diff options
Diffstat (limited to 'jimbrella/admin.py')
| -rw-r--r-- | jimbrella/admin.py | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/jimbrella/admin.py b/jimbrella/admin.py index 4c604be..04a3f88 100644 --- a/jimbrella/admin.py +++ b/jimbrella/admin.py @@ -1,11 +1,26 @@ -from flask import Blueprint, request, render_template, redirect, url_for +from flask import Blueprint, request, session, render_template, redirect, url_for, abort from user_agents import parse as user_agent from .database import Database +from .users import Users from .exceptions import * from .config import * bp = Blueprint("admin", __name__, url_prefix="/admin") db = Database(DATABASE_PATH) +users = Users(USERS_PATH) + + +@bp.before_request +def check_privilege(): + # only clients who have obtained a session and sent it in the Cookie header + # will have a decryptable username here + if "username" not in session: + return redirect(url_for("auth.login")) + + username = session["username"] + user = users.find(username) # under normal circumstances it must exist + if user["role"] != "admin": + abort(403) @bp.route("/") |