def check_for_admin(*args, **kw):
if request.path.startswith('/admin/'):
if current_user.is_authenticated():
if not current_user.is_admin():
return redirect(url_for('main.login'))
else:
return redirect(url_for('main.login'))
def add_comment():
ticket = Ticket.query.get(int(request.form['ticket_id']))
if ticket is not None and (ticket.assigned_to == current_user
or current_user.is_admin() == True):
ticket.add_log(message_content=request.form['log_message'])
return redirect(url_for('my_tickets', ticket_id=ticket.id))
else:
return redirect(url_for('my_tickets'))
def manage_user(user_id=None):
'''
Manage user accounts. If routed as /user, gives access only to logged in
user, else if routed as /user/<user_id>, allows administrative level access
if the looged in user is in the admin group.
'''
if user_id:
# admin access_mode
if current_user.is_admin():
user = get_user_or_error(user_id)
return humanify(user.handle(request))
else:
current_app.logger.debug(
'Non-admin user {} tried to access user id {}'.format(
current_user.email, user_id))
abort(403)
else:
# Deny POSTing to logged in non-admin users to avoid confusion with PUT
if request.method == 'POST':
abort(400, 'POST method is not supported for logged in users.')
return humanify(current_user.handle(request))
def index(self):
if current_user.is_admin():
return self.render(self._template)
else:
abort(404)
def is_accessible(self):
"""Returns ``True`` if `current_user` has access to admin views.
This method checks whether `current_user` has the ``'admin'``
role.
"""
return current_user.is_admin()
def index(self):
print("AdminIndexView have auth: ", current_user.is_admin())
if current_user.is_admin():
return self.render(self._template)
else:
abort(404)
