Solution: Add Authorization to a Route Handler
Wrap a route handler with a decorator that enforces role-based access control without modifying the handler itself.
We'll cover the following...
We'll cover the following...
Solution explanation
Lines 2–4: We define
deleteUserHandler, a mock route handler that returns a confirmation string. It doesn’t know anything about authentication or roles—that’s intentional.Lines 7–16: We build the
withAuthorizationdecorator:It wraps the original function
fn.It checks whether the
userargument has a role of'admin'. ...