mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2024-12-25 02:44:18 +00:00
Implement authentication with before_request in admin package
This commit is contained in:
parent
82543d883f
commit
e356be77da
@ -8,16 +8,23 @@ from ..models import Role, User
|
|||||||
from ..settings import tasks as settings_tasks
|
from ..settings import tasks as settings_tasks
|
||||||
|
|
||||||
|
|
||||||
@bp.route('/')
|
@bp.before_request
|
||||||
@login_required
|
@login_required
|
||||||
@admin_required
|
@admin_required
|
||||||
|
def before_request():
|
||||||
|
'''
|
||||||
|
Ensures that the routes in this package can be visited only by users with
|
||||||
|
administrator privileges (login_required and admin_required).
|
||||||
|
'''
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
@bp.route('/')
|
||||||
def index():
|
def index():
|
||||||
return redirect(url_for('.users'))
|
return redirect(url_for('.users'))
|
||||||
|
|
||||||
|
|
||||||
@bp.route('/users')
|
@bp.route('/users')
|
||||||
@login_required
|
|
||||||
@admin_required
|
|
||||||
def users():
|
def users():
|
||||||
dict_users = {user.id: user.to_dict(backrefs=True, relationships=False)
|
dict_users = {user.id: user.to_dict(backrefs=True, relationships=False)
|
||||||
for user in User.query.all()}
|
for user in User.query.all()}
|
||||||
@ -26,16 +33,12 @@ def users():
|
|||||||
|
|
||||||
|
|
||||||
@bp.route('/users/<hashid:user_id>')
|
@bp.route('/users/<hashid:user_id>')
|
||||||
@login_required
|
|
||||||
@admin_required
|
|
||||||
def user(user_id):
|
def user(user_id):
|
||||||
user = User.query.get_or_404(user_id)
|
user = User.query.get_or_404(user_id)
|
||||||
return render_template('admin/user.html.j2', title='User', user=user)
|
return render_template('admin/user.html.j2', title='User', user=user)
|
||||||
|
|
||||||
|
|
||||||
@bp.route('/users/<hashid:user_id>/delete')
|
@bp.route('/users/<hashid:user_id>/delete')
|
||||||
@login_required
|
|
||||||
@admin_required
|
|
||||||
def delete_user(user_id):
|
def delete_user(user_id):
|
||||||
settings_tasks.delete_user(user_id)
|
settings_tasks.delete_user(user_id)
|
||||||
flash('User has been marked for deletion!')
|
flash('User has been marked for deletion!')
|
||||||
@ -43,8 +46,6 @@ def delete_user(user_id):
|
|||||||
|
|
||||||
|
|
||||||
@bp.route('/users/<hashid:user_id>/edit', methods=['GET', 'POST']) # noqa
|
@bp.route('/users/<hashid:user_id>/edit', methods=['GET', 'POST']) # noqa
|
||||||
@login_required
|
|
||||||
@admin_required
|
|
||||||
def edit_user(user_id):
|
def edit_user(user_id):
|
||||||
user = User.query.get_or_404(user_id)
|
user = User.query.get_or_404(user_id)
|
||||||
form = EditGeneralSettingsAdminForm(user)
|
form = EditGeneralSettingsAdminForm(user)
|
||||||
@ -62,5 +63,5 @@ def edit_user(user_id):
|
|||||||
form.email.data = user.email
|
form.email.data = user.email
|
||||||
form.role.data = user.role_id
|
form.role.data = user.role_id
|
||||||
form.username.data = user.username
|
form.username.data = user.username
|
||||||
return render_template('admin/edit_user.html.j2', form=form,
|
return render_template(
|
||||||
title='Edit user', user=user)
|
'admin/edit_user.html.j2', form=form, title='Edit user', user=user)
|
||||||
|
Loading…
Reference in New Issue
Block a user