Flask-Security integrates a number of other extensions into a neat package, so it is possible to utilize those packages independently of Flask-Security if necessary.
If you've installed Flask-Security, you should also have Flask-Login installed as a dependency. You can use the current_user
class from Flask-Login to check for authentication and redirect manually:
from flask import redirect
from flask_login import current_user
@app.route('/result')
@roles_accepted('/admin')
def result():
if not current_user.is_authenticated:
return redirect(url_for('.login'))
else:
some code....
I'm not sure how this will play with @roles_accepted
, but based on the source code it looks like this decorator will intervene prior to the result
function if an inappropriate role is used and handle it with the security_unauthorized_callback
.
This actually seems to be similar to what @login_required
does, i.e. call the security_unauthorized_callback
function when the specified conditions are not met, in this case, the proper roles.
If I understand the @roles_required
decorator correctly, the above solution should prevent any authenticated users of the improper role from accessing the results page, then manually redirect any unauthenticated users who make it past that check, without using the @login_required
decorator.