From 2af17a17641323f27e50242f340ea3ecef507352 Mon Sep 17 00:00:00 2001
From: Casu Al Snek <casualsnek@pm.me>
Date: Sat, 11 Jan 2025 18:08:39 +0545
Subject: [PATCH] Check authorization in requires role guard decorator

---
 backend/utils/auth.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/backend/utils/auth.py b/backend/utils/auth.py
index b146565..73ba416 100644
--- a/backend/utils/auth.py
+++ b/backend/utils/auth.py
@@ -37,8 +37,9 @@ def requires_role(roles=None):
     def decorator(f):
         @wraps(f)
         def decorated_function(*args, **kwargs):
+            if g.get('is_authed', False) is False:
+                return jsonify({'error': 'Unauthorized'})
             if g.current_user.role in roles:
                 return f(*args, **kwargs)
-            return jsonify({'error': 'Not authorized'}), 403
         return decorated_function
     return decorator
\ No newline at end of file