python - Hide Flask-Admin route -
i'm building flask blog , setting admin interface now. i've read setting security flask-admin. i've managed set security (access restricted logged-in users) models, users can still access '/admin' route has bare home button in it.
my question is: there way hide or protect '/admin' route, unauthenticated user redirected login page/ denied access?
thanks lot!
attaching current admin setup:
from flask_admin import admin flask_login import current_user flask_admin.contrib import sqla wtforms.widgets import textarea wtforms import textareafield samo.models import user, post, tag samo import app,db admin = admin(app, name='admin', template_mode='bootstrap3') class cktextareawidget(textarea): def __call__(self, field, **kwargs): if kwargs.get('class'): kwargs['class'] += ' ckeditor' else: kwargs.setdefault('class', 'ckeditor') return super(cktextareawidget, self).__call__(field, **kwargs) class cktextareafield(textareafield): widget = cktextareawidget() class postadmin(sqla.modelview): form_overrides = dict(content=cktextareafield) create_template = 'blog/ckeditor.html' edit_template = 'blog/ckeditor.html' form_excluded_columns = ('slug') def is_accessible(self): return current_user.is_authenticated admin.add_view(postadmin(post, db.session)) class tagadmin(sqla.modelview): def is_accessible(self): return current_user.is_authenticated admin.add_view(tagadmin(tag, db.session)) class useradmin(sqla.modelview): def is_accessible(self): return current_user.is_authenticated admin.add_view(useradmin(user, db.session))
i use such configuration described websites. use adminindexview. here example of how handle login, logout , redirection in case user not authorized.
class flaskyadminindexview(adminindexview): @expose('/') def index(self): if not login.current_user.is_authenticated: return redirect(url_for('.login')) return super(flaskyadminindexview, self).index() @expose('/login', methods=['get', 'post']) def login(self): form = loginform(request.form) if helpers.validate_form_on_submit(form): user = form.get_user() if user not none , user.verify_password(form.password.data): login.login_user(user) else: flash('invalid username or password.') if login.current_user.is_authenticated: return redirect(url_for('.index')) self._template_args['form'] = form return super(flaskyadminindexview, self).index() @expose('/logout') @login_required def logout(self): login.logout_user() return redirect(url_for('.login')) in __init__.py create admin object this:
admin = admin(index_view=flaskyadminindexview())
Comments
Post a Comment