我想用Flask和Flask-SuperAdmin自定義管理員視圖,但是,索引視圖和子視圖是顯然不是使用相同的方法is_accessible
方法:Flask-Admin&Authentication:「/ admin」受保護,但「/ admin/anything-else」不是
編輯:我設法弄清楚我做錯了什麼。我需要在每個視圖類中定義is_accessible。這是良好的完成與混入類,如顯示在固定的代碼:
應用程序/前端/ admin.py(FIXED &工作代碼)
from flask.ext.security import current_user, login_required
from flask.ext.superadmin import expose, AdminIndexView
from flask.ext.superadmin.model.base import ModelAdmin
from ..core import db
# all admin views should subclass AuthMixin
class AuthMixin(object):
def is_accessible(self):
if current_user.is_authenticated() and current_user.has_role('Admin'):
return True
return False
# the view that gets used for the admin home page
class AdminIndex(AuthMixin, AdminIndexView):
# use a custom template for the admin home page
@expose('/')
def index(self):
return self.render('admin/index.jade')
# base view for all other admin pages
class AdminBase(AuthMixin, ModelAdmin): # AuthMixin must come before ModelAdmin!
"""A base class for customizing admin views using our DB connection."""
session = db.session
# customize the form displays for User and Role models
class UserAdmin(AdminBase):
list_display = ('email',)
search_fields = ('email',)
exclude = ['password',]
#fields_order = ['email', 'active', 'last_login_at',]
class RoleAdmin(AdminBase):
field_args = {'name': {'label': 'Role Name'},
'description': {'description': "Duties & Responsibilities"}}
list_display = ('name', 'description')
然後設置瓶應用與我們聯繫的觀點:
應用/ factory.py
app = Flask(package_name, instance_relative_config=True)
# other app setup stuff like db, mail, ...
from .frontend.admin import AdminIndex, UserAdmin, RoleAdmin
admin = Admin(app, name='PyCBM Admin',
index_view=AdminIndex(url='/admin', name='Admin Home'))
admin.register(User, UserAdmin)
admin.register(Role, RoleAdmin)
所以,就像標題所說,這裏的問題:
/admin throws a 403 when an 'Admin' user isn't logged in, like it should, but
/admin/user lets anybody right on in.
我通過源代碼挖來試圖找到另一個「全局管理員藍圖」安全功能 - 也許我是盲人 - 但我找不到一個。
你應該回答你自己的問題,以標記此爲已解決 –
這實際上不是flask-admin,這是flask-superadmin – Hut8