def show_dash(): """ Metodo que nos servirá para mostrar el dashboard principal una ves se haya iniciado sesión.""" # session.clear() # Si hemos dado al boton cambio de modo user activaremos ese modo, solo cuando seamos Admin if not request.args.get('change_user'): userMode = False else: userMode = request.args.get('change_user') # Entramos si el usuario es un Admin xq en el caso que el usuario tenga todos los roles, # empezara por el que tiene mayor privilegio if current_user.has_roles('Admin') and not userMode: if current_user.ksat: existKSAT_user = True return render_template('manage/dashboard_admin.html', title='Dashboard Admin', exist_KSAT=existKSAT_user) return render_template('manage/dashboard_admin.html', title='Dashboard Admin') # Si es usuario normal entra por aqui elif current_user.has_roles(['User', 'Admin']): existKSAT_user = False if current_user.ksat: existKSAT_user = True change_admin = True if 'task_id' in session: return render_template('general/dashboard.html', title='Dashboard', exist_KSAT=existKSAT_user, change_admin=change_admin) else: courses = True return render_template('general/dashboard.html', title='Dashboard', courses=courses, exist_KSAT=existKSAT_user, change_admin=change_admin) if not 'task_id' in session: change_admin = True courses = True return render_template('general/dashboard.html', title='Dashboard', courses=courses, change_admin=change_admin) else: change_admin = True return render_template('general/dashboard.html', title='Dashboard', change_admin=change_admin) change_admin = True return render_template('general/dashboard.html', title='Dashboard', change_admin=change_admin)
def is_accessible(self): if not current_user.is_authenticated: return False if current_user.has_roles("editor"): self.can_delete = True self.can_create = True self.can_edit = True elif current_user.has_roles("student"): self.can_delete = False self.can_create = False self.can_edit = False return True
def upload_images(): if not hasattr(current_user, "has_roles") or not current_user.has_roles("editor"): return redirect(url_for('index')) # pass # print(request.files) # print(request.form) result = [] if request.method == "POST": files = request.files.getlist("file") for file in files: # print(os.path.join(app.config['UPLOAD_FOLDER'], file.filename)) image = GImages(image_name=file.filename) db.session.add(image) db.session.flush() db.session.refresh(image) image.image_file = f"{image.id}.{file.filename.split('.')[-1]}" db.session.flush() db.session.refresh(image) file.save(os.path.join(GALLERY_PATH, image.image_file)) # print(os.path.join(GALLERY_PATH, image.image_file)) result.append((image.id, image.image_file, image.image_name)) db.session.commit() result = pd.DataFrame(result, columns=["id", "file", "name"]) return render_template("upload_images.html", result=result.to_html(), df_len=result.shape[0])
def rsvp(): if current_user.has_roles("admin"): return abort(404) party_id = current_user.party_id db_state = RSVPState.init_from_party_id(party_id, db.session) form = db_state.build_form(request=request) if form.validate_on_submit(): before_rsvp = db_state.to_frozen() db_state.update_db_with_form_data(form, db.session) # Re-fetch state from the DB to make sure the data isn't stale new_db_state = RSVPState.init_from_party_id(party_id, db.session) RSVPChange.insert(party_id, before_rsvp, new_db_state.to_frozen(), db.session) if not new_db_state.party.is_attending: return render_template("rsvp_declined.html.jinja2") else: return render_template("rsvp_accepted.html.jinja2", booking=new_db_state.booking) return render_template("rsvp.html.jinja2", booking=db_state.booking, guests=db_state.guests, form=form, attending=db_state.attending)
def block_handling(): """ Log out a user that's blocked and send them to the index page. """ if not current_user.is_anonymous and current_user.has_roles('blocked'): flash("There was a problem with your login.", 'error') current_app.logger.warn("Logged out blocked user %s", current_user.id) return redirect(url_for('auth.logout'))
def index(): """ Home path for the site :return: """ if not current_user.is_anonymous and current_user.has_roles("Admin"): results = db.session.query(User.name, DeviceQueue.webUrl).join( User.deviceQueueEntry).filter_by(state='in-use').all() show_streams = False else: results = db.session.query(User.name, DeviceQueue.roUrl).join( User.deviceQueueEntry).filter_by(state='in-use').all() show_streams = True if not current_user.is_anonymous: devices = get_devices()['result'] else: devices = [] from .queue import list_queues return render_template('index.html', devices=devices, queues=list_queues()['result'], terminals=results, show_streams=show_streams)
def decorator(*args, **kwargs): # User must have the required roles if not user.has_roles(*role_names): # Redirect to the unauthorized page return app.login_manager.unauthorized() # It's OK to call the view return view_function(*args, **kwargs)
def index(): if current_user.is_authenticated: if current_user.has_roles('Admin'): return redirect(url_for('main.da_list')) else: return redirect(url_for('main.agent_view')) else: return redirect(url_for('auth.login'))
def decorator(*args, **kwargs): # User must have the required roles if not user.has_roles(*role_names): # Redirect to the unauthorized page return app.login_manager.unauthorized() # It's OK to call the view return view_function(*args, **kwargs)
def decorator(*args, **kwargs): if None in role_names and current_user.is_authenticated: return f(*args, **kwargs) else: return current_app.login_manager.unauthorized() if not current_user.has_roles(*role_names): return current_app.login_manager.unauthorized() return f(*args, **kwargs)
def index(): global check check = 0 if current_user.is_active == 1: if current_user.has_roles('Admin'): return render_template("admin-index.html") else: return render_template("logged-in-index.html") else: return render_template("index.html")
def decorator(*args, **kwargs): if (not current_user.is_authenticated): # Redirect to unauthenticated page return redirect(url_for("admin_route.login")) # User must have the required roles if (not current_user.has_roles(*role_names)): # Redirect to the unauthorized page return redirect(url_for("main.home")) # It's OK to call the view return view_function(*args, **kwargs)
def decorated_view(*args, **kwargs): # User must be logged if not _call_or_get(current_user.is_authenticated): # Redirect to the unauthenticated page return current_app.user_manager.unauthenticated_view_function() # User must have the required roles if not current_user.has_roles(*role_names): # Redirect to the unauthorized page return current_app.user_manager.unauthorized_view_function() # Call the actual view return func(*args, **kwargs)
def decorated_view(*args, **kwargs): # User must be logged if not is_authenticated(): # Redirect to the unauthenticated page return current_app.user_manager.unauthenticated_view_function() # User must have the required roles if not current_user.has_roles(*role_names): # Redirect to the unauthorized page return current_app.user_manager.unauthorized_view_function() # Call the actual view return func(*args, **kwargs)
def login(): """ """ if current_user.is_authenticated: return redirect(url_for('home')) form = LoginForm() # Validate Login if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() # Login and validate the user. if user is not None and user.password is not None \ and user.verify_password(form.password.data): login_user(user, remember=False) current_user.authenticated = True current_user.logged_in = True session['user_id'] = current_user.id # Tell Flask-Principal the identity changed identity_changed.send(current_app._get_current_object(), identity=Identity(user.id)) # update the database db.session.add(current_user) db.session.commit() flash('Logged in successfully.') # if user is a user direct to userdashboard if current_user.has_roles("user"): return redirect(url_for('user_dashboard', user=current_user)) # if user is a driver direct to driver dashboard if current_user.has_roles("driver"): return redirect( url_for('driver_dashboard', driver=current_user)) else: flash('Invalid username or passowrd') return redirect(url_for('login')) return render_template('login.html', title='Sign In', form=form)
def decorator(*args, **kwargs): login_manager = current_app.login_manager # Must be logged in if not current_user.is_authenticated: # Redirect to unauthenticated page (401) return login_manager.unauthorized() # User must have the required roles if not current_user.has_roles(*role_names): # Redirect to the unauthorized page (403) return abort(403) # It's OK to call the view return view_function(*args, **kwargs)
def validate(self, user_id, admin_id): user_manager = current_app.user_manager rv = UserProfileForm.validate(self) if not rv: return False user, user_email = user_manager.find_user_by_email(self.email.data) if user is not None and user.id != user_id: self.email.errors.append(word('That e-mail address is already taken.')) return False if current_user.id == user_id and current_user.has_roles('admin'): if admin_id not in self.role_id.data: self.role_id.errors.append(word('You cannot take away your own admin privilege.')) return False self.active.data = True return True
def decorator(*args, **kwargs): user_manager = current_app.user_manager # User must be logged in with a confirmed email address allowed = _is_logged_in_with_confirmed_email(user_manager) if not allowed: # Redirect to unauthenticated page return user_manager.unauthenticated_view() # User must have the required roles if not current_user.has_roles(*role_names): # Redirect to the unauthorized page return user_manager.unauthorized_view() # It's OK to call the view return view_function(*args, **kwargs)
def decorator(*args, **kwargs): user_manager = current_app.user_manager # User must be logged in with a confirmed email address allowed = _is_logged_in_with_confirmed_email(user_manager) if not allowed: # Redirect to unauthenticated page return user_manager.unauthenticated_view() # User must have the required roles if not current_user.has_roles(*role_names): # Redirect to the unauthorized page return user_manager.unauthorized_view() # It's OK to call the view return view_function(*args, **kwargs)
def decorator(*args, **kwargs): auth = current_app.auth # User must be logged in with a confirmed account allowed = False # User must be logged in if current_user.is_authenticated: # User must be verified (if required) if auth.AUTH_ENABLE_CONFIRM_ACCOUNT and current_user.verified: allowed = True # User can be not verified (if allowed) elif not auth.AUTH_ENABLE_CONFIRM_ACCOUNT: allowed = True if not allowed: # Redirect to unauthenticated page return auth.unauthenticated() # User must have the required roles if not current_user.has_roles(*role_names): # Redirect to the unauthorized page return auth.unauthorized() # It's OK to call the view return view_function(*args, **kwargs)
def decorated_view(*args, **kwargs): if current_user.is_active() is False: flash('SVP confirmez votre compte!', 'warning') return redirect(url_for('user_param.unconfirmed')) if not current_user.is_authenticated() or not session.get( 'user_id'): flash('Connectez-vous SVP.', 'danger') return redirect(url_for('user.logout')) if not current_user.is_authenticated() and session.get('user_id'): flash('Connectez-vous SVP.', 'danger') return redirect(url_for('user.logout')) # User must have the required roles if not current_user.has_roles(required_roles, required_droits): # Redirect to the unauthorized page return redirect(url_for('server_Unauthorized')) # Call the actual view return func(*args, **kwargs)
def wrapped(*args, **kwargs): if current_user.has_roles(*roles): return f(*args, **kwargs) abort(401)
def is_admin(): return current_user.has_roles("admin")
def new_rider(carpool_uuid): carpool = Carpool.uuid_or_404(carpool_uuid) if carpool.canceled: flash("This carpool has been canceled and can no longer be edited.", 'error') return redirect(url_for('carpool.details', uuid=carpool.uuid)) if current_user.is_driver(carpool): flash("You can't request a ride on a carpool you're driving in", 'error') return redirect(url_for('carpool.details', uuid=carpool.uuid)) if not current_user.gender: flash("Please specify your gender before creating a carpool request") session['next'] = url_for('carpool.new_rider', carpool_uuid=carpool.uuid) return redirect(url_for('auth.profile')) # max 10 rides for non-admin users if not current_user.has_roles('admin'): now = datetime.datetime.now().replace(tzinfo=tz.gettz('UTC')) # ride requests in future, active carpools pending_req = current_user.get_ride_requests_query().\ filter(RideRequest.carpool_id == Carpool.id).\ filter(Carpool.canceled.is_(False)).\ filter(Carpool.leave_time > now) driving = current_user.get_driving_carpools().\ filter(Carpool.canceled.is_(False)).\ filter(Carpool.leave_time > now) if pending_req.count() + driving.count() >= 10: flash(''' Sorry, you can be in at most ten carpools. Please try again after some of your carpools have finished. ''', 'error') return render_template('carpools/error.html') rider_form = RiderForm() if rider_form.validate_on_submit(): if carpool.seats_available < 1: flash("There isn't enough space for you on " "this ride. Try another one?", 'error') return redirect(url_for('carpool.details', uuid=carpool.uuid)) if current_user.get_ride_request_in_carpool(carpool): flash("You've already requested a seat on " "this ride. Try another one or cancel your " "existing request.", 'error') return redirect(url_for('carpool.details', uuid=carpool.uuid)) rr = RideRequest( carpool_id=carpool.id, person_id=current_user.id, notes=rider_form.notes.data, status='requested', ) db.session.add(rr) db.session.commit() flash("Your ride request has been sent to the driver for approval! " "You'll get an email when you are approved.", 'success') _email_driver_ride_requested(carpool, rr, current_user) return redirect(url_for('carpool.details', uuid=carpool.uuid)) return render_template('carpools/add_rider.html', form=rider_form)
def wrapped(*args, **kwargs): if not current_user.has_roles(*roles): abort(403) return f(*args, **kwargs)
def is_accessible(self): if not current_user.is_authenticated: return False return current_user.has_roles("guest")
def is_accessible(self): return current_user.has_roles('Admin')
def is_visible(self): return current_user.is_authenticated and current_user.has_roles("Admin", "Developer")
def is_accessible(self): return current_user.is_authenticated and current_user.has_roles( "Admin")
def decorated_view(*args, **kwargs): if current_user.is_authenticated: if current_user.has_roles(roles): return func(*args, **kwargs) return abort(401)
def decorator(*args, **kwargs): # User must have the required roles if not current_user.has_roles(*role_names): abort(403) return view_function(*args, **kwargs)
def is_accessible(self): access = current_user.is_authenticated and current_user.has_roles( [self.role]) return access