def wrapper(*args, **kwargs): if not current_user: return login_required(func)(*args, **kwargs) player_id = kwargs['player_id'] player = get_player_by_id(player_id) if player.user.id == current_user.id: return login_required(func)(*args, **kwargs) else: return redirect(url_for('index'))
def wrapper(*args, **kwargs): game_id = kwargs['game_id'] game = get_game(game_id) if not g.user: return login_required(func)(*args, **kwargs) player = get_player(game, g.user) if player: return login_required(func)(*args, **kwargs) else: return redirect(url_for('index'))
def wrapper(*args, **kwargs): if not current_user: return login_required(func)(*args, **kwargs) player_id = kwargs.get('player_id') game_id = kwargs.get('game_id') if player_id: player = get_player_by_id(player_id) game = player.game elif game_id: game = get_game(game_id) player = get_player(game, current_user) if player: return login_required(func)(*args, **kwargs) else: return redirect(url_for('index'))
def staff_only(f): @wraps(f) def decorated_function(*args, **kwargs): if not current_user.staff: return abort(403) return f(*args, **kwargs) return login_required(decorated_function)
def decorated_view(*args, **kwargs): # if OctoPrint hasn't been set up yet, abort if settings().getBoolean([ "server", "firstRun" ]) and (octoprint.server.userManager is None or not octoprint.server.userManager.hasBeenCustomized()): return make_response("OctoPrint isn't setup yet", 403) # if API is globally enabled, enabled for this request and an api key is provided, try to use that apikey = _getApiKey(request) if settings().get(["api", "enabled" ]) and apiEnabled and apikey is not None: if apikey == settings().get(["api", "key"]): # master key was used user = ApiUser() else: # user key might have been used user = octoprint.server.userManager.findUser(apikey=apikey) if user is None: make_response("Invalid API key", 401) if login_user(user, remember=False): identity_changed.send(current_app._get_current_object(), identity=Identity(user.get_id())) return func(*args, **kwargs) # call regular login_required decorator return login_required(func)(*args, **kwargs)
def decorated_view(*args, **kwargs): # if OctoPrint hasn't been set up yet, abort if settings().getBoolean(["server", "firstRun"]) and (octoprint.server.userManager is None or not octoprint.server.userManager.hasBeenCustomized()): return make_response("OctoPrint isn't setup yet", 403) # if API is globally enabled, enabled for this request and an api key is provided, try to use that if settings().get(["api", "enabled"]) and apiEnabled and "apikey" in request.values.keys(): apikey = request.values["apikey"] user = None if apikey == settings().get(["api", "key"]): # master key was used user = ApiUser() else: # user key might have been used user = octoprint.server.userManager.findUser(apikey=apikey) if user is None: make_response("Invalid API key", 403) if login_user(user, remember=False): identity_changed.send(current_app._get_current_object(), identity=Identity(user.get_id())) return func(*args, **kwargs) # call regular login_required decorator return login_required(func)(*args, **kwargs)
def register(cls,mod,base_partial="/api"): def call_api(args): args = args.split("/") print "ARGS:",args return getattr(HoursAPI(),args[0])(*args[1:]) url = "%s/<path:args>"%base_partial mod.add_url_rule(url, view_func=login_required(call_api))
def wrapper(f): @wraps(f) def wrapped(*args, **kwargs): if any(Role.query.filter_by(user=current_user.user).first() for Role in roles): return f(*args, **kwargs) abort(401) return login_required(wrapped)
def login_is_required(cls): new_dict = {} for key, value in vars(cls).items(): if key in ("get", "post"): new_dict[key] = login_required(value) else: new_dict[key] = value return type(str(cls), (MethodView,), new_dict)
def _dispatch_required(x=None): if type(x) == FunctionType: return login_required(x) elif isinstance(x, basestring): return permission_required(x) elif x is None: return login_required else: raise ValueError('The argument is invalid')
def _dispatch_required(x=None): if type(x) == FunctionType: return login_required(x) elif isinstance(x, basestring): return permission_required(x) elif x is None: return login_required else: raise ValueError('The argument is invalid')
def __init__(self, name, cmds, config='app.cfg', host='127.0.0.1', port=5000, script_url=SCRIPT_URL, not_public=False): self.name = name self.cmds = OrderedDict([(c.name, c) for c in cmds]) self.app = Flask(__name__) self.config = os.path.abspath(config) self.app.config.from_object('formcreator.DefaultConfig') self.app.config.from_pyfile(self.config, silent=True) # Directories with contents displayed in the page self.dirs = [] self.host = host self.port = port if not_public: self.not_public = True # Create de database self.db = db self.app.test_request_context().push() self.db.init_app(self.app) self.db.create_all() # Create admin user with doesn't exist admin_user = User.query.get(1) if not admin_user: admin_user = User("admin", "admin", is_admin=True) self.db.session.add(admin_user) self.db.session.commit() # Create hte LoginManager self.login_manager = LoginManager() self.login_manager.init_app(self.app) self.login_manager.login_view = "login" self.login_manager.user_loader(self.load_user) # Create the url_rules for the Forms for i, cmd in enumerate(self.cmds.values()): if not_public: url_function = partial(login_required(self.form), cmd.name) else: url_function = partial(self.form, cmd.name) self.app.add_url_rule( SCRIPT_URL + (cmd.name if i > 0 else '') , cmd.name , url_function , methods=['GET', 'POST']) # Create the url_rules for serving Form's files directories for c in cmds: for d in c.dirs: self.app.add_url_rule( "{}{}/<path:filename>".format(SCRIPT_URL, d) , "{}-{}".format(cmd.name, d) , partial(self.serve_files, d) , methods=['GET']) self.dirs.append(DirContents(d)) if not_public: self.app.add_url_rule("/login", "login", self.login, methods=['POST', 'GET']) self.app.add_url_rule("/logout", "logout", self.logout, methods=['POST', 'GET'])
def started(self): """Register mapping url to web server""" template_folder = os.path.join(self.module_path, 'templates') app = Blueprint('Auth', __name__, url_prefix='/auth', template_folder=template_folder) # url mapping app.add_url_rule('/', 'index', view_func=self._index) app.add_url_rule('/login', 'login', view_func=self._login, methods=['GET', 'POST']) app.add_url_rule('/logout', 'logout', view_func=self._logout) app.add_url_rule('/users', 'users', view_func=self._users) app.add_url_rule('/user', 'new_user', view_func=self._user, methods=['GET', 'POST']) app.add_url_rule('/user/<user_name>', 'user', view_func=self._user, methods=['GET', 'POST']) # register to flask module = ModuleManager.get('web') if not module: self.add_critical('no module name "web"') raise FileNotFoundError module.add_blueprint(app) login_manager = LoginManager() login_manager.login_view = '%s.login' % app.name login_manager.init_app(module.flask) login_manager.user_loader(auth.load) # set url to login required exclude_login_required_url = [ 'static', login_manager.login_view ] + DataFileManager.load(self.name, 'exclude_login_required_url', []) def filter_app(get_apps_handler): def inner(): return [ app for app in get_apps_handler() if current_user.can_access(app['name']) ] return inner for endpoint, view_func in module.flask.view_functions.copy().items(): if endpoint not in exclude_login_required_url: module.flask.view_functions[endpoint] = login_required( view_func) module.get_apps = filter_app(module.get_apps)
def wrapper(f): @wraps(f) def wrapped(*args, **kwargs): if any( Role.query.filter_by(user=current_user.user).first() for Role in roles): return f(*args, **kwargs) abort(401) return login_required(wrapped)
def init_views(): for key in view_list: if key not in views_with_anonymous_access: view_list[key] = login_required(view_list[key]) for key in route_deco: route = route_deco[key] view_method = view_list[key] view_list[key] = route(view_method) log.info(__name__ + ' :: Registered views - {0}'.format(str(view_list)))
def __init__(self, clients, acr_values, login_manager, custom_endpoints=None): super(OIDCRPBlueprint, self).__init__('oidc_rp', __name__, template_folder='templates') self.clients = clients self.acr_values = acr_values self.custom_endpoints = custom_endpoints login_manager.user_loader(self._load_user) self.add_url_rule("/rp", "connect_op", self._connect_op) self.add_url_rule("/authz_cb", "authenticate", self._authenticate) self.add_url_rule("/logout", "logout", login_required(self._logout))
def wrapper(*args, **kwargs): if not current_user: return login_required(func)(*args, **kwargs) player_id = kwargs.get('player_id') game_id = kwargs.get('game_id') #prioritize player id if player_id: req_player = get_player_by_id(player_id) game = player.game elif game_id: game = get_game(game_id) curr_player = get_player(game, current_user) if 'game' in requirements: if not curr_player: return redirect(url_for('index')) if 'player' in requirements: if req_player.user.id != current_user.id: return redirect(url_for('index')) if 'cards' in requirements: cards = get_cards_from_form(request.form) curr_player.get_cards(cards) if 'active' in requirements: if not curr_player.active: raise GameError('You are not the currently active player') if 'lead' in requirements: if not curr_player.lead: raise GameError('You are not the game lead.') if 'house' in requirements: if not curr_player.house: raise GameError('You are not on the house team.') return login_required(func)(*args, **kwargs)
def init_views(): for key in view_list: # Add maintenance wrapper # view_list[key] = maintenance(view_list[key]) # wrap methods for login requirement if key not in views_with_anonymous_access: view_list[key] = login_required(view_list[key]) for key in route_deco: route = route_deco[key] view_method = view_list[key] view_list[key] = route(view_method) log.info(__name__ + ' :: Registered views - {0}'.format(str(view_list)))
def login_init(app): """ Init login module """ login_manager.login_view = "LoginApi:get" login_manager.init_app(app) if not config.LOGIN['enabled']: return endpoint_list = filter( lambda endpoint: endpoint not in config.LOGIN['exclude'], app.view_functions.keys()) # add login deco for each view_func for ep in endpoint_list: app.view_functions[ep] = login_required(app.view_functions[ep])
def login_init(app): """ Init login module """ login_manager.login_view = "LoginApi:get" login_manager.init_app(app) if not config.LOGIN['enabled']: return endpoint_list = filter( lambda endpoint: endpoint not in config.LOGIN['exclude'], app.view_functions.keys() ) # add login deco for each view_func for ep in endpoint_list: app.view_functions[ep] = login_required(app.view_functions[ep])
def build_experiment(name='', question='Which one do you prefer?', selectors=None, **kw): if selectors is None: selectors = [random_selector] def page_gen(selector): if request.method == 'POST': winner = request.form['winner'] loser = request.form['loser'] experiment = request.form['experiment'] if winner and loser and experiment: winner = int(winner) loser = int(loser) args = { 'left': winner, 'right': loser, 'exp': experiment, 'sel': selector, 'user': current_user.name } print('Adding a match between "{left}" (winner) and "{right}" (loser) in experiment "{exp}" where the selector is ""{sel}"" done by user ""{user}""'.format(**args)) db.session.add(Match(left_id=winner, right_id=loser, experiment=experiment, ip=request.remote_addr, user_id=current_user.id)) db.session.commit() selector = selector.replace('/', '') for select in selectors: if select.__name__ == selector: img1, img2 = select() break return render_template('template.html', url1=parse(img1.url), url2=parse(img2.url), id1=img1.id, id2=img2.id, question=question, experiment=name, **kw) sel_name = selectors[0].__name__ def page_gen_default(): return page_gen(sel_name) page_gen_default.__name__ = name + '_default' page_gen.__name__ = name addr = '/' + name + '/<string:selector>/' page_gen = app.route(addr, methods=['GET', 'POST'])(page_gen) page_gen = login_required(page_gen) addr = '/'+ name + '/' page_gen_default = app.route(addr, methods=['GET', 'POST'])(page_gen_default) return page_gen
def __init__(self, name, cmds, config='app.cfg', host='127.0.0.1', port=5000, script_url=SCRIPT_URL, not_public=False): self.name = name self.cmds = OrderedDict([(c.name, c) for c in cmds]) self.app = Flask(__name__) self.config = os.path.abspath(config) self.app.config.from_object('formcreator.DefaultConfig') self.app.config.from_pyfile(self.config, silent=True) # Directories with contents displayed in the page self.dirs = [] self.host = host self.port = port if not_public: self.not_public = True # Create de database self.db = db self.app.test_request_context().push() self.db.init_app(self.app) self.db.create_all() # Create admin user if doesn't exist admin_user = User.query.get(1) if not admin_user: admin_user = User("admin", "admin", is_admin=True) self.db.session.add(admin_user) self.db.session.commit() # Create hte LoginManager self.login_manager = LoginManager() self.login_manager.init_app(self.app) self.login_manager.login_view = "login" self.login_manager.user_loader(self.load_user) # Create the url_rules for the Forms for i, cmd in enumerate(self.cmds.values()): if not_public: url_function = partial(login_required(self.form), cmd.name) else: url_function = partial(self.form, cmd.name) self.app.add_url_rule(SCRIPT_URL + (cmd.name if i > 0 else ''), cmd.name, url_function, methods=['GET', 'POST']) # Create the url_rules for serving Form's files directories for c in cmds: for d in c.dirs: self.app.add_url_rule("{}{}/<path:filename>".format( SCRIPT_URL, d), "{}-{}".format(cmd.name, d), partial(self.serve_files, d), methods=['GET']) self.dirs.append(DirContents(d)) if not_public: self.app.add_url_rule("/login", "login", self.login, methods=['POST', 'GET']) self.app.add_url_rule("/logout", "logout", self.logout, methods=['POST', 'GET'])
def post(self): if request.form['submit'] == 'subset': events_list = [ k for k, v in request.form.to_dict().items() if v == 'on' ] if not events_list: return redirect(request.url) params = parse_named_values(request.form['query']) subset_id = init_digest(events_list, params) return redirect( url_for('digestmonkey.choose_template', subset_id=subset_id)) return redirect(request.url) digestmonkey.add_url_rule('subset', view_func=login_required( EventsSubset.as_view('make_subset'))) @digestmonkey.route('choose-template/<subset_id>') @login_required def choose_template(subset_id): templates = [ file for file in get_github_repo().get_dir_contents('/') if file.name.endswith(".html") or file.name.endswith(".template") ] if len(templates) == 1: set_variable(subset_id, 'template', templates[0].name) return redirect( url_for('digestmonkey.configure_template', subset_id=subset_id)) else: return render_template('digestmonkey/choose_template.html',
def decorated_view(*args, **kwargs): if settings().getBoolean([ "server", "firstRun" ]) and (userManager is None or not userManager.hasBeenCustomized()): return make_response("OctoPrint isn't setup yet", 403) return login_required(func)(*args, **kwargs)
from phantomboreas.webservice import app, api, views, admin_required from flask.ext.login import login_required capture_api_view = login_required(api.CaptureAPI.as_view('capture')) app.add_url_rule('/assets/capture/<filename>', view_func=capture_api_view) drone_auth_view = login_required(api.DroneAuthAPI.as_view('drone_auth')) app.add_url_rule('/drone_auth', view_func=drone_auth_view) index_view = login_required(views.IndexView.as_view('index')) app.add_url_rule('/', view_func=index_view) app.add_url_rule('/signin', view_func=views.SigninView.as_view('signin')) app.add_url_rule('/signout', view_func=views.UserLogoutView.as_view('signout')) admin_view = admin_required(login_required(views.AdminView.as_view('admin'))) app.add_url_rule('/admin', view_func=admin_view) user_view = admin_required(login_required(api.UserAPI.as_view('users'))) app.add_url_rule('/users', view_func=user_view, methods=['GET', 'POST']) app.add_url_rule('/users/<int:user_id>', view_func=user_view, methods=['GET', 'PATCH']) citation_api_view = login_required(api.CitationAPI.as_view('citation')) search_api_view = login_required(api.SearchAPI.as_view('search')) citations_view = login_required(views.CitationsView.as_view('citations')) summary_view = login_required(views.SummaryView.as_view('summary')) app.add_url_rule('/summary', view_func=summary_view)
def login_required_if_no_ano(func): if config.ANON_BROWSE == 1: return func return login_required(func)
return flask.Response(json.dumps(link.to_dict()), status=200, mimetype='application/json') def delete(self, link_id): link = Link.query.filter_by(receiver_id=flask_auth.current_user.id, uuid=link_id).first_or_404() link.deactivated = True db.session.add(link) db.session.commit() return flask.Response(status=204) links_view = flask_auth.login_required(LinksAPI.as_view('links_api')) blueprint.add_url_rule('/links', defaults={'link_id': None}, view_func=links_view, methods=['GET', 'POST']) blueprint.add_url_rule('/links/<link_id>', view_func=links_view, methods=['GET', 'POST', 'DELETE']) class UploadView(flask.views.MethodView): def get(self, link_id): link = Link.query.filter_by(uuid=link_id, deactivated=False).first() if not link: return flask.render_template('failure.html', link=None,
def register_controllers(): from flask.ext.login import login_required public_bp = public.views.blueprint public_bp.add_url_rule('/', subdomain='<username>', view_func=public.views.view_site_home, methods=['GET'], defaults={'path': None}) public_bp.add_url_rule('/<path>', subdomain='<username>', view_func=public.views.view_site_home, methods=['GET']) public_bp.add_url_rule('/<path:path>', subdomain='<username>', view_func=public.views.view_file_in_folder) public_bp.add_url_rule("/", view_func=public.views.home, methods=["GET"]) public_bp.add_url_rule("/save_temp/<temp_file_id>", view_func=public.views.save_temp_file, methods=['POST']) public_bp.add_url_rule('/view_temp/<temp_file_id>', view_func=public.views.view_temp_file) public_bp.add_url_rule("/dash", methods=["GET", "POST"], view_func=login_required(public.views.user_dashboard)) users_bp = users.views.blueprint users_bp.add_url_rule('/settings', methods=['GET'], view_func=login_required(users.views.settings)) users_bp.add_url_rule('/change_email', methods=['POST'], view_func=login_required(users.views.change_email)) users_bp.add_url_rule('/change_password', methods=['POST'], view_func=login_required(users.views.change_password)) users_bp.add_url_rule('/login', methods=['POST'], view_func=users.views.login) users_bp.add_url_rule('/logout', methods=['POST'], view_func=login_required(users.views.logout)) users_bp.add_url_rule('/register', methods=['GET', 'POST'], view_func=users.views.register) users_bp.add_url_rule('/activate/<token>', methods=['GET'], view_func=users.views.activate) users_bp.add_url_rule('/login_help', methods=['GET'], view_func=users.views.login_help) users_bp.add_url_rule('/resend', methods=['POST'], view_func=users.views.resend) users_bp.add_url_rule('/send_reset', methods=['POST'], view_func=users.views.send_password_reset) users_bp.add_url_rule('/reset/<token>', methods=['GET', 'POST'], view_func=users.views.reset_password) sites_bp = sites.views.blueprint sites_bp.add_url_rule('/<username>/<site_name>', view_func=sites.views.view_site) sites_bp.add_url_rule('/manage/<int:site_id>', view_func=login_required(sites.views.manage_site)) sites_bp.add_url_rule('/manage/<int:site_id>/<path:folder_key>', view_func=login_required(sites.views.manage_site_folder)) sites_bp.add_url_rule('/upload/<int:site_id>', methods=['POST'], view_func=login_required(sites.views.upload)) sites_bp.add_url_rule('/upload/<int:site_id>/<path:folder_key>', methods=['POST'], view_func=login_required(sites.views.upload_in_folder)) sites_bp.add_url_rule('/edit/<int:site_id>/<path:key>', view_func=login_required(sites.views.edit_file)) sites_bp.add_url_rule('/save/<int:site_id>', methods=['POST'], view_func=login_required(sites.views.save_file)) sites_bp.add_url_rule('/view/<username>/<int:site_id>/<path:key>', view_func=sites.views.view_file) sites_bp.add_url_rule('/view_s3_index/<int:site_id>', view_func=sites.views.view_s3_index) sites_bp.add_url_rule('/delete/<int:site_id>/<path:folder_key>', methods=['POST'], view_func=login_required(sites.views.delete_file)) sites_bp.add_url_rule('/delete_folder/<int:site_id>/<path:folder_key>', methods=['POST'], view_func=login_required(sites.views.delete_folder)) sites_bp.add_url_rule('/delete_site/<int:site_id>', methods=['POST'], view_func=login_required(sites.views.delete_site)) sites_bp.add_url_rule('/create_folder/<int:site_id>', methods=['POST'], view_func=login_required(sites.views.create_folder)) sites_bp.add_url_rule('/create_folder_in_folder/<int:site_id>/<path:folder_key>', methods=['POST'], view_func=login_required(sites.views.create_folder_in_folder)) sites_bp.add_url_rule('/create_file/<int:site_id>', methods=['POST'], view_func=login_required(sites.views.create_file)) sites_bp.add_url_rule('/create_file_in_folder/<int:site_id>/<path:folder_key>', methods=['POST'], view_func=login_required(sites.views.create_file_in_folder))
sess = db.session() q = sess.query(PublishedDigest).\ filter(PublishedDigest.events_ids.contains([int(event['id'])])) event['published'] = q.all() events.append(event) r['events'] = events return render_template(self.template, events_data=r, offset=offset, count=count, page=page, query=query) events.add_url_rule('list', view_func=login_required( EventsList.as_view('events_list'))) def strip_newlines(data): data = data.strip() data = re.sub(r'(<br/>|<br>|<p><br></p>|<p></p>)*$', '', data) data = data.strip() return data EVENT_CREATION_FORM = t.Dict({ 'title': t.String, 'agenda': t.String >> strip_newlines, 'social':
if item.submitter.id != current_user.id: if not current_user.is_admin: abort(403) # delete physical files item.thumbnail.delete() for file in item.files: file.delete() # delete the item itself (the document) item.delete() flash('Item deleted successfully', category='success') return redirect(url_for('frontend.index')) # Register the urls items.add_url_rule('/items/', view_func=ListView.as_view('index')) items.add_url_rule('/items/<int:page>/', view_func=ListView.as_view('paginate')) items.add_url_rule('/item/<int:item_id>/', view_func=DetailView.as_view('detail')) # login required urls add_view = login_required(AddView.as_view('add')) # add_view = AddView.as_view('add') items.add_url_rule('/add/', view_func=add_view) # Edit item edit_view = login_required(EditView.as_view('edit')) items.add_url_rule('/item/<int:item_id>/edit/', view_func=edit_view)