diff options
| author | Frederick Yin <fkfd@fkfd.me> | 2021-10-27 23:07:55 +0800 |
|---|---|---|
| committer | Frederick Yin <fkfd@fkfd.me> | 2021-10-27 23:07:55 +0800 |
| commit | a42cefbbee178498afdd65ae0f774c2cdd99493f (patch) | |
| tree | 6db5b3f5edcd7fc98458478713b0f14e51e9c466 /jimbrella/admin.py | |
| parent | 4d35e9f2a36d1e0c938a985d4afffcb6ee99c193 (diff) | |
Admin console requires login to admin account
Diffstat (limited to 'jimbrella/admin.py')
| -rw-r--r-- | jimbrella/admin.py | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/jimbrella/admin.py b/jimbrella/admin.py index 4c604be..04a3f88 100644 --- a/jimbrella/admin.py +++ b/jimbrella/admin.py @@ -1,11 +1,26 @@ -from flask import Blueprint, request, render_template, redirect, url_for +from flask import Blueprint, request, session, render_template, redirect, url_for, abort from user_agents import parse as user_agent from .database import Database +from .users import Users from .exceptions import * from .config import * bp = Blueprint("admin", __name__, url_prefix="/admin") db = Database(DATABASE_PATH) +users = Users(USERS_PATH) + + +@bp.before_request +def check_privilege(): + # only clients who have obtained a session and sent it in the Cookie header + # will have a decryptable username here + if "username" not in session: + return redirect(url_for("auth.login")) + + username = session["username"] + user = users.find(username) # under normal circumstances it must exist + if user["role"] != "admin": + abort(403) @bp.route("/") |