from floatapp import app, login_manager from flask import request, abort from flask_login import current_user, UserMixin from functools import wraps class User(UserMixin): def __init__(self, id, admin=False): self.admin = admin self.id = id def __unicode__(self): return u"{}".format(self.id) def __str__(self): return str(self.id) admin_user = User("admin", True) @login_manager.user_loader def load_user(id): if id == "admin": return admin_user return User(id) @login_manager.unauthorized_handler def unauthorized(): return abort(403) def admin_required(fn): @wraps(fn) def decorated_view(*args, **kwargs): if (query_is_admin_user(request.args) or (current_user.is_authenticated and current_user.admin)): return fn(*args, **kwargs) return app.login_manager.unauthorized() return decorated_view def query_is_admin_user(query): username = query.get("username", None) password = query.get("password", None) return (username == app.config["ADMIN_USERNAME"] and password == app.config["ADMIN_PASSWORD"])