From 756c10fb941a3b030bf8a939873f44810c0256c2 Mon Sep 17 00:00:00 2001
From: Ohad Perry <ohadpartuck@gmail.com>
Date: Mon, 8 Feb 2016 15:08:07 +0200
Subject: [PATCH 1/2] small change to_groups_required_decorator

---
 flask_stormpath/decorators.py | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/flask_stormpath/decorators.py b/flask_stormpath/decorators.py
index 2568050..3e6230a 100644
--- a/flask_stormpath/decorators.py
+++ b/flask_stormpath/decorators.py
@@ -9,8 +9,12 @@
 from flask import current_app
 from flask.ext.login import current_user
 
+not_authorized = 'You are not authorized to view this page, ' \
+                 'please contact your system administrator'
+please_login = 'please login to view this page'
 
-def groups_required(groups, all=True):
+
+def healthy_groups_required(groups, all=True):
     """
     This decorator requires that a user be part of one or more Groups before
     they are granted access.
@@ -44,17 +48,21 @@ def wrapper(*args, **kwargs):
                 return func(*args, **kwargs)
 
             # If the user is NOT authenticated, this user is unauthorized.
-            elif not current_user.is_authenticated():
+            if not current_user.is_authenticated():
+                current_app.login_manager.login_message = please_login
                 return current_app.login_manager.unauthorized()
 
             # If the user authenticated, and the all flag is set, we need to
             # see if the user is a member of *ALL* groups.
             if all and not current_user.has_groups(groups):
+                current_app.login_manager.login_message = not_authorized
                 return current_app.login_manager.unauthorized()
 
             # If the all flag is NOT set, we need to make sure the user is a
             # member of at least one group.
             elif not current_user.has_groups(groups, all=False):
+                # todo move this decorator to our application code
+                current_app.login_manager.login_message = not_authorized
                 return current_app.login_manager.unauthorized()
 
             # Lastly, if the user has successfully passsed all authentication /

From 6111a7ce81695f70bbfd1147189f57aa8622cbee Mon Sep 17 00:00:00 2001
From: Ohad Perry <ohadpartuck@gmail.com>
Date: Tue, 9 Feb 2016 12:40:06 +0200
Subject: [PATCH 2/2] small refractor

---
 flask_stormpath/decorators.py | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/flask_stormpath/decorators.py b/flask_stormpath/decorators.py
index 3e6230a..ee1b2bb 100644
--- a/flask_stormpath/decorators.py
+++ b/flask_stormpath/decorators.py
@@ -52,16 +52,9 @@ def wrapper(*args, **kwargs):
                 current_app.login_manager.login_message = please_login
                 return current_app.login_manager.unauthorized()
 
-            # If the user authenticated, and the all flag is set, we need to
-            # see if the user is a member of *ALL* groups.
-            if all and not current_user.has_groups(groups):
-                current_app.login_manager.login_message = not_authorized
-                return current_app.login_manager.unauthorized()
-
-            # If the all flag is NOT set, we need to make sure the user is a
-            # member of at least one group.
-            elif not current_user.has_groups(groups, all=False):
-                # todo move this decorator to our application code
+            # If the user authenticated, we need to check if
+            # he belongs to one / all of the groups (depends on the all flag)
+            if not current_user.has_groups(groups, all = all):
                 current_app.login_manager.login_message = not_authorized
                 return current_app.login_manager.unauthorized()