resource impl

api/__init__.py

@@ -1 +1,18 @@
-#api/__init__.py
+#api/__init__.py
+
+from functools import wraps
+from flask import jsonify, session
+
+
+def require_auth(roles=[]):
+    def decorator(func):
+        @wraps(func)
+        def wrapper(*args, **kwargs):
+            user = session.get('user')
+            if not user:
+                return jsonify({"error": "Unauthorized"}), 401
+            if user.get('role') not in roles:
+                return jsonify({"error": "Forbidden, permission denied"}), 403
+            return func(*args, **kwargs)
+        return wrapper
+    return decorator