Challenge - 5 Problems
Role Requirement Decorator Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
❓ component_behavior
intermediate2:00remaining
What is the output of this Flask route with role check?
Consider this Flask route decorated with a role requirement decorator. What will be the HTTP response status code if the user role is 'guest'?
Flask
from flask import Flask, request, abort app = Flask(__name__) def role_required(role): def decorator(f): def wrapper(*args, **kwargs): user_role = request.headers.get('Role') if user_role != role: abort(403) return f(*args, **kwargs) return wrapper return decorator @app.route('/admin') @role_required('admin') def admin_panel(): return 'Welcome Admin!' # Assume a request to /admin with header Role: guest
Attempts:
2 left
💡 Hint
Think about what happens when the user role does not match the required role.
✗ Incorrect
The decorator checks if the user role matches 'admin'. If not, it calls abort(403), which returns a 403 Forbidden HTTP response.
📝 Syntax
intermediate2:00remaining
Which decorator syntax correctly preserves function metadata?
You want to create a role_required decorator that preserves the original function's name and docstring. Which option correctly uses functools.wraps?
Flask
from functools import wraps def role_required(role): def decorator(f): # Choose the correct wrapper implementation pass return decorator
Attempts:
2 left
💡 Hint
functools.wraps is used as a decorator on the wrapper function.
✗ Incorrect
Option D correctly applies @wraps(f) above the wrapper function definition to preserve metadata.
🔧 Debug
advanced2:00remaining
Why does this role_required decorator cause a runtime error?
Examine this decorator code. What causes the runtime error when calling the decorated function?
Flask
def role_required(role): def decorator(f): def wrapper(*args, **kwargs): user_role = request.headers.get('Role') if user_role != role: abort(403) return f return wrapper return decorator
Attempts:
2 left
💡 Hint
Look at what the wrapper returns after the role check.
✗ Incorrect
The wrapper returns the function f itself instead of calling it with arguments. This causes the caller to get a function object instead of the expected response, leading to errors.
🧠 Conceptual
advanced1:30remaining
What is the main purpose of using a decorator for role requirement in Flask?
Why do developers use decorators like role_required in Flask applications?
Attempts:
2 left
💡 Hint
Think about how decorators help with code reuse and separation of concerns.
✗ Incorrect
Decorators allow adding access control checks to routes cleanly and reuse the logic across many routes.
❓ state_output
expert2:30remaining
What is the output of this Flask app with nested role_required decorators?
Given this Flask app code, what will be the response body when a request with header Role: admin accesses /dashboard?
Flask
from flask import Flask, request, abort app = Flask(__name__) def role_required(role): def decorator(f): def wrapper(*args, **kwargs): user_role = request.headers.get('Role') if user_role != role: abort(403) return f(*args, **kwargs) return wrapper return decorator @app.route('/dashboard') @role_required('admin') @role_required('user') def dashboard(): return 'Dashboard Accessed' # Request header: Role: admin
Attempts:
2 left
💡 Hint
Consider the order decorators are applied and how role checks happen.
✗ Incorrect
Decorators apply bottom-up. The inner role_required('user') checks if role is 'user'. The request has role 'admin', so it aborts with 403 before reaching the outer decorator.