fotohost/app/auth_utils.py

from functools import wraps

from flask import abort, flash, redirect, url_for
from flask_login import current_user

from app.folder_utils import can_edit_folder, is_folder_owner
from app.models import FolderMember


def admin_required(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        if not current_user.is_authenticated or not current_user.is_admin:
            flash("Доступ только для администраторов", "error")
            return redirect(url_for("main.index"))
        return f(*args, **kwargs)

    return decorated


def can_manage_photo(photo):
    if not current_user.is_authenticated:
        return False
    if current_user.is_admin:
        return True
    if photo.user_id == current_user.id:
        return True
    if photo.folder_id and photo.folder:
        if is_folder_owner(photo.folder, current_user):
            return True
        if can_edit_folder(photo.folder, current_user):
            return True
    return False


def photo_owner_or_admin(photo):
    if not can_manage_photo(photo):
        abort(403)