Implement authentication with before_request in admin package

app/admin/routes.py

@@ -8,16 +8,23 @@ from ..models import Role, User
 from ..settings import tasks as settings_tasks
 
 
-@bp.route('/')
+@bp.before_request
 @login_required
 @admin_required
+def before_request():
+    '''
+    Ensures that the routes in this package can be visited only by users with
+    administrator privileges (login_required and admin_required).
+    '''
+    pass
+
+
+@bp.route('/')
 def index():
     return redirect(url_for('.users'))
 
 
 @bp.route('/users')
-@login_required
-@admin_required
 def users():
     dict_users = {user.id: user.to_dict(backrefs=True, relationships=False)
                   for user in User.query.all()}
@@ -26,16 +33,12 @@ def users():
 
 
 @bp.route('/users/<hashid:user_id>')
-@login_required
-@admin_required
 def user(user_id):
     user = User.query.get_or_404(user_id)
     return render_template('admin/user.html.j2', title='User', user=user)
 
 
 @bp.route('/users/<hashid:user_id>/delete')
-@login_required
-@admin_required
 def delete_user(user_id):
     settings_tasks.delete_user(user_id)
     flash('User has been marked for deletion!')
@@ -43,8 +46,6 @@ def delete_user(user_id):
 
 
 @bp.route('/users/<hashid:user_id>/edit', methods=['GET', 'POST'])  # noqa
-@login_required
-@admin_required
 def edit_user(user_id):
     user = User.query.get_or_404(user_id)
     form = EditGeneralSettingsAdminForm(user)
@@ -62,5 +63,5 @@ def edit_user(user_id):
     form.email.data = user.email
     form.role.data = user.role_id
     form.username.data = user.username
-    return render_template('admin/edit_user.html.j2', form=form,
-                           title='Edit user', user=user)
+    return render_template(
+        'admin/edit_user.html.j2', form=form, title='Edit user', user=user)