Reputation: 31
Integrating Flask Security and Flask Rest-JSONAPI
i try to build a REST API with Flask-JSONAPI and Flask Security.
I use Auth Token for authentication and @login_required to secure my API Endpints. (Authentication)
But now I want to ensure that only the owner of objects (Creator) can (C)RUD the data. Right now every user can see every object that is created. (Autorisation)
I want to use Resource Manager here but did't find a proper example for Flask Security in Resource Managers. For Example the user (person) can only see the computer objects associated with the same user id. Do I have to use the Auth Token for that? Is there a simple way to get the id of the user logged in, doing the request?
Upvotes: 1
Views: 142
Answers (1)
Reputation: 35
from flask_security import current user
That represents a user instance of the currently logged in user. This user can be anonymous in cases where no user is logged in, but if a user is logged in then the object will represent an object of the User class.
Upvotes: 1
Related Questions
- How to secure a REST Api on flask
- Securing Flask API with out user authentication
- Securing Flask-Restful API with OAuth2
- How to protect Flask-RESTful with Flask-USER management?
- Using flask-security as a part of an REST API
- Secure Python REST APIs
- Using Flask-Security as part of a REST API
- Using Flask-Security to authenticate REST API
- Structuring RESTful API in Flask when some methods require authentication and some don't
- Securing RESTapi in flask