mo8it/AdvLabDB
1
0
Fork 0
mirror of https://codeberg.org/Mo8it/AdvLabDB.git synced 2024-11-08 21:21:06 +00:00
Code Releases Activity

Prevent locking admin out

Browse source
This commit is contained in:
Mo 2021-06-09 02:22:37 +02:00
parent c5a8ef790b
commit a6314e1c02
2 changed files with 24 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -53,8 +53,6 @@ This URL leads to the home page where you can login with this testing admin acco
- Rest of admin model views - Rest of admin model views
- Validators - Validators
- Experiments history for students - Experiments history for students
- Check deactivation and deletion of users and roles (Don't lock out admins!)
- Change semesters label (SS WS)?
- Assistants space - Assistants space
- Email integration? - Email integration?
- 2FA? - 2FA?

26
advlabdb/modelViews.py
View file

@ -1,7 +1,7 @@
from flask import flash, request, url_for from flask import flash, request, url_for
from flask_admin.contrib.sqla.filters import BaseSQLAFilter from flask_admin.contrib.sqla.filters import BaseSQLAFilter
from flask_admin.menu import MenuLink from flask_admin.menu import MenuLink
from flask_security import hash_password from flask_security import hash_password, current_user
from wtforms import BooleanField, SelectField, TextField from wtforms import BooleanField, SelectField, TextField
from wtforms.validators import DataRequired, Email from wtforms.validators import DataRequired, Email
@ -43,6 +43,9 @@ class UserModelView(SecureModelView):
"roles": {"validators": [DataRequired(message="A role is required!")]}, "roles": {"validators": [DataRequired(message="A role is required!")]},
} }
deleteSelfException = "Tried to delete yourself as user!"
deactivateSelfException = "Tried to deactiavte yourself as user!"
def create_model(self, form): def create_model(self, form):
password = randomPassword() password = randomPassword()
passwordHash = hash_password(password) passwordHash = hash_password(password)
@ -68,9 +71,28 @@ class UserModelView(SecureModelView):
flash(f"Random password: {password}", category="warning") flash(f"Random password: {password}", category="warning")
return model return model
def on_model_delete(self, model):
if model == current_user:
raise Exception(self.deleteSelfException)
def on_model_change(self, form, model, is_created):
if model == current_user and not form.active.data:
raise Exception(self.deactivateSelfException)
def handle_view_exception(self, exc):
if exc.args[0] in (self.deleteSelfException, self.deactivateSelfException):
pass
else:
return super().handle_view_exception(exc)
class RoleModelView(SecureModelView): class RoleModelView(SecureModelView):
column_exclude_list = ["update_datetime"] can_create = False
can_edit = False
can_delete = False
column_display_actions = False
column_list = ["name", "description"]
class SemesterModelView(SecureModelView): class SemesterModelView(SecureModelView):