python - 限制 Flask-Admin 上的一个 View ？

Question

我有一个 Flask 应用程序文件，views.py。

在 views.py 中，我在此处设置了 Flask-Admin 和相应的 sqlalchemy 数据库:

db = SQLAlchemy(flaskapp)

def build_db():

import random
import datetime

db.drop_all()
db.create_all()

# Create sample Users
testuser = []
testgroup = []
testlevel = []

user_list = []
for i in range(len(testuser)):
    user = User()
    user.testuser = testuser[i]
    user.testlevel = testlevel[i]
    user.testgroup = testgroup[i]

    user_list.append(user)
    db.session.add(user)

for user in user_list:
    entry = random.choice(sample_text)  # select text at random
    post = Post()
    post.user = user
    post.title = entry['title']
    post.text = entry['content']
    tmp = int(1000*random.random())  # random number between 0 and 1000:
    post.date = datetime.datetime.now() - datetime.timedelta(days=tmp)
    post.tags = random.sample(tag_list, 2)  # select a couple of tags at random
    db.session.add(post)

db.session.commit()
return

# Create models
class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    testuser = db.Column(db.String(100))
    testgroup = db.Column(db.String(100))
    testlevel = db.Column(db.String(100))

# Required for administrative interface. For python 3 please use __str__ instead.
def __repr__(self):
    return self.testuser

class UserInfo(db.Model):
    id = db.Column(db.Integer, primary_key=True)

    key = db.Column(db.String(64), nullable=False)
    value = db.Column(db.String(64))

    user_id = db.Column(db.Integer(), db.ForeignKey(User.id))
    user = db.relationship(User, backref='info')

def __repr__(self):
    return '%s - %s' % (self.key, self.value)

### Attempt at doing something...
class MyView(ModelView):
    @expose('/admin/userview', methods=('GET', 'POST'))
    def adminview():
        return "yes"
##ADMIN
admin = Admin(flaskapp, name="Test Aptly")
admin.add_view(MyView(User, db.session))

问题。

如何根据用户的级别(使用数据库“teSTLevel”定义)来阻止对“/admin/userview”页面的访问？用户具有 3 种品质，两个用户的示例是:

testuser          testgroup        testlevel

joe               it               admin

john              dev              basic

如何限制管理页面只允许 teSTLevel="admin" 的人访问？我使用 Flask-Security 吗？ Flask 校长？如果是这样，怎么办？我已经对两者进行了一些修改，但到目前为止还没有任何进展。

这是一个示例“/admin/userview”，如下所示:example Flask-Admin

First of all, you can use various class-level properties to configure what should be displayed and how. For example, column_list can be used to show some of the column or include extra columns from related models.

For example:

class UserView(ModelView):
    # Show only name and email columns in list view
    column_list = ('name', 'email')

    # Enable search functionality - it will search for terms in
    # name and email fields
    column_searchable_list = ('name', 'email')

    # Add filters for name and email columns
    column_filters = ('name', 'email')

Alternatively, you can override some of the ModelView methods and implement your custom logic.

For example, if you need to contribute additional field to the generated form, you can do something like this:

class UserView(ModelView):
    def scaffold_form(self):
        form_class = super(UserView, self).scaffold_form()
        form_class.extra = wtf.TextField('Extra')
        return form_class

Check flask.ext.admin.contrib.sqlamodel documentation for list of configuration properties and methods. Thanks!

Answer 1

我假设您对 BaseView 进行了子类化来创建管理 View ，并且您正在使用 Flask-login。

然后重写 View 类中的 is_accessible 方法，以检查当前用户的质量:

from flask.ext.admin.base import BaseView
from flask.ext.login import current_user

class MyView(BaseView):
    def is_accessible(self):
        return current_user.testlevel == 'admin'

希望这有帮助!