db = SQLAlchemy(app) # login manager lm = LoginManager() lm.init_app(app) lm.login_view = 'login' principals = Principal(app, skip_static=True) #Needs be_admin = RoleNeed('admin') be_user = RoleNeed('user') #Permissions admin_permission = Permission(be_admin) admin_permission.description = "Admin's permissions" user_perrmission = Permission(be_user) user_perrmission.description = "User's permissions" apps_needs = [be_admin, be_user] apps_permissions = [admin_permission, user_perrmission] # mail app.config.update( DEBUG=False, #EMAIL SETTINGS MAIL_SERVER='smtp.gmail.com', MAIL_PORT=465, MAIL_USE_SSL=True, MAIL_USERNAME = '******', MAIL_PASSWORD = '******')
db = SQLAlchemy(app) # login manager lm = LoginManager() lm.init_app(app) lm.login_view = 'login' principals = Principal(app, skip_static=True) #Needs be_admin = RoleNeed('admin') be_user = RoleNeed('user') #Permissions admin_permission = Permission(be_admin) admin_permission.description = "Admin's permissions" user_perrmission = Permission(be_user) user_perrmission.description = "User's permissions" apps_needs = [be_admin, be_user] apps_permissions = [admin_permission, user_perrmission] # mail app.config.update( DEBUG=False, #EMAIL SETTINGS MAIL_SERVER='smtp.gmail.com', MAIL_PORT=465, MAIL_USE_SSL=True, MAIL_USERNAME='******', MAIL_PASSWORD='******')
Principal, RoleNeed) app = Flask(__name__) app.config.update(DEBUG=True, SECRET_KEY='secret_xxx') principals = Principal(app, skip_static=True) # Needs be_admin = RoleNeed('admin') be_editor = RoleNeed('editor') to_sign_in = ActionNeed('sign in') # Permissions user = Permission(to_sign_in) user.description = "User's permissions" editor = Permission(be_editor) editor.description = "Editor's permissions" admin = Permission(be_admin) admin.description = "Admin's permissions" apps_needs = [be_admin, be_editor, to_sign_in] apps_permissions = [user, editor, admin] def authenticate(email, password): if password == email + "user": return "the_only_user" elif password == email + "admin": return "the_only_admin" elif password == email + "editor":
from app import app from flask import g from flask_login import current_user from flask_principal import identity_loaded, Permission from flask_principal import RoleNeed, UserNeed # Create a permission with a single Need, in this case a RoleNeed. be_admin = RoleNeed('admin') admin_permission = Permission(be_admin) admin_permission.description = "Admin's permissions" be_manager = RoleNeed('manager') manager_permission = Permission(be_manager) manager_permission.description = "Manager's permissions" # apps_needs = [be_admin] # apps_permissions = [admin_permission] # def current_privileges(): # return (('{method} : {value}').format(method=n.method, value=n.value) # for n in apps_needs if n in g.identity.provides) @identity_loaded.connect_via(app) def on_identity_loaded(sender, identity): # Set the identity user object identity.user = current_user # # Add the UserNeed to the identity # if hasattr(current_user, 'id'): # identity.provides.add(UserNeed(current_user.id))
app.config.update( DEBUG=True, SECRET_KEY='secret_xxx') principals = Principal(app, skip_static=True) # Needs be_admin = RoleNeed('admin') be_editor = RoleNeed('editor') to_sign_in = ActionNeed('sign in') # Permissions user = Permission(to_sign_in) user.description = "User's permissions" editor = Permission(be_editor) editor.description = "Editor's permissions" admin = Permission(be_admin) admin.description = "Admin's permissions" apps_needs = [be_admin, be_editor, to_sign_in] apps_permissions = [user, editor, admin] def authenticate(email, password): if password == email + "user": return "the_only_user" elif password == email + "admin": return "the_only_admin" elif password == email + "editor":
) from urlparse import urlparse, parse_qs from werkzeug import check_password_hash login_manager = LoginManager() principals = Principal() auth = Blueprint('auth', __name__) # Needs be_admin = RoleNeed('admin') be_editor = RoleNeed('editor') to_view = ActionNeed('viewer') # Permissions user = Permission(to_view) user.description = "Viewer permissions" editor = Permission(be_editor) editor.description = "Editor's permissions" admin = Permission(be_admin) admin.description = "Admin's permissions" @login_manager.user_loader def load_user(user_id): "New class." from modules.user.models import User user = User.objects.filter(id=user_id).first() return user @auth.route('/logout/')
from flask_principal import Identity, RoleNeed, Permission, Principal, identity_changed, identity_loaded from create_docx_file import create_docx_from_item tag_list.sort() app = Flask(__name__) app.secret_key = os.urandom(24) csrf = CSRFProtect() csrf.init_app(app) principals = Principal(app, skip_static=True) be_admin = RoleNeed('admin') be_editor = RoleNeed('editor') editor = Permission(be_editor) editor.description = "Editor's permissions" admin = Permission(be_admin) admin.description = "Admin's permissions" apps_needs = [be_admin, be_editor] apps_permissions = [editor, admin] app.config['AWS_DEFAULT_REGION'] = 'eu-west-2' app.config[ 'AWS_COGNITO_DOMAIN'] = 'https://findingsapp.auth.eu-west-2.amazoncognito.com' app.config['AWS_COGNITO_USER_POOL_ID'] = 'eu-west-2_CgBNp3mRF' app.config['AWS_COGNITO_USER_POOL_CLIENT_ID'] = '6asbffr0d7ne202o8c5v9vstoh' app.config[ 'AWS_COGNITO_USER_POOL_CLIENT_SECRET'] = '9drrhmu1jkl4hk1afcc3kqduakbkp7bsodsknegmfqgtaplurkc' app.config['AWS_COGNITO_REDIRECT_URL'] = 'http://localhost:5000/aws_redirect' app.config['JWT_TOKEN_LOCATION'] = ['cookies', 'headers'] app.config['JWT_IDENTITY_CLAIM'] = 'sub'
def load_user(user_id): return User.query.filter_by(username=user_id).first() ''' FLASK_PRINCIPAL SET-UP AREA. Firstly we set up Needs - Admin and User level preferences. ''' # Needs be_admin = RoleNeed('admin') to_sign_in = ActionNeed('sign in') # Permissions user_permission = Permission(to_sign_in) user_permission.description = 'User\'s permissions' admin_permission = Permission(be_admin) admin_permission.description = 'Admin\'s permissions' apps_needs = [be_admin, to_sign_in] apps_permissions = [user_permission, admin_permission] @identity_loaded.connect_via(app) def on_identity_loaded(sender, identity): identity.user = current_user if current_user.is_authenticated: needs = [] needs.append(to_sign_in) if current_user.is_admin == 1 or current_user.is_admin == '1': needs.append(be_admin)
# -*- coding: utf-8 -*- from flask import g from flask_principal import Permission, RoleNeed, ActionNeed, identity_loaded # https://github.com/mickey06/Flask-principal-example/blob/master/FPrincipals.py be_admin = RoleNeed("admin") be_editor = RoleNeed("editor") to_sign_in = ActionNeed("sign in") user_permission = Permission(to_sign_in) user_permission.description = "User Permissions" editor_permission = Permission(be_editor) editor_permission.description = "Editor Permissions" admin_permission = Permission(be_admin) admin_permission.description = "Admin Permissions" apps_needs = [be_admin, be_editor, to_sign_in] apps_permissions = [user_permission, editor_permission, admin_permission] def current_privileges(): return (("{method}: {value}").format(method=n.method, value=n.value) for n in apps_needs if n in g.identity.provides)
from flask_jwt import current_identity, jwt_required from flask_principal import Permission, RoleNeed from werkzeug.urls import url_decode, url_unquote from flask_ppt2 import app, db from flask_ppt2 import forms import flask_ppt2.alchemy_models as alch if os.environ["PPT_ENVIRONMENT"] == "dev": import pydevd # Create a flask_principal permission that requires the user to have # the "Curator" role. Used to protect all methods that change data on # the back end. curator_permission = Permission(RoleNeed("Curator")) curator_permission.description = "User must be a Curator" # Get SQLAlchemy table models. Don't mess with the user table, defined # in the auth module. TABLE_MODELS = [ getattr(alch, t.name.capitalize()) for t in alch.DBmetadata.sorted_tables if t.name not in ["fiscalyears", 'user'] ] @app.route("/app/<path:filename>") def angular_app(filename): """Add a static directory for the angular-ppt companion Javascript application. Relative path to that application is specified in the config module. """