diff options
| author | ubq323 <ubq323> | 2021-06-18 20:29:38 +0000 |
|---|---|---|
| committer | ubq323 <ubq323> | 2021-06-18 20:29:38 +0000 |
| commit | c6491d055447cba9efc6a45df172e932ca6e9e80 (patch) | |
| tree | 71fb2690d2e117ffd2362cab13519f5ae2c3441e | |
| parent | 8ec18ae1d985aee2bcf146c1e4f783b91643406a (diff) | |
| parent | 3f0aa4cbb7e217366c55f258fa2d4fc606498951 (diff) | |
merge permissions (ie admin page) into trunk
| -rw-r--r-- | apioforum/__init__.py | 5 | ||||
| -rw-r--r-- | apioforum/admin.py | 14 | ||||
| -rw-r--r-- | apioforum/auth.py | 4 | ||||
| -rw-r--r-- | apioforum/db.py | 2 | ||||
| -rw-r--r-- | apioforum/permissions.py | 43 | ||||
| -rw-r--r-- | apioforum/templates/admin/admin_page.html | 15 | ||||
| -rw-r--r-- | apioforum/templates/base.html | 5 |
7 files changed, 88 insertions, 0 deletions
diff --git a/apioforum/__init__.py b/apioforum/__init__.py index c4348a3..4283796 100644 --- a/apioforum/__init__.py +++ b/apioforum/__init__.py @@ -19,6 +19,8 @@ def create_app(): from . import db db.init_app(app) + from . import permissions + permissions.init_app(app) from . import auth app.register_blueprint(auth.bp) @@ -29,6 +31,9 @@ def create_app(): from . import thread app.register_blueprint(thread.bp) + from . import admin + app.register_blueprint(admin.bp) + from .fuzzy import fuzzy app.jinja_env.filters['fuzzy']=fuzzy diff --git a/apioforum/admin.py b/apioforum/admin.py new file mode 100644 index 0000000..b11b735 --- /dev/null +++ b/apioforum/admin.py @@ -0,0 +1,14 @@ +from flask import ( + Blueprint, render_template +) +from .db import get_db +from .permissions import admin_required + +bp = Blueprint("admin",__name__,url_prefix="/admin") + +@bp.route("/") +@admin_required +def admin_page(): + db = get_db() + admins = db.execute("select * from users where admin > 0;").fetchall() + return render_template("admin/admin_page.html",admins=admins) diff --git a/apioforum/auth.py b/apioforum/auth.py index 547f15e..80407eb 100644 --- a/apioforum/auth.py +++ b/apioforum/auth.py @@ -81,14 +81,17 @@ def load_user(): username = session.get("user") if username is None: g.user = None + g.user_info = None else: row = get_db().execute( "SELECT * FROM users WHERE username = ?;", (username,) ).fetchone() if row is None: g.user = None + g.user_info = None else: g.user = row['username'] + g.user_info = row def login_required(view): @@ -112,3 +115,4 @@ def cool(): @login_required def cooler(): return "bee" + diff --git a/apioforum/db.py b/apioforum/db.py index 1d7bd2b..e1e8fa3 100644 --- a/apioforum/db.py +++ b/apioforum/db.py @@ -78,6 +78,8 @@ CREATE TABLE thread_tags ( tag INTEGER NOT NULL REFERENCES tags(id) ); """, +"""CREATE INDEX thread_tags_thread ON thread_tags (thread);""", +"""ALTER TABLE users ADD COLUMN admin INT NOT NULL DEFAULT 0""", ] def init_db(): diff --git a/apioforum/permissions.py b/apioforum/permissions.py new file mode 100644 index 0000000..816936c --- /dev/null +++ b/apioforum/permissions.py @@ -0,0 +1,43 @@ +from flask import ( + g, redirect, url_for, flash +) +import functools +import click +from flask.cli import with_appcontext +from .db import get_db + +def is_admin(): + if g.user_info is None: + return False + else: + return g.user_info['admin'] > 0 + +def admin_required(view): + @functools.wraps(view) + def wrapped(**kwargs): + if is_admin(): + return view(**kwargs) + else: + flash("you must be an admin to do that") + return redirect(url_for("index")) + return wrapped + +@click.command("make_admin") +@click.argument("username") +@with_appcontext +def make_admin(username): + """makes a user an admin user""" + db = get_db() + cur = db.cursor() + cur.execute("UPDATE users SET admin = 1 WHERE username = ?",(username,)) + if cur.rowcount == 0: + click.echo("no such user found") + else: + click.echo("ok") + db.commit() + +def init_app(app): + app.cli.add_command(make_admin) + app.context_processor(lambda: dict(is_admin=is_admin())) + + diff --git a/apioforum/templates/admin/admin_page.html b/apioforum/templates/admin/admin_page.html new file mode 100644 index 0000000..f48c6c0 --- /dev/null +++ b/apioforum/templates/admin/admin_page.html @@ -0,0 +1,15 @@ +{% extends 'base.html' %} +{% block header %} +<h1>{% block title %}admin page{% endblock %}</h1> +{% endblock %} + +{% block content %} +<h2>admins</h2> +<ul> + {% for admin in admins %} + <li>{{admin.username}}</li> + {% endfor %} +</ul> +<p>this page will have more things on it later, probably</p> +{% endblock %} + diff --git a/apioforum/templates/base.html b/apioforum/templates/base.html index 5121b85..bf3748f 100644 --- a/apioforum/templates/base.html +++ b/apioforum/templates/base.html @@ -20,6 +20,11 @@ {% if g.user %} <p>{{ g.user }}</p> + + {% if is_admin %} + <p><a href="{{url_for('admin.admin_page')}}">admin</a></p> + {% endif %} + <p> <a href="{{ url_for('auth.logout',next=path_for_next) }}"> logout |