libb.group_required

group_required(allowed_groups, *, session_accessor=None, on_forbidden=None)[source]

Decorator: 403 unless the session’s groups intersect allowed_groups.

A thin Flask wrapper over authd() for group-set authorization. Group names are injected, never hardcoded; richer policies (a superuser override, per-row checks) compose by supplying a custom on_forbidden or wrapping the result.

Parameters:
  • allowed_groups – Iterable of group names; access needs a non-empty intersection with the session’s groups.

  • session_accessor – Callable returning the session mapping (defaults to Flask’s session).

  • on_forbidden – Callable(groups, allowed) returning the denied response; defaults to flask.abort(403).

Returns:

A view decorator.