Added admin view stuffs

2020-11-29 01:57:07 +01:00
parent d28cc70519
commit 116ef34a9a
5 changed files with 72 additions and 5 deletions
--- a/src/utils/init.py
+++ b/src/utils/init.py
@@ -1,5 +1,5 @@
 from .healthchecks import health_database_status
-from .security import security, init_security_real_good
+from .security import security, user_datastore, init_security_real_good, AuthenticatedModelView, AuthenticatedAdminIndexView
 from .config import Config
 from .storage import storage
 from .md5stuffs import calculate_md5_sum_for_file, write_file_from_stream_to_file_like_while_calculating_md5
--- a/src/utils/config.py
+++ b/src/utils/config.py
@@ -38,6 +38,11 @@ class Config:
    MINIO_SECRET_KEY = os.environ["MINIO_SECRET_KEY"]
    MINIO_SECURE = os.environ.get("MINIO_SECURE", "true").upper() == 'TRUE'

+    # Admin stuff
+    DEFAULT_ADMIN_USER = os.environ.get("DEFAULT_ADMIN_USER")
+    DEFAULT_ADMIN_PASSWORD = os.environ.get("DEFAULT_ADMIN_PASSWORD")
+    DEFAULT_ADMIN_EMAIL = os.environ.get("DEFAULT_ADMIN_EMAIL")
+
    # Some constant configured stuff configs
    SQLALCHEMY_TRACK_MODIFICATIONS = False
    SECURITY_REGISTERABLE = True
--- a/src/utils/security.py
+++ b/src/utils/security.py
@@ -1,9 +1,12 @@
 #!/usr/bin/env python3
-
-from flask_security import Security, SQLAlchemyUserDatastore
+from flask import abort
+from flask_security import Security, SQLAlchemyUserDatastore, current_user
 from flask_security.forms import RegisterForm, Required
 from wtforms import StringField

+from flask_admin.contrib.sqla import ModelView
+from flask_admin import AdminIndexView
+
 from models import db, User, Role

 """
@@ -26,3 +29,29 @@ security = Security()  # Will be initiated at init_app

 def init_security_real_good(app):
    security.init_app(app, datastore=user_datastore, register_form=ExtendedRegisterForm)
+
+
+class AuthenticatedModelView(ModelView):
+    def is_accessible(self):
+        return (
+                current_user.is_active and
+                current_user.is_authenticated and
+                current_user.has_role('administrator')
+        )
+
+    def _handle_view(self, name):
+        if not self.is_accessible():
+            abort(401)
+
+
+class AuthenticatedAdminIndexView(AdminIndexView):
+    def is_accessible(self):
+        return (
+                current_user.is_active and
+                current_user.is_authenticated and
+                current_user.has_role('administrator')
+        )
+
+    def _handle_view(self, name):
+        if not self.is_accessible():
+            abort(401)