i am currently using flask-login for the Authentication of my website. My Model is a simple User (with id, mail etc) which has an admin(boolean) attribute. I dont need more than 2 Roles.
Is there any way to check after a route was called, if the current user has the value "True" at the admin attribute?
I tried solving this issue with trying out custom decorator, as well as accessing session['admin'] , but it did not work.
As @Agung Wiyono commented Flask-Login provides a current_user variable, see docs.
In your route you can do something like:
from flask_login import current_user
@app.route("/test")
@login_required
def test():
if current_user.admin:
print('user is admin')
# blah blah
If you don't want to use the login_required decorator:
@app.route("/test")
def test():
if current_user.is_authenticated and current_user.admin:
print('user is authenticated and is an admin')
# blah blah
If you want to use a decorator to check if the current_user admin value is True:
def admin_role_required(func):
@wraps(func)
def decorated_view(*args, **kwargs):
if request.method in EXEMPT_METHODS:
return func(*args, **kwargs)
elif not current_user.admin:
abort(403)
return func(*args, **kwargs)
return decorated_view
This code is more or less the code of @login_required, except it checks the state of the admin attribute - see source.
And use as below. Note the order of the decorators is important. @login_required is called first then @admin_role_required is called. Decorator admin_role_required assumes the current_user is already authenticated. If admin_role_required was called first then the current_user proxy would not have an attribute admin and you'd have an error.
@app.route("/test")
@admin_role_required
@login_required
def test():
# need to be logged in and admin be True to get here
# blah blah
