Securing the admin website
As you may have noticed while testing the new admin website, it does not do any sort of authentication. In order to protect our admin site from anonymous users (or even certain logged-in users), we will add a new column to the User
model to indicate that a user can access the admin website. Then we will use a hook provided by Flask-Admin to ensure that the requesting user has permissions.
The first step is to add a new column to our User
model. Add the admin
column to the User
model as follows:
class User(db.Model): id = db.Column(db.Integer, primary_key=True) email = db.Column(db.String(64), unique=True) password_hash = db.Column(db.String(255)) name = db.Column(db.String(64)) slug = db.Column(db.String(64), unique=True) ...
Get Learning Flask Framework now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.