mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2024-12-24 10:34:17 +00:00
Implement authentication with before_request in admin package
This commit is contained in:
parent
82543d883f
commit
e356be77da
@ -8,16 +8,23 @@ from ..models import Role, User
|
||||
from ..settings import tasks as settings_tasks
|
||||
|
||||
|
||||
@bp.route('/')
|
||||
@bp.before_request
|
||||
@login_required
|
||||
@admin_required
|
||||
def before_request():
|
||||
'''
|
||||
Ensures that the routes in this package can be visited only by users with
|
||||
administrator privileges (login_required and admin_required).
|
||||
'''
|
||||
pass
|
||||
|
||||
|
||||
@bp.route('/')
|
||||
def index():
|
||||
return redirect(url_for('.users'))
|
||||
|
||||
|
||||
@bp.route('/users')
|
||||
@login_required
|
||||
@admin_required
|
||||
def users():
|
||||
dict_users = {user.id: user.to_dict(backrefs=True, relationships=False)
|
||||
for user in User.query.all()}
|
||||
@ -26,16 +33,12 @@ def users():
|
||||
|
||||
|
||||
@bp.route('/users/<hashid:user_id>')
|
||||
@login_required
|
||||
@admin_required
|
||||
def user(user_id):
|
||||
user = User.query.get_or_404(user_id)
|
||||
return render_template('admin/user.html.j2', title='User', user=user)
|
||||
|
||||
|
||||
@bp.route('/users/<hashid:user_id>/delete')
|
||||
@login_required
|
||||
@admin_required
|
||||
def delete_user(user_id):
|
||||
settings_tasks.delete_user(user_id)
|
||||
flash('User has been marked for deletion!')
|
||||
@ -43,8 +46,6 @@ def delete_user(user_id):
|
||||
|
||||
|
||||
@bp.route('/users/<hashid:user_id>/edit', methods=['GET', 'POST']) # noqa
|
||||
@login_required
|
||||
@admin_required
|
||||
def edit_user(user_id):
|
||||
user = User.query.get_or_404(user_id)
|
||||
form = EditGeneralSettingsAdminForm(user)
|
||||
@ -62,5 +63,5 @@ def edit_user(user_id):
|
||||
form.email.data = user.email
|
||||
form.role.data = user.role_id
|
||||
form.username.data = user.username
|
||||
return render_template('admin/edit_user.html.j2', form=form,
|
||||
title='Edit user', user=user)
|
||||
return render_template(
|
||||
'admin/edit_user.html.j2', form=form, title='Edit user', user=user)
|
||||
|
Loading…
Reference in New Issue
Block a user