Prevent locking admin out

2024-12-20 23:41:20 +00:00 · 2021-06-09 02:22:37 +02:00 · 2021-06-09 02:22:37 +02:00 · a6314e1c02
commit a6314e1c02
parent c5a8ef790b
2 changed files with 24 additions and 4 deletions
--- a/README.md
+++ b/README.md
@ -53,8 +53,6 @@ This URL leads to the home page where you can login with this testing admin acco
 - Rest of admin model views
  - Validators
  - Experiments history for students
-  - Check deactivation and deletion of users and roles (Don't lock out admins!)
- Change semesters label (SS WS)?
 - Assistants space
 - Email integration?
  - 2FA?
--- a/advlabdb/modelViews.py
+++ b/advlabdb/modelViews.py
@ -1,7 +1,7 @@
 from flask import flash, request, url_for
 from flask_admin.contrib.sqla.filters import BaseSQLAFilter
 from flask_admin.menu import MenuLink
-from flask_security import hash_password
+from flask_security import hash_password, current_user
 from wtforms import BooleanField, SelectField, TextField
 from wtforms.validators import DataRequired, Email

@ -43,6 +43,9 @@ class UserModelView(SecureModelView):
        "roles": {"validators": [DataRequired(message="A role is required!")]},
    }

+    deleteSelfException = "Tried to delete yourself as user!"
+    deactivateSelfException = "Tried to deactiavte yourself as user!"
+
    def create_model(self, form):
        password = randomPassword()
        passwordHash = hash_password(password)
@ -68,9 +71,28 @@ class UserModelView(SecureModelView):
            flash(f"Random password: {password}", category="warning")
            return model

+    def on_model_delete(self, model):
+        if model == current_user:
+            raise Exception(self.deleteSelfException)
+
+    def on_model_change(self, form, model, is_created):
+        if model == current_user and not form.active.data:
+            raise Exception(self.deactivateSelfException)
+
+    def handle_view_exception(self, exc):
+        if exc.args[0] in (self.deleteSelfException, self.deactivateSelfException):
+            pass
+        else:
+            return super().handle_view_exception(exc)
+

 class RoleModelView(SecureModelView):
-    column_exclude_list = ["update_datetime"]
+    can_create = False
+    can_edit = False
+    can_delete = False
+    column_display_actions = False
+
+    column_list = ["name", "description"]


 class SemesterModelView(SecureModelView):