book

Mastering Flask Web Development - Second Edition

by Daniel Gaspar, Jack Stouffer

October 2018

Intermediate to advanced

332 pages

8h 9m

English

Packt Publishing

Read now

Unlock full access

Content preview from Mastering Flask Web Development - Second Edition

Securing Flask Admin

Currently, the entire admin interface is accessible to the world—let's fix that. The routes in the CustomView can be secured just like any other route, as follows:

class CustomView(BaseView): 
    @expose('/') 
    @login_required 
    @has_role('admin') 
    def index(self): 
        return self.render('admin/custom.html') 
 
    @expose('/second_page') 
    @login_required     @has_role('admin') 
    def second_page(self): 
        return self.render('admin/second_page.html')

To secure the ModeView and FileAdmin subclasses, they need to have a method named is_accessible defined, which either returns true or false:

class CustomModelView(ModelView): def is_accessible(self): return current_user.is_authenticated and current_user.has_role('admin') class CustomFileAdmin(FileAdmin): ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Flask Web Development, 2nd Edition

Miguel Grinberg

Flask Web Development

Miguel Grinberg

Learning Go, 2nd Edition

Jon Bodner

React - The Complete Guide (Includes Hooks, React Router, and Redux) - Second Edition

Academind by Maximilian Schwarzmüller GmbH

Publisher Resources

ISBN: 9781788995405Supplemental Content