from functools import wraps
from flask_jwt_extended import current_user, jwt_protected
def userid_must_match(f):
"""Abort with a 403 Forbidden if the userid doesn't match the jwt token
This decorator adds the @protected decorator
Checks for a `userid` parameter to the function and aborts with
status code 403 if this doesn't match the user identified by the
token.
"""
@wraps(f)
@jwt_protected
def wrapper(*args, userid=None, **kwargs):
if userid is not None and userid != current_user.id:
abort(403)
return f(*args, **kwargs)
return wrapper