flask_more_smorest.perms.perms_blueprint

Blueprint Mixin to support method annotation for access control.

This module provides PermsBlueprintMixin which adds decorators for marking endpoints as public or admin-only.

Classes

`PermsBlueprint`(name, import_name[, model, ...])	CRUD Blueprint with permission annotations.
`PermsBlueprintMixin`()	Blueprint mixin with added annotations for public and admin endpoints.

class flask_more_smorest.perms.perms_blueprint.PermsBlueprintMixin[source]

Blueprint mixin with added annotations for public and admin endpoints.

This mixin extends Flask-Smorest’s Blueprint to provide additional decorators for marking endpoints with special access levels: - public_endpoint: Accessible without authentication - admin_endpoint: Requires admin privileges

Example

>>> class MyBlueprint(Blueprint, PermsBlueprintMixin):
...     pass
>>> bp = MyBlueprint('items', __name__)
>>> @bp.route('/')
>>> @bp.public_endpoint
>>> def list_items():
...     return []

public_endpoint(func)[source]

Decorator to mark an endpoint as public.

Public endpoints do not require authentication and can be accessed by anyone.

Parameters:: func (Callable) – The endpoint function to mark as public
Return type:: Callable
Returns:: The decorated function with public annotation

Example

>>> @bp.route('/health')
>>> @bp.public_endpoint
>>> def health_check():
...     return {'status': 'ok'}

admin_endpoint(func)[source]

Decorator to mark an endpoint as admin only.

Admin endpoints require the user to have admin privileges. The Api class enforces this during request handling.

Parameters:: func (Callable) – The endpoint function to mark as admin only
Return type:: Callable
Returns:: The decorated function with admin annotation

Example

>>> @bp.route('/users/<uuid:user_id>')
>>> @bp.admin_endpoint
>>> def delete_user(user_id):
...     # Only admins can delete users
...     pass

class flask_more_smorest.perms.perms_blueprint.PermsBlueprint(name, import_name, model=None, schema=None, model_import_name=None, schema_import_name=None, res_id='id', res_id_param=None, methods=[CRUDMethod.INDEX, CRUDMethod.GET, CRUDMethod.POST, CRUDMethod.PATCH, CRUDMethod.DELETE], skip_methods=None, default_page_size=20, db_session=None, static_folder=None, static_url_path=None, template_folder=None, url_prefix=None, subdomain=None, url_defaults=None, root_path=None, cli_group=None)[source]

CRUD Blueprint with permission annotations.

Combines CRUDBlueprint functionality with PermsBlueprintMixin to provide automatic CRUD operations with permission checking support.