adds admin page
admin users must have role admin (which must currently be set manually via database)
This commit is contained in:
parent
9eb7ec7c8a
commit
01798e9548
43
app/main.py
43
app/main.py
@ -5,7 +5,8 @@ from flask import request, redirect, g
|
||||
from flask import url_for
|
||||
from flask_sqlalchemy import SQLAlchemy
|
||||
from flask.ext.security import Security, SQLAlchemyUserDatastore, \
|
||||
UserMixin, RoleMixin, login_required, utils
|
||||
UserMixin, RoleMixin, login_required, roles_required, utils
|
||||
from flask.ext.security import user_registered
|
||||
from flask.ext.mail import Mail, Message
|
||||
from flask_wtf import Form
|
||||
from wtforms import DateField, IntegerField, DecimalField
|
||||
@ -17,11 +18,8 @@ DATABASE = '/data/rollerverbrauch.db'
|
||||
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///'+DATABASE
|
||||
db = SQLAlchemy(app)
|
||||
|
||||
app.config['SECRET_KEY'] = 'development key'
|
||||
app.config['SECURITY_PASSWORD_HASH'] = 'pbkdf2_sha512'
|
||||
app.config['SECURITY_PASSWORD_SALT'] = 'xxxxxxxxxxxxxxxxxxxxxx'
|
||||
app.config['SECURITY_REGISTERABLE'] = True
|
||||
app.config['SECURITY_EMAIL_SENDER'] = 'pitstops@lusiardi.de'
|
||||
app.config.from_envvar('config')
|
||||
app.config.from_object(__name__)
|
||||
|
||||
@ -57,7 +55,7 @@ class User(db.Model, UserMixin):
|
||||
)
|
||||
|
||||
def __repr__(self):
|
||||
return '<User %r>' % self.username
|
||||
return '<User %r>' % self.email
|
||||
|
||||
|
||||
class Pitstop(db.Model):
|
||||
@ -79,26 +77,21 @@ user_datastore = SQLAlchemyUserDatastore(db, User, Role)
|
||||
security = Security(app, user_datastore)
|
||||
|
||||
|
||||
|
||||
@user_registered.connect_via(app)
|
||||
def user_registered_sighandler(app, user, confirm_token):
|
||||
"""
|
||||
Called after a user was created
|
||||
"""
|
||||
role = user_datastore.find_role('user')
|
||||
user_datastore.add_role_to_user(user, role)
|
||||
|
||||
|
||||
@app.before_first_request
|
||||
def before_first_request():
|
||||
db.create_all()
|
||||
|
||||
user_datastore.find_or_create_role(name='admin', description='Administrator')
|
||||
user_datastore.find_or_create_role(name='end-user', description='End user')
|
||||
|
||||
encrypted_password = utils.encrypt_password('password')
|
||||
if not user_datastore.get_user('someone@example.com'):
|
||||
user_datastore.create_user(email='someone@example.com', password=encrypted_password)
|
||||
if not user_datastore.get_user('admin@example.com'):
|
||||
user_datastore.create_user(email='admin@example.com', password=encrypted_password)
|
||||
|
||||
# Commit any database changes; the User and Roles must exist before we can add a Role to the User
|
||||
db.session.commit()
|
||||
|
||||
# Give one User has the "end-user" role, while the other has the "admin" role. (This will have no effect if the
|
||||
# Users already have these Roles.) Again, commit any database changes.
|
||||
user_datastore.add_role_to_user('someone@example.com', 'end-user')
|
||||
user_datastore.add_role_to_user('admin@example.com', 'admin')
|
||||
user_datastore.find_or_create_role(name='admin', description='Role for administrators')
|
||||
user_datastore.find_or_create_role(name='user', description='Role for all users.')
|
||||
db.session.commit()
|
||||
|
||||
|
||||
@ -175,6 +168,12 @@ def get_manual():
|
||||
return render_template('manual.html', data=g.data)
|
||||
|
||||
|
||||
@app.route('/admin', methods=['GET'])
|
||||
@roles_required('admin')
|
||||
def get_admin_page():
|
||||
return render_template('admin.html', data=g.data)
|
||||
|
||||
|
||||
@app.route('/statistics', methods=['GET'])
|
||||
@login_required
|
||||
def get_statistics():
|
||||
|
5
app/templates/admin.html
Normal file
5
app/templates/admin.html
Normal file
@ -0,0 +1,5 @@
|
||||
{% extends "layout.html" %}
|
||||
|
||||
{% block body %}
|
||||
Admin
|
||||
{% endblock %}
|
@ -2,7 +2,9 @@
|
||||
{% if current_user.email %}
|
||||
<li><a href='{{ url_for('create_pit_stop_form') }}'>Create Pitstop</a></li>
|
||||
<li><a href='{{ url_for('get_statistics') }}'>Statistics</a></li>
|
||||
<li><a href='{{ url_for('get_manual') }}'>Manual</a></li>
|
||||
{% if current_user.has_role('admin') %}
|
||||
<li><a href='{{ url_for('get_admin_page') }}'>Admin</a></li>
|
||||
{% endif %}
|
||||
<li><a href='{{ url_for('security.logout') }}'>Logout</a></li>
|
||||
{% else %}
|
||||
<li><a href='{{ url_for('security.login') }}'>Login</a></li>
|
||||
|
Loading…
Reference in New Issue
Block a user