from flask import request, session
from flask.views import MethodView
from ..utils.http import redirect_next_referrer
from ..utils.permissions import LOGGEDIN, PERMISSIONS, lookup_permissions
class LoginView(MethodView):
def post(self):
token = request.form.get('token')
if token is not None:
permissions_for_token = lookup_permissions(token)
if permissions_for_token is not None:
session[PERMISSIONS] = permissions_for_token
session[LOGGEDIN] = True
return redirect_next_referrer('bepasty.index')
class LogoutView(MethodView):
def post(self):
# note: remove all session entries that are not needed for logged-out
# state (because the code has defaults for them if they are missing).
# if the session is empty. flask will automatically remove the cookie.
session.pop(LOGGEDIN, None)
session.pop(PERMISSIONS, None)
return redirect_next_referrer('bepasty.index')
