aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorubq323 <ubq323>2021-06-18 20:29:38 +0000
committerubq323 <ubq323>2021-06-18 20:29:38 +0000
commitc6491d055447cba9efc6a45df172e932ca6e9e80 (patch)
tree71fb2690d2e117ffd2362cab13519f5ae2c3441e
parent8ec18ae1d985aee2bcf146c1e4f783b91643406a (diff)
parent3f0aa4cbb7e217366c55f258fa2d4fc606498951 (diff)
merge permissions (ie admin page) into trunk
-rw-r--r--apioforum/__init__.py5
-rw-r--r--apioforum/admin.py14
-rw-r--r--apioforum/auth.py4
-rw-r--r--apioforum/db.py2
-rw-r--r--apioforum/permissions.py43
-rw-r--r--apioforum/templates/admin/admin_page.html15
-rw-r--r--apioforum/templates/base.html5
7 files changed, 88 insertions, 0 deletions
diff --git a/apioforum/__init__.py b/apioforum/__init__.py
index c4348a3..4283796 100644
--- a/apioforum/__init__.py
+++ b/apioforum/__init__.py
@@ -19,6 +19,8 @@ def create_app():
from . import db
db.init_app(app)
+ from . import permissions
+ permissions.init_app(app)
from . import auth
app.register_blueprint(auth.bp)
@@ -29,6 +31,9 @@ def create_app():
from . import thread
app.register_blueprint(thread.bp)
+ from . import admin
+ app.register_blueprint(admin.bp)
+
from .fuzzy import fuzzy
app.jinja_env.filters['fuzzy']=fuzzy
diff --git a/apioforum/admin.py b/apioforum/admin.py
new file mode 100644
index 0000000..b11b735
--- /dev/null
+++ b/apioforum/admin.py
@@ -0,0 +1,14 @@
+from flask import (
+ Blueprint, render_template
+)
+from .db import get_db
+from .permissions import admin_required
+
+bp = Blueprint("admin",__name__,url_prefix="/admin")
+
+@bp.route("/")
+@admin_required
+def admin_page():
+ db = get_db()
+ admins = db.execute("select * from users where admin > 0;").fetchall()
+ return render_template("admin/admin_page.html",admins=admins)
diff --git a/apioforum/auth.py b/apioforum/auth.py
index 547f15e..80407eb 100644
--- a/apioforum/auth.py
+++ b/apioforum/auth.py
@@ -81,14 +81,17 @@ def load_user():
username = session.get("user")
if username is None:
g.user = None
+ g.user_info = None
else:
row = get_db().execute(
"SELECT * FROM users WHERE username = ?;", (username,)
).fetchone()
if row is None:
g.user = None
+ g.user_info = None
else:
g.user = row['username']
+ g.user_info = row
def login_required(view):
@@ -112,3 +115,4 @@ def cool():
@login_required
def cooler():
return "bee"
+
diff --git a/apioforum/db.py b/apioforum/db.py
index 1d7bd2b..e1e8fa3 100644
--- a/apioforum/db.py
+++ b/apioforum/db.py
@@ -78,6 +78,8 @@ CREATE TABLE thread_tags (
tag INTEGER NOT NULL REFERENCES tags(id)
);
""",
+"""CREATE INDEX thread_tags_thread ON thread_tags (thread);""",
+"""ALTER TABLE users ADD COLUMN admin INT NOT NULL DEFAULT 0""",
]
def init_db():
diff --git a/apioforum/permissions.py b/apioforum/permissions.py
new file mode 100644
index 0000000..816936c
--- /dev/null
+++ b/apioforum/permissions.py
@@ -0,0 +1,43 @@
+from flask import (
+ g, redirect, url_for, flash
+)
+import functools
+import click
+from flask.cli import with_appcontext
+from .db import get_db
+
+def is_admin():
+ if g.user_info is None:
+ return False
+ else:
+ return g.user_info['admin'] > 0
+
+def admin_required(view):
+ @functools.wraps(view)
+ def wrapped(**kwargs):
+ if is_admin():
+ return view(**kwargs)
+ else:
+ flash("you must be an admin to do that")
+ return redirect(url_for("index"))
+ return wrapped
+
+@click.command("make_admin")
+@click.argument("username")
+@with_appcontext
+def make_admin(username):
+ """makes a user an admin user"""
+ db = get_db()
+ cur = db.cursor()
+ cur.execute("UPDATE users SET admin = 1 WHERE username = ?",(username,))
+ if cur.rowcount == 0:
+ click.echo("no such user found")
+ else:
+ click.echo("ok")
+ db.commit()
+
+def init_app(app):
+ app.cli.add_command(make_admin)
+ app.context_processor(lambda: dict(is_admin=is_admin()))
+
+
diff --git a/apioforum/templates/admin/admin_page.html b/apioforum/templates/admin/admin_page.html
new file mode 100644
index 0000000..f48c6c0
--- /dev/null
+++ b/apioforum/templates/admin/admin_page.html
@@ -0,0 +1,15 @@
+{% extends 'base.html' %}
+{% block header %}
+<h1>{% block title %}admin page{% endblock %}</h1>
+{% endblock %}
+
+{% block content %}
+<h2>admins</h2>
+<ul>
+ {% for admin in admins %}
+ <li>{{admin.username}}</li>
+ {% endfor %}
+</ul>
+<p>this page will have more things on it later, probably</p>
+{% endblock %}
+
diff --git a/apioforum/templates/base.html b/apioforum/templates/base.html
index 5121b85..bf3748f 100644
--- a/apioforum/templates/base.html
+++ b/apioforum/templates/base.html
@@ -20,6 +20,11 @@
{% if g.user %}
<p>{{ g.user }}</p>
+
+ {% if is_admin %}
+ <p><a href="{{url_for('admin.admin_page')}}">admin</a></p>
+ {% endif %}
+
<p>
<a href="{{ url_for('auth.logout',next=path_for_next) }}">
logout