From e356be77dabc3e84437f89a47fbb60457d6a4ba3 Mon Sep 17 00:00:00 2001 From: Patrick Jentsch Date: Mon, 13 Dec 2021 12:20:32 +0100 Subject: [PATCH] Implement authentication with before_request in admin package --- app/admin/routes.py | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/app/admin/routes.py b/app/admin/routes.py index 902f8207..7979243d 100644 --- a/app/admin/routes.py +++ b/app/admin/routes.py @@ -8,16 +8,23 @@ from ..models import Role, User from ..settings import tasks as settings_tasks -@bp.route('/') +@bp.before_request @login_required @admin_required +def before_request(): + ''' + Ensures that the routes in this package can be visited only by users with + administrator privileges (login_required and admin_required). + ''' + pass + + +@bp.route('/') def index(): return redirect(url_for('.users')) @bp.route('/users') -@login_required -@admin_required def users(): dict_users = {user.id: user.to_dict(backrefs=True, relationships=False) for user in User.query.all()} @@ -26,16 +33,12 @@ def users(): @bp.route('/users/') -@login_required -@admin_required def user(user_id): user = User.query.get_or_404(user_id) return render_template('admin/user.html.j2', title='User', user=user) @bp.route('/users//delete') -@login_required -@admin_required def delete_user(user_id): settings_tasks.delete_user(user_id) flash('User has been marked for deletion!') @@ -43,8 +46,6 @@ def delete_user(user_id): @bp.route('/users//edit', methods=['GET', 'POST']) # noqa -@login_required -@admin_required def edit_user(user_id): user = User.query.get_or_404(user_id) form = EditGeneralSettingsAdminForm(user) @@ -62,5 +63,5 @@ def edit_user(user_id): form.email.data = user.email form.role.data = user.role_id form.username.data = user.username - return render_template('admin/edit_user.html.j2', form=form, - title='Edit user', user=user) + return render_template( + 'admin/edit_user.html.j2', form=form, title='Edit user', user=user)