IP-Based Access Restriction

from functools import wraps

def restrict_ip(allowed_ips):
    def decorator(func):
        @wraps(func)
        def wrapper(*args, **kwargs):
            request_ip = "192.168.0.1"  # Simulated request IP
            if request_ip not in allowed_ips:
                return "Access denied: Unauthorized IP."
            return func(*args, **kwargs)
        return wrapper
    return decorator

@restrict_ip(["192.168.0.1", "10.0.0.1"])
def secure_area():
    return "Welcome to the secure area!"

print(secure_area())

8. Logging Unauthorized Access Attempts

from functools import wraps

def log_unauthorized_access(func):
    @wraps(func)
    def wrapper(*args, **kwargs):
        user = {"authenticated": False}  # Simulated user object
        if not user.get("authenticated"):
            print("Unauthorized access attempt logged.")
            return "Access denied."
        return func(*args, **kwargs)
    return wrapper

@log_unauthorized_access
def dashboard():
    return "Welcome to the dashboard!"

print(dashboard())

9. Using Flask for Authentication

from flask import Flask, request, jsonify
from functools import wraps

app = Flask(__name__)

def require_login(func):
    @wraps(func)
    def wrapper(*args, **kwargs):
        if not request.headers.get("Authorization"):
            return jsonify({"error": "Access denied: Please log in."}), 403
        return func(*args, **kwargs)
    return wrapper

@app.route("/protected")
@require_login
def protected_route():
    return jsonify({"message": "Access granted to protected route."})

# Run with Flask to test
# app.run(debug=True)

10. Combining Multiple Authorization Decorators

from functools import wraps

def require_login(func):
    @wraps(func)
    def wrapper(*args, **kwargs):
        user = {"authenticated": True}  # Simulated user object
        if not user.get("authenticated"):
            return "Access denied: Please log in."
        return func(*args, **kwargs)
    return wrapper

def require_admin_role(func):
    @wraps(func)
    def wrapper(*args, **kwargs):
        user = {"role": "admin"}  # Simulated user object
        if user.get("role") != "admin":
            return "Access denied: Admin role required."
        return func(*args, **kwargs)
    return wrapper

@require_login
@require_admin_role
def admin_settings():
    return "Welcome to admin settings."

print(admin_settings())

These examples showcase different ways to use decorators for implementing authentication and authorization, including role-based access control, token validation, and logging unauthorized access.

Previous116. Command-Line Argument Parsing Next118. Concurrency with concurrent.futures

Last updated 1 year ago

hashtag1. Basic Authorization Decorator

hashtag2. Role-Based Access Control (RBAC)

hashtag3. Checking Multiple Roles

hashtag4. Custom Authorization Logic

hashtag5. Token-Based Authorization

hashtag6. Checking API Key

hashtag7. IP-Based Access Restriction

hashtag8. Logging Unauthorized Access Attempts

hashtag9. Using Flask for Authentication

hashtag10. Combining Multiple Authorization Decorators