1
0
Fork 0
mirror of https://codeberg.org/Mo8it/AdvLabDB.git synced 2024-12-20 23:41:20 +00:00

Prevent locking admin out

This commit is contained in:
Mo 2021-06-09 02:22:37 +02:00
parent c5a8ef790b
commit a6314e1c02
2 changed files with 24 additions and 4 deletions

View file

@ -53,8 +53,6 @@ This URL leads to the home page where you can login with this testing admin acco
- Rest of admin model views
- Validators
- Experiments history for students
- Check deactivation and deletion of users and roles (Don't lock out admins!)
- Change semesters label (SS WS)?
- Assistants space
- Email integration?
- 2FA?

View file

@ -1,7 +1,7 @@
from flask import flash, request, url_for
from flask_admin.contrib.sqla.filters import BaseSQLAFilter
from flask_admin.menu import MenuLink
from flask_security import hash_password
from flask_security import hash_password, current_user
from wtforms import BooleanField, SelectField, TextField
from wtforms.validators import DataRequired, Email
@ -43,6 +43,9 @@ class UserModelView(SecureModelView):
"roles": {"validators": [DataRequired(message="A role is required!")]},
}
deleteSelfException = "Tried to delete yourself as user!"
deactivateSelfException = "Tried to deactiavte yourself as user!"
def create_model(self, form):
password = randomPassword()
passwordHash = hash_password(password)
@ -68,9 +71,28 @@ class UserModelView(SecureModelView):
flash(f"Random password: {password}", category="warning")
return model
def on_model_delete(self, model):
if model == current_user:
raise Exception(self.deleteSelfException)
def on_model_change(self, form, model, is_created):
if model == current_user and not form.active.data:
raise Exception(self.deactivateSelfException)
def handle_view_exception(self, exc):
if exc.args[0] in (self.deleteSelfException, self.deactivateSelfException):
pass
else:
return super().handle_view_exception(exc)
class RoleModelView(SecureModelView):
column_exclude_list = ["update_datetime"]
can_create = False
can_edit = False
can_delete = False
column_display_actions = False
column_list = ["name", "description"]
class SemesterModelView(SecureModelView):