From d92a07381f0226dd4aa4f5dc63c11e77853634e0 Mon Sep 17 00:00:00 2001 From: ubq323 Date: Fri, 18 Jun 2021 16:33:25 +0000 Subject: add admin handling things --- apioforum/__init__.py | 2 ++ apioforum/auth.py | 4 ++++ apioforum/permissions.py | 41 +++++++++++++++++++++++++++++++++++++++++ 3 files changed, 47 insertions(+) create mode 100644 apioforum/permissions.py diff --git a/apioforum/__init__.py b/apioforum/__init__.py index c4348a3..02252de 100644 --- a/apioforum/__init__.py +++ b/apioforum/__init__.py @@ -19,6 +19,8 @@ def create_app(): from . import db db.init_app(app) + from . import permissions + permissions.init_app(app) from . import auth app.register_blueprint(auth.bp) diff --git a/apioforum/auth.py b/apioforum/auth.py index 547f15e..80407eb 100644 --- a/apioforum/auth.py +++ b/apioforum/auth.py @@ -81,14 +81,17 @@ def load_user(): username = session.get("user") if username is None: g.user = None + g.user_info = None else: row = get_db().execute( "SELECT * FROM users WHERE username = ?;", (username,) ).fetchone() if row is None: g.user = None + g.user_info = None else: g.user = row['username'] + g.user_info = row def login_required(view): @@ -112,3 +115,4 @@ def cool(): @login_required def cooler(): return "bee" + diff --git a/apioforum/permissions.py b/apioforum/permissions.py new file mode 100644 index 0000000..4a9cf97 --- /dev/null +++ b/apioforum/permissions.py @@ -0,0 +1,41 @@ +from flask import ( + g, redirect, url_for, flash +) +import functools +import click +from flask.cli import with_appcontext +from .db import get_db + +def is_admin(): + if g.user_info is None: + return False + else: + return g.user_info['admin'] > 0 + +def admin_required(view): + @functools.wraps(view) + def wrapped(**kwargs): + if is_admin(): + return view(**kwargs) + else: + flash("you must be an admin to do that") + return redirect(url_for("index")) + return wrapped + +@click.command("make_admin") +@click.argument("username") +@with_appcontext +def make_admin(username): + """makes a user an admin user""" + db = get_db() + cur = db.cursor() + cur.execute("UPDATE users SET admin = 1 WHERE username = ?",(username,)) + if cur.rowcount == 0: + click.echo("no such user found") + else: + click.echo("ok") + db.commit() + +def init_app(app): + app.cli.add_command(make_admin) + -- cgit v1.2.3