I'm currently building a REST API using Flask-RESTful and using Flask-HTTPAuth to protect some of the put and get methods. I want to allow access to these methods based on pre-defined user permissions I have stored in a database.
My question is, how can I modify or intercept the results of the function below, so that I can vary access depending on the endpoint/method? After basic authentication clears, I want to be able to check whether the user has the relevant permissions in my database. With Flask-Session this was easy, but here the API is stateless.
@auth.verify_password
def verify_password(user, password):
query_set = models.User.objects(username=user)
if query_set:
return helpers.verify(password, query_set[0].password)
else:
return False
Thank you very much.