From 01798e95480e4fd348442cd51057c256d48aa9e8 Mon Sep 17 00:00:00 2001
From: Joachim Lusiardi <joachim@lusiardi.de>
Date: Tue, 19 Apr 2016 22:41:40 +0200
Subject: [PATCH] adds admin page

admin users must have role admin (which must currently be set
manually via database)
---
 app/main.py               | 43 +++++++++++++++++++--------------------
 app/templates/admin.html  |  5 +++++
 app/templates/layout.html |  4 +++-
 3 files changed, 29 insertions(+), 23 deletions(-)
 create mode 100644 app/templates/admin.html

diff --git a/app/main.py b/app/main.py
index dd18609..2b910e1 100644
--- a/app/main.py
+++ b/app/main.py
@@ -5,7 +5,8 @@ from flask import request, redirect, g
 from flask import url_for
 from flask_sqlalchemy import SQLAlchemy
 from flask.ext.security import Security, SQLAlchemyUserDatastore, \
-    UserMixin, RoleMixin, login_required, utils
+    UserMixin, RoleMixin, login_required, roles_required, utils
+from flask.ext.security import user_registered
 from flask.ext.mail import Mail, Message
 from flask_wtf import Form
 from wtforms import DateField, IntegerField, DecimalField
@@ -17,11 +18,8 @@ DATABASE = '/data/rollerverbrauch.db'
 app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///'+DATABASE
 db = SQLAlchemy(app)
 
-app.config['SECRET_KEY'] = 'development key'
 app.config['SECURITY_PASSWORD_HASH'] = 'pbkdf2_sha512'
-app.config['SECURITY_PASSWORD_SALT'] = 'xxxxxxxxxxxxxxxxxxxxxx'
 app.config['SECURITY_REGISTERABLE'] = True
-app.config['SECURITY_EMAIL_SENDER'] = 'pitstops@lusiardi.de'
 app.config.from_envvar('config')
 app.config.from_object(__name__)
 
@@ -57,7 +55,7 @@ class User(db.Model, UserMixin):
     )
 
     def __repr__(self):
-        return '<User %r>' % self.username
+        return '<User %r>' % self.email
 
 
 class Pitstop(db.Model):
@@ -79,26 +77,21 @@ user_datastore = SQLAlchemyUserDatastore(db, User, Role)
 security = Security(app, user_datastore)
 
 
+
+@user_registered.connect_via(app)
+def user_registered_sighandler(app, user, confirm_token):
+    """
+    Called after a user was created
+    """
+    role = user_datastore.find_role('user')
+    user_datastore.add_role_to_user(user, role)
+
+
 @app.before_first_request
 def before_first_request():
     db.create_all()
-
-    user_datastore.find_or_create_role(name='admin', description='Administrator')
-    user_datastore.find_or_create_role(name='end-user', description='End user')
-
-    encrypted_password = utils.encrypt_password('password')
-    if not user_datastore.get_user('someone@example.com'):
-        user_datastore.create_user(email='someone@example.com', password=encrypted_password)
-    if not user_datastore.get_user('admin@example.com'):
-        user_datastore.create_user(email='admin@example.com', password=encrypted_password)
-
-    # Commit any database changes; the User and Roles must exist before we can add a Role to the User
-    db.session.commit()
-
-    # Give one User has the "end-user" role, while the other has the "admin" role. (This will have no effect if the
-    # Users already have these Roles.) Again, commit any database changes.
-    user_datastore.add_role_to_user('someone@example.com', 'end-user')
-    user_datastore.add_role_to_user('admin@example.com', 'admin')
+    user_datastore.find_or_create_role(name='admin', description='Role for administrators')
+    user_datastore.find_or_create_role(name='user', description='Role for all users.')
     db.session.commit()
 
 
@@ -175,6 +168,12 @@ def get_manual():
     return render_template('manual.html', data=g.data)
 
 
+@app.route('/admin', methods=['GET'])
+@roles_required('admin')
+def get_admin_page():
+    return render_template('admin.html', data=g.data)
+
+
 @app.route('/statistics', methods=['GET'])
 @login_required
 def get_statistics():
diff --git a/app/templates/admin.html b/app/templates/admin.html
new file mode 100644
index 0000000..8a93582
--- /dev/null
+++ b/app/templates/admin.html
@@ -0,0 +1,5 @@
+{% extends "layout.html" %}
+
+{% block body %}
+			Admin
+{% endblock %}
diff --git a/app/templates/layout.html b/app/templates/layout.html
index d0ea304..83a8141 100644
--- a/app/templates/layout.html
+++ b/app/templates/layout.html
@@ -2,7 +2,9 @@
 	{% if current_user.email %}
 		<li><a href='{{ url_for('create_pit_stop_form') }}'>Create Pitstop</a></li>
 		<li><a href='{{ url_for('get_statistics') }}'>Statistics</a></li>
-		<li><a href='{{ url_for('get_manual') }}'>Manual</a></li>
+		{% if current_user.has_role('admin') %}
+			<li><a href='{{ url_for('get_admin_page') }}'>Admin</a></li>
+		{% endif %}
 		<li><a href='{{ url_for('security.logout') }}'>Logout</a></li>
 	{% else %}
 		<li><a href='{{ url_for('security.login') }}'>Login</a></li>