def check_for_admin(*args, **kw): if request.path.startswith('/admin/'): if current_user.is_authenticated(): if not current_user.is_admin(): return redirect(url_for('main.login')) else: return redirect(url_for('main.login'))
def add_comment(): ticket = Ticket.query.get(int(request.form['ticket_id'])) if ticket is not None and (ticket.assigned_to == current_user or current_user.is_admin() == True): ticket.add_log(message_content=request.form['log_message']) return redirect(url_for('my_tickets', ticket_id=ticket.id)) else: return redirect(url_for('my_tickets'))
def manage_user(user_id=None): ''' Manage user accounts. If routed as /user, gives access only to logged in user, else if routed as /user/<user_id>, allows administrative level access if the looged in user is in the admin group. ''' if user_id: # admin access_mode if current_user.is_admin(): user = get_user_or_error(user_id) return humanify(user.handle(request)) else: current_app.logger.debug( 'Non-admin user {} tried to access user id {}'.format( current_user.email, user_id)) abort(403) else: # Deny POSTing to logged in non-admin users to avoid confusion with PUT if request.method == 'POST': abort(400, 'POST method is not supported for logged in users.') return humanify(current_user.handle(request))
def index(self): if current_user.is_admin(): return self.render(self._template) else: abort(404)
def is_accessible(self): """Returns ``True`` if `current_user` has access to admin views. This method checks whether `current_user` has the ``'admin'`` role. """ return current_user.is_admin()
def index(self): print("AdminIndexView have auth: ", current_user.is_admin()) if current_user.is_admin(): return self.render(self._template) else: abort(404)