Flask-Admin Role based resource permissions Flask-Admin Role based resource permissions flask flask

Flask-Admin Role based resource permissions


flask wtforms flask-admin flask-security flask-principal

A quick and dirty solution to my own problem:

1. Create a generic function to check ownership in the ModelView class

def is_owned(self, id):    model = db.session.query(self.model).filter(self.model.id == id).all()    if len(model) == 0:        return False    else:        model = model[0]    if model.user_id == current_user.id:        return True    return False

2. Override ModelView's on_model_change, on_form_prefill, on_model_delete, get_query and get_count_query methods to check for ownership (user_id = current_user.id):

def on_model_change(self, form, model, is_created):    if not self.is_owned(model.id):        abort(403)def on_form_prefill(self, form, id):    if not self.is_owned(id):        abort(403)def on_model_delete(self, model):    if not self.is_owned(model.id):        abort(403)def get_query(self):    return super(Tables, self).get_query().filter(self.model.user_id == current_user.id)def get_count_query(self):    return super(Tables,self).get_count_query().filter(self.model.user_id == current_user.id)

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last