0
0
Flaskframework~20 mins

Role-based access control in Flask - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
RBAC Mastery
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What is the output of this Flask route with role check?

Consider this Flask route that checks user roles before allowing access. What will be the response if the user role is 'guest'?

Flask
from flask import Flask, abort, request
app = Flask(__name__)

@app.route('/dashboard')
def dashboard():
    user_role = request.args.get('role')
    if user_role != 'admin':
        abort(403)
    return 'Welcome to admin dashboard!'

# Simulate request with role='guest'
AHTTP 403 Forbidden error
BWelcome to admin dashboard!
CHTTP 404 Not Found error
DHTTP 500 Internal Server Error
Attempts:
2 left
💡 Hint

Think about what happens when the role is not 'admin'.

state_output
intermediate
1:30remaining
What is the value of 'access_granted' after this role check?

Given this snippet, what is the value of access_granted after execution?

Flask
user_roles = ['editor', 'contributor']
required_role = 'admin'
access_granted = required_role in user_roles
Atrue
Bnull
C'admin'
Dfalse
Attempts:
2 left
💡 Hint

Check if 'admin' is inside the list user_roles.

📝 Syntax
advanced
2:30remaining
Which option correctly defines a Flask decorator to restrict access by role?

Which code snippet correctly implements a Flask decorator @role_required('admin') that aborts with 403 if the user role is not 'admin'?

A
def role_required(role):
    def decorator(f):
        if request.args.get('role') != role:
            abort(403)
        return f
    return decorator
B
def role_required(role):
    def decorator(f):
        def wrapper(*args, **kwargs):
            if request.args.get('role') != role:
                abort(403)
            return f(*args, **kwargs)
        return wrapper
    return decorator
C
def role_required(role):
    def wrapper(f):
        if request.args.get('role') != role:
            abort(403)
        return f
    return wrapper
D
def role_required(role):
    def decorator(f):
        def wrapper():
            if request.args.get('role') != role:
                abort(403)
            return f()
        return wrapper
    return decorator
Attempts:
2 left
💡 Hint

Remember a decorator returns a function that wraps the original function and accepts any arguments.

🔧 Debug
advanced
2:00remaining
Why does this Flask role check code raise a RuntimeError?

Given this Flask route, why does it raise a RuntimeError: Working outside of request context?

Flask
from flask import Flask, abort, request
app = Flask(__name__)

user_role = request.args.get('role')

@app.route('/profile')
def profile():
    if user_role != 'user':
        abort(403)
    return 'User profile page'
ABecause 'request.args.get' is called outside a request context, before any request is handled.
BBecause 'abort' is used incorrectly inside the route function.
CBecause the route function 'profile' is missing a return statement.
DBecause Flask app is not run with debug=true.
Attempts:
2 left
💡 Hint

Think about when Flask's request object is available.

🧠 Conceptual
expert
1:30remaining
Which statement best describes role-based access control (RBAC) in Flask apps?

Choose the most accurate description of how RBAC is typically implemented in Flask applications.

ARBAC automatically encrypts user passwords to secure roles in Flask apps.
BRBAC requires Flask to use class-based views exclusively for role checks.
CRBAC restricts access by checking user roles stored in session or token before executing route logic.
DRBAC is handled by Flask's built-in user interface components.
Attempts:
2 left
💡 Hint

Think about how roles are checked before allowing access.