python - Flask-Admin & Authentication: "/admin" is protected but "/admin/anything-else" is not -

-

i'm trying customize admin views flask , flask-superadmin, however, index view , subviews apparently not using same is_accessible method:

edit: managed figure out doing wrong. needed define is_accessible in every view class. well-accomplished mixin-class, show in fixed code:

app/frontend/admin.py (fixed & working code)

from flask.ext.security import current_user, login_required flask.ext.superadmin import expose, adminindexview flask.ext.superadmin.model.base import modeladmin ..core import db  # admin views should subclass authmixin class authmixin(object):     def is_accessible(self):         if current_user.is_authenticated() , current_user.has_role('admin'):             return true         return false  # view gets used admin home page class adminindex(authmixin, adminindexview):     # use custom template admin home page     @expose('/')     def index(self):         return self.render('admin/index.jade')  # base view other admin pages class adminbase(authmixin, modeladmin): # authmixin must come before modeladmin!     """a base class customizing admin views using our db connection."""     session = db.session  # customize form displays user , role models  class useradmin(adminbase):     list_display = ('email',)     search_fields = ('email',)     exclude = ['password',]     #fields_order = ['email', 'active', 'last_login_at',]  class roleadmin(adminbase):     field_args = {'name': {'label': 'role name'},                 'description': {'description': "duties & responsibilities"}}     list_display = ('name', 'description')

then set flask app our admin views:
apps/factory.py

app = flask(package_name, instance_relative_config=true) # other app setup stuff db, mail, ...  .frontend.admin import adminindex, useradmin, roleadmin admin = admin(app, name='pycbm admin',               index_view=adminindex(url='/admin', name='admin home')) admin.register(user, useradmin) admin.register(role, roleadmin)

so, title says, here's problem:

/admin throws 403 when 'admin' user isn't logged in, should, /admin/user lets right on in.

i dug through source code try find "global all-of-admin-blueprint" security function - maybe i'm blind - couldn't find one.

if go flask_superadmin/base.py, @ line 193 there following code snippet:

def _handle_view(self, name, *args, **kwargs):     if not self.is_accessible():         return abort(403)

so maybe method has overriden adminindex avoid returning abort(403) redirect /login


Comments

Post a Comment

Popular posts from this blog

javascript - Count length of each class -

-
i have below code in this fiddle . html <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> <span class="myname">john smith</span> javascript $('.myname').each(function(){ var text = $(this).html().split(' '), len = text.length, test = $(this).val().length, result = []; console.log('outside: ' + test); for( var = 0; < len; i++ ) { result[i] = '<span class="name-'+[i]+'" >' + text[i] + '</span>'; console.log('inside: ' + test); } $(this).html(result.join(' ')); console.log('after
Read more

What design pattern is this code in Javascript? -

-
this question has answer here: why write “.call(this)” @ end of javascript anonymous function? [duplicate] 4 answers what kind of design pattern , significance of using closure? (function(){ // code here }).call(this); edit then difference between above code , following this keyword still refer same object in both ways. (function(){ // code here })(); thats invoked function expression. more info here: http://benalman.com/news/2010/11/immediately-invoked-function-expression/ the purpose run code while protecting scope (so variables declared within don't leak out global scope. update call sets value of this function being applied on. without it, value set window object, there set outer scope.
Read more

hadoop - Restrict secondarynamenode to be installed and run on any other node in the cluster -

-
i have have cloudera cdh3u4 cluster setup. have secondarynamenode daemon running on 1 of nodes. i have ensure user has root access node on cluster (for example, datanode not have other daemons running) should not able start instance of secondarynamenode daemon on node (thereby having 2 secondarynamenodes on cluster) how can achieve this? thanks in advance. add property hdfs-site.xml namedfs.secondary.http.address valuesecondarynamenode-host address or ip:50090
Read more