7 files changed, 88 insertions, 0 deletions

diff --git a/apioforum/__init__.py b/apioforum/__init__.py
index c4348a3..4283796 100644
--- a/apioforum/__init__.py
+++ b/apioforum/__init__.py
@@ -19,6 +19,8 @@ def create_app():
 
     from . import db
     db.init_app(app)
+    from . import permissions
+    permissions.init_app(app)
 
     from . import auth
     app.register_blueprint(auth.bp)
@@ -29,6 +31,9 @@ def create_app():
     from . import thread
     app.register_blueprint(thread.bp)
 
+    from . import admin
+    app.register_blueprint(admin.bp)
+
     from .fuzzy import fuzzy
     app.jinja_env.filters['fuzzy']=fuzzy
 
diff --git a/apioforum/admin.py b/apioforum/admin.py
new file mode 100644
index 0000000..b11b735
--- /dev/null
+++ b/apioforum/admin.py
@@ -0,0 +1,14 @@
+from flask import (
+    Blueprint, render_template
+)
+from .db import get_db
+from .permissions import admin_required
+
+bp = Blueprint("admin",__name__,url_prefix="/admin")
+
+@bp.route("/")
+@admin_required
+def admin_page():
+    db = get_db()
+    admins = db.execute("select * from users where admin > 0;").fetchall()
+    return render_template("admin/admin_page.html",admins=admins)
diff --git a/apioforum/auth.py b/apioforum/auth.py
index 547f15e..80407eb 100644
--- a/apioforum/auth.py
+++ b/apioforum/auth.py
@@ -81,14 +81,17 @@ def load_user():
     username = session.get("user")
     if username is None:
         g.user = None
+        g.user_info = None
     else:
         row = get_db().execute(
             "SELECT * FROM users WHERE username = ?;", (username,)
         ).fetchone()
         if row is None:
             g.user = None
+            g.user_info = None
         else:
             g.user = row['username']
+            g.user_info = row
         
 
 def login_required(view):
@@ -112,3 +115,4 @@ def cool():
 @login_required
 def cooler():
     return "bee"
+
diff --git a/apioforum/db.py b/apioforum/db.py
index 1d7bd2b..e1e8fa3 100644
--- a/apioforum/db.py
+++ b/apioforum/db.py
@@ -78,6 +78,8 @@ CREATE TABLE thread_tags (
     tag INTEGER NOT NULL REFERENCES tags(id)
 );
 """,
+"""CREATE INDEX thread_tags_thread ON thread_tags (thread);""",
+"""ALTER TABLE users ADD COLUMN admin INT NOT NULL DEFAULT 0""",
 ]
 
 def init_db():
diff --git a/apioforum/permissions.py b/apioforum/permissions.py
new file mode 100644
index 0000000..816936c
--- /dev/null
+++ b/apioforum/permissions.py
@@ -0,0 +1,43 @@
+from flask import (
+    g, redirect, url_for, flash
+)
+import functools
+import click
+from flask.cli import with_appcontext
+from .db import get_db
+
+def is_admin():
+    if g.user_info is None:
+        return False
+    else:
+        return g.user_info['admin'] > 0
+
+def admin_required(view):
+    @functools.wraps(view)
+    def wrapped(**kwargs):
+        if is_admin():
+            return view(**kwargs)
+        else:
+            flash("you must be an admin to do that")
+            return redirect(url_for("index"))
+    return wrapped
+
+@click.command("make_admin")
+@click.argument("username")
+@with_appcontext
+def make_admin(username):
+    """makes a user an admin user"""
+    db = get_db()
+    cur = db.cursor()
+    cur.execute("UPDATE users SET admin = 1 WHERE username = ?",(username,))
+    if cur.rowcount == 0:
+        click.echo("no such user found")
+    else:
+        click.echo("ok")
+    db.commit()
+
+def init_app(app):
+    app.cli.add_command(make_admin)
+    app.context_processor(lambda: dict(is_admin=is_admin()))
+
+
diff --git a/apioforum/templates/admin/admin_page.html b/apioforum/templates/admin/admin_page.html
new file mode 100644
index 0000000..f48c6c0
--- /dev/null
+++ b/apioforum/templates/admin/admin_page.html
@@ -0,0 +1,15 @@
+{% extends 'base.html' %}
+{% block header %}
+<h1>{% block title %}admin page{% endblock %}</h1>
+{% endblock %}
+
+{% block content %}
+<h2>admins</h2>
+<ul>
+    {% for admin in admins %}
+    <li>{{admin.username}}</li>
+    {% endfor %}
+</ul>
+<p>this page will have more things on it later, probably</p>
+{% endblock %}
+
diff --git a/apioforum/templates/base.html b/apioforum/templates/base.html
index 5121b85..bf3748f 100644
--- a/apioforum/templates/base.html
+++ b/apioforum/templates/base.html
@@ -20,6 +20,11 @@
 
 				{% if g.user %}
 				<p>{{ g.user }}</p>
+
+				{% if is_admin %}
+				<p><a href="{{url_for('admin.admin_page')}}">admin</a></p>
+				{% endif %}
+    				
 				<p>
 					<a href="{{ url_for('auth.logout',next=path_for_next) }}">
 						logout