Fix 500s when requesting json after logged out:

* Update permissions decorator to make sure user is logged in first, else 401 * Stop further ajax json calls on failure
2026-05-02 07:00:51 -04:00 · 2016-10-21 14:24:21 +01:00
parent 09d7f6e8a6
commit 2a2a733a41
2 changed files with 12 additions and 5 deletions
--- a/app/utils.py
+++ b/app/utils.py
@@ -42,11 +42,18 @@ def user_has_permissions(*permissions, admin_override=False, any_=False):
        @wraps(func)
        def wrap_func(*args, **kwargs):
            from flask_login import current_user
-            if current_user and current_user.has_permissions(permissions=permissions,
-                                                             admin_override=admin_override, any_=any_):
-                return func(*args, **kwargs)
+
+            if current_user and current_user.is_authenticated:
+                if current_user.has_permissions(
+                    permissions=permissions,
+                    admin_override=admin_override,
+                    any_=any_
+                ):
+                    return func(*args, **kwargs)
+                else:
+                    abort(403)
            else:
-                abort(403)
+                abort(401)
        return wrap_func
    return wrap