O'Reilly logo

Learning Flask Framework by Charles Leifer, Matt Copperwaite

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Securing the admin website

As you may have noticed while testing the new admin website, it does not do any sort of authentication. In order to protect our admin site from anonymous users (or even certain logged-in users), we will add a new column to the User model to indicate that a user can access the admin website. Then we will use a hook provided by Flask-Admin to ensure that the requesting user has permissions.

The first step is to add a new column to our User model. Add the admin column to the User model as follows:

class User(db.Model): id = db.Column(db.Integer, primary_key=True) email = db.Column(db.String(64), unique=True) password_hash = db.Column(db.String(255)) name = db.Column(db.String(64)) slug = db.Column(db.String(64), unique=True) ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required