mirror of
https://codeberg.org/Mo8it/AdvLabDB.git
synced 2024-12-20 23:41:20 +00:00
Prevent locking admin out
This commit is contained in:
parent
c5a8ef790b
commit
a6314e1c02
2 changed files with 24 additions and 4 deletions
|
@ -53,8 +53,6 @@ This URL leads to the home page where you can login with this testing admin acco
|
||||||
- Rest of admin model views
|
- Rest of admin model views
|
||||||
- Validators
|
- Validators
|
||||||
- Experiments history for students
|
- Experiments history for students
|
||||||
- Check deactivation and deletion of users and roles (Don't lock out admins!)
|
|
||||||
- Change semesters label (SS WS)?
|
|
||||||
- Assistants space
|
- Assistants space
|
||||||
- Email integration?
|
- Email integration?
|
||||||
- 2FA?
|
- 2FA?
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
from flask import flash, request, url_for
|
from flask import flash, request, url_for
|
||||||
from flask_admin.contrib.sqla.filters import BaseSQLAFilter
|
from flask_admin.contrib.sqla.filters import BaseSQLAFilter
|
||||||
from flask_admin.menu import MenuLink
|
from flask_admin.menu import MenuLink
|
||||||
from flask_security import hash_password
|
from flask_security import hash_password, current_user
|
||||||
from wtforms import BooleanField, SelectField, TextField
|
from wtforms import BooleanField, SelectField, TextField
|
||||||
from wtforms.validators import DataRequired, Email
|
from wtforms.validators import DataRequired, Email
|
||||||
|
|
||||||
|
@ -43,6 +43,9 @@ class UserModelView(SecureModelView):
|
||||||
"roles": {"validators": [DataRequired(message="A role is required!")]},
|
"roles": {"validators": [DataRequired(message="A role is required!")]},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
deleteSelfException = "Tried to delete yourself as user!"
|
||||||
|
deactivateSelfException = "Tried to deactiavte yourself as user!"
|
||||||
|
|
||||||
def create_model(self, form):
|
def create_model(self, form):
|
||||||
password = randomPassword()
|
password = randomPassword()
|
||||||
passwordHash = hash_password(password)
|
passwordHash = hash_password(password)
|
||||||
|
@ -68,9 +71,28 @@ class UserModelView(SecureModelView):
|
||||||
flash(f"Random password: {password}", category="warning")
|
flash(f"Random password: {password}", category="warning")
|
||||||
return model
|
return model
|
||||||
|
|
||||||
|
def on_model_delete(self, model):
|
||||||
|
if model == current_user:
|
||||||
|
raise Exception(self.deleteSelfException)
|
||||||
|
|
||||||
|
def on_model_change(self, form, model, is_created):
|
||||||
|
if model == current_user and not form.active.data:
|
||||||
|
raise Exception(self.deactivateSelfException)
|
||||||
|
|
||||||
|
def handle_view_exception(self, exc):
|
||||||
|
if exc.args[0] in (self.deleteSelfException, self.deactivateSelfException):
|
||||||
|
pass
|
||||||
|
else:
|
||||||
|
return super().handle_view_exception(exc)
|
||||||
|
|
||||||
|
|
||||||
class RoleModelView(SecureModelView):
|
class RoleModelView(SecureModelView):
|
||||||
column_exclude_list = ["update_datetime"]
|
can_create = False
|
||||||
|
can_edit = False
|
||||||
|
can_delete = False
|
||||||
|
column_display_actions = False
|
||||||
|
|
||||||
|
column_list = ["name", "description"]
|
||||||
|
|
||||||
|
|
||||||
class SemesterModelView(SecureModelView):
|
class SemesterModelView(SecureModelView):
|
||||||
|
|
Loading…
Reference in a new issue