get_user_roles takes auth as argument

miguelgrinberg / Flask-HTTPAuth

Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes

MIT License

1.27k stars 228 forks source link

get_user_roles takes auth as argument #119

Closed gemerden closed 2 years ago

gemerden commented 3 years ago

Hi Miguel,

(remember me, i made the roles PR)

I am trying to upgrade (finally) to the new version version with the integrated roles based access control (login_required(role=[...)) and i noticed that the @auth.get_user_roles(user) callback takes auth as parameter. I was wondering whether it is not more consistent to use 'username' or 'username' and 'password' as parameters, as in @auth.verify_password (took me a while to figure it out and it is not very clear from readthedocs).

Maybe you had a specific reason?

Cheers, Lars

miguelgrinberg commented 3 years ago

The get_user_roles callback takes the user object that you return in your verify_password callback as argument. If you do not return a user object and instead return True, then it passes the auth object as argument, so that you have access to the username/password in checking your roles.

So changing your verify_password to return the user should address your concern, I think.

gemerden commented 3 years ago

Very clear, thanks.

Hmm ... maybe put the explanation in the docs ;-)

Itzshivam1908 commented 3 years ago

Yes,you first read all terms and conditions.Then,you ask questions on documentations because a developer has restrictions regarding this terms and conditions.

targhs commented 2 years ago

@miguelgrinberg Thought you might be busy with some other important stuff. Would be happy to make edits if required.