db = SQLAlchemy(app)
# login manager
lm = LoginManager()
lm.init_app(app)
lm.login_view = 'login'
principals = Principal(app, skip_static=True)
#Needs
be_admin = RoleNeed('admin')
be_user = RoleNeed('user')
#Permissions
admin_permission = Permission(be_admin)
admin_permission.description = "Admin's permissions"
user_perrmission = Permission(be_user)
user_perrmission.description = "User's permissions"
apps_needs = [be_admin, be_user]
apps_permissions = [admin_permission, user_perrmission]
# mail
app.config.update(
DEBUG=False,
#EMAIL SETTINGS
MAIL_SERVER='smtp.gmail.com',
MAIL_PORT=465,
MAIL_USE_SSL=True,
MAIL_USERNAME = '******',
MAIL_PASSWORD = '******')
db = SQLAlchemy(app)
# login manager
lm = LoginManager()
lm.init_app(app)
lm.login_view = 'login'
principals = Principal(app, skip_static=True)
#Needs
be_admin = RoleNeed('admin')
be_user = RoleNeed('user')
#Permissions
admin_permission = Permission(be_admin)
admin_permission.description = "Admin's permissions"
user_perrmission = Permission(be_user)
user_perrmission.description = "User's permissions"
apps_needs = [be_admin, be_user]
apps_permissions = [admin_permission, user_perrmission]
# mail
app.config.update(
DEBUG=False,
#EMAIL SETTINGS
MAIL_SERVER='smtp.gmail.com',
MAIL_PORT=465,
MAIL_USE_SSL=True,
MAIL_USERNAME='******',
MAIL_PASSWORD='******')
Principal, RoleNeed)
app = Flask(__name__)
app.config.update(DEBUG=True, SECRET_KEY='secret_xxx')
principals = Principal(app, skip_static=True)
# Needs
be_admin = RoleNeed('admin')
be_editor = RoleNeed('editor')
to_sign_in = ActionNeed('sign in')
# Permissions
user = Permission(to_sign_in)
user.description = "User's permissions"
editor = Permission(be_editor)
editor.description = "Editor's permissions"
admin = Permission(be_admin)
admin.description = "Admin's permissions"
apps_needs = [be_admin, be_editor, to_sign_in]
apps_permissions = [user, editor, admin]
def authenticate(email, password):
if password == email + "user":
return "the_only_user"
elif password == email + "admin":
return "the_only_admin"
elif password == email + "editor":
from app import app
from flask import g
from flask_login import current_user
from flask_principal import identity_loaded, Permission
from flask_principal import RoleNeed, UserNeed
# Create a permission with a single Need, in this case a RoleNeed.
be_admin = RoleNeed('admin')
admin_permission = Permission(be_admin)
admin_permission.description = "Admin's permissions"
be_manager = RoleNeed('manager')
manager_permission = Permission(be_manager)
manager_permission.description = "Manager's permissions"
# apps_needs = [be_admin]
# apps_permissions = [admin_permission]
# def current_privileges():
# return (('{method} : {value}').format(method=n.method, value=n.value)
# for n in apps_needs if n in g.identity.provides)
@identity_loaded.connect_via(app)
def on_identity_loaded(sender, identity):
# Set the identity user object
identity.user = current_user
# # Add the UserNeed to the identity
# if hasattr(current_user, 'id'):
# identity.provides.add(UserNeed(current_user.id))
app.config.update(
DEBUG=True,
SECRET_KEY='secret_xxx')
principals = Principal(app, skip_static=True)
# Needs
be_admin = RoleNeed('admin')
be_editor = RoleNeed('editor')
to_sign_in = ActionNeed('sign in')
# Permissions
user = Permission(to_sign_in)
user.description = "User's permissions"
editor = Permission(be_editor)
editor.description = "Editor's permissions"
admin = Permission(be_admin)
admin.description = "Admin's permissions"
apps_needs = [be_admin, be_editor, to_sign_in]
apps_permissions = [user, editor, admin]
def authenticate(email, password):
if password == email + "user":
return "the_only_user"
elif password == email + "admin":
return "the_only_admin"
elif password == email + "editor":
)
from urlparse import urlparse, parse_qs
from werkzeug import check_password_hash
login_manager = LoginManager()
principals = Principal()
auth = Blueprint('auth', __name__)
# Needs
be_admin = RoleNeed('admin')
be_editor = RoleNeed('editor')
to_view = ActionNeed('viewer')
# Permissions
user = Permission(to_view)
user.description = "Viewer permissions"
editor = Permission(be_editor)
editor.description = "Editor's permissions"
admin = Permission(be_admin)
admin.description = "Admin's permissions"
@login_manager.user_loader
def load_user(user_id):
"New class."
from modules.user.models import User
user = User.objects.filter(id=user_id).first()
return user
@auth.route('/logout/')
from flask_principal import Identity, RoleNeed, Permission, Principal, identity_changed, identity_loaded
from create_docx_file import create_docx_from_item
tag_list.sort()
app = Flask(__name__)
app.secret_key = os.urandom(24)
csrf = CSRFProtect()
csrf.init_app(app)
principals = Principal(app, skip_static=True)
be_admin = RoleNeed('admin')
be_editor = RoleNeed('editor')
editor = Permission(be_editor)
editor.description = "Editor's permissions"
admin = Permission(be_admin)
admin.description = "Admin's permissions"
apps_needs = [be_admin, be_editor]
apps_permissions = [editor, admin]
app.config['AWS_DEFAULT_REGION'] = 'eu-west-2'
app.config[
'AWS_COGNITO_DOMAIN'] = 'https://findingsapp.auth.eu-west-2.amazoncognito.com'
app.config['AWS_COGNITO_USER_POOL_ID'] = 'eu-west-2_CgBNp3mRF'
app.config['AWS_COGNITO_USER_POOL_CLIENT_ID'] = '6asbffr0d7ne202o8c5v9vstoh'
app.config[
'AWS_COGNITO_USER_POOL_CLIENT_SECRET'] = '9drrhmu1jkl4hk1afcc3kqduakbkp7bsodsknegmfqgtaplurkc'
app.config['AWS_COGNITO_REDIRECT_URL'] = 'http://localhost:5000/aws_redirect'
app.config['JWT_TOKEN_LOCATION'] = ['cookies', 'headers']
app.config['JWT_IDENTITY_CLAIM'] = 'sub'
def load_user(user_id):
return User.query.filter_by(username=user_id).first()
'''
FLASK_PRINCIPAL SET-UP AREA.
Firstly we set up Needs - Admin and User level preferences.
'''
# Needs
be_admin = RoleNeed('admin')
to_sign_in = ActionNeed('sign in')
# Permissions
user_permission = Permission(to_sign_in)
user_permission.description = 'User\'s permissions'
admin_permission = Permission(be_admin)
admin_permission.description = 'Admin\'s permissions'
apps_needs = [be_admin, to_sign_in]
apps_permissions = [user_permission, admin_permission]
@identity_loaded.connect_via(app)
def on_identity_loaded(sender, identity):
identity.user = current_user
if current_user.is_authenticated:
needs = []
needs.append(to_sign_in)
if current_user.is_admin == 1 or current_user.is_admin == '1':
needs.append(be_admin)
# -*- coding: utf-8 -*-
from flask import g
from flask_principal import Permission, RoleNeed, ActionNeed, identity_loaded
# https://github.com/mickey06/Flask-principal-example/blob/master/FPrincipals.py
be_admin = RoleNeed("admin")
be_editor = RoleNeed("editor")
to_sign_in = ActionNeed("sign in")
user_permission = Permission(to_sign_in)
user_permission.description = "User Permissions"
editor_permission = Permission(be_editor)
editor_permission.description = "Editor Permissions"
admin_permission = Permission(be_admin)
admin_permission.description = "Admin Permissions"
apps_needs = [be_admin, be_editor, to_sign_in]
apps_permissions = [user_permission, editor_permission, admin_permission]
def current_privileges():
return (("{method}: {value}").format(method=n.method, value=n.value)
for n in apps_needs if n in g.identity.provides)
from flask_jwt import current_identity, jwt_required
from flask_principal import Permission, RoleNeed
from werkzeug.urls import url_decode, url_unquote
from flask_ppt2 import app, db
from flask_ppt2 import forms
import flask_ppt2.alchemy_models as alch
if os.environ["PPT_ENVIRONMENT"] == "dev":
import pydevd
# Create a flask_principal permission that requires the user to have
# the "Curator" role. Used to protect all methods that change data on
# the back end.
curator_permission = Permission(RoleNeed("Curator"))
curator_permission.description = "User must be a Curator"
# Get SQLAlchemy table models. Don't mess with the user table, defined
# in the auth module.
TABLE_MODELS = [
getattr(alch, t.name.capitalize()) for t in alch.DBmetadata.sorted_tables
if t.name not in ["fiscalyears", 'user']
]
@app.route("/app/<path:filename>")
def angular_app(filename):
"""Add a static directory for the angular-ppt companion Javascript
application. Relative path to that application is specified in the
config module.
"""
