Check authorization in requires role guard decorator

6 months ago · 2af17a1764
parent 0f1fc25239
commit 2af17a1764
1 changed files with 2 additions and 1 deletions
--- a/backend/utils/auth.py
+++ b/backend/utils/auth.py
@ -37,8 +37,9 @@ def requires_role(roles=None):
    def decorator(f):
        @wraps(f)
        def decorated_function(*args, **kwargs):
+            if g.get('is_authed', False) is False:
+                return jsonify({'error': 'Unauthorized'})
            if g.current_user.role in roles:
                return f(*args, **kwargs)
-            return jsonify({'error': 'Not authorized'}), 403
        return decorated_function
    return decorator