Beispiel #1
0
def check_for_admin(*args, **kw):
    if request.path.startswith('/admin/'):
        if current_user.is_authenticated():
            if not current_user.is_admin():
                return redirect(url_for('main.login'))
        else:
            return redirect(url_for('main.login'))    
Beispiel #2
0
def add_comment():
    ticket = Ticket.query.get(int(request.form['ticket_id']))
    if ticket is not None and (ticket.assigned_to == current_user
                               or current_user.is_admin() == True):
        ticket.add_log(message_content=request.form['log_message'])
        return redirect(url_for('my_tickets', ticket_id=ticket.id))
    else:
        return redirect(url_for('my_tickets'))
Beispiel #3
0
def manage_user(user_id=None):
    '''
    Manage user accounts. If routed as /user, gives access only to logged in
    user, else if routed as /user/<user_id>, allows administrative level access
    if the looged in user is in the admin group.
    '''
    if user_id:
        # admin access_mode
        if current_user.is_admin():
            user = get_user_or_error(user_id)
            return humanify(user.handle(request))
        else:
            current_app.logger.debug(
                'Non-admin user {} tried to access user id {}'.format(
                    current_user.email, user_id))
            abort(403)
    else:
        # Deny POSTing to logged in non-admin users to avoid confusion with PUT
        if request.method == 'POST':
            abort(400, 'POST method is not supported for logged in users.')
        return humanify(current_user.handle(request))
Beispiel #4
0
 def index(self):
     if current_user.is_admin():
         return self.render(self._template)
     else:
         abort(404)
Beispiel #5
0
 def is_accessible(self):
     """Returns ``True`` if `current_user` has access to admin views.
     This method checks whether `current_user` has the ``'admin'``
     role.
     """
     return current_user.is_admin()
Beispiel #6
0
 def index(self):
     print("AdminIndexView have auth: ", current_user.is_admin())
     if current_user.is_admin():
         return self.render(self._template)
     else:
         abort(404)