1

I am doing a project in Flask. I am using sqlalchemy to work with database. I want to create the following roles and assign permissions to that roles as given below.

Roles : Student, Teacher, HOD, Admin

Peremissions :

  1. Student can only insert into and select from table1. Should not be able to update any column of table1.
  2. Teacher should have the permissions to insert, select, delete and update on table1.
  3. HOD also have similar permissions as teacher.
  4. By default when a user register, role of user will be 'Student'. Only admin should have the ability to change the role of a user.

How to impliment these role and permissions ? Or without assigning these permissions is ther e a way to handle this ? Can someone help ?

How to

Gireesh
  • 111
  • 1
  • 7

1 Answers1

1

This post may help.

Implementing Flask-Login with multiple User Classes

To my understanding, flask-login is actively maintained which is a good start for using any flask extension.

Based on what you're trying to solve, you could include a role property to the classes. Then on the API side of things, you could add a decorator for each route that requires different authorization levels. A decorator is kind of like a middleware that gets invoked before function at the route gets invoked.

Hope this helps!

jeff
  • 490
  • 1
  • 6
  • 21