Flask-Principal Best Practice of Handling PermissionDenied Exception
You can tell Flask-Principal that you want to raise a specific HTTP error code instead:
@app.route('/admin')@admin_permission.require(http_exception=403)def admin(request): # ...
Now flask.abort()
will be called instead of raising PermissionDenied
. For the 403 error code you can then register an error handler:
@app.errorhandler(403)def page_not_found(e): session['redirected_from'] = request.url return redirect(url_for('users.login'))
where url_for('users.login')
would return the route URL for a login page.