如何解决如何使用flask login_required装饰器控制多个登录如管理员登录和普通登录
我想用 Flask 中的 login_required 装饰器控制多个登录。在我的项目中,我只希望管理员能够添加文章,注册用户才能对其发表评论。我对未注册用户隐藏了注销页面和个人资料页面,但无法对注册用户隐藏添加文章页面,我该如何解决这个问题?
from flask import Flask,render_template,flash,redirect,url_for,session,logging,request
from flask_MysqLdb import MysqL
from wtforms import Form,StringField,TextAreaField,PasswordField,validators
import email_validator
from passlib.hash import pbkdf2_sha256
from functools import wraps
def login_required(f):
@wraps(f)
def decorated_function(*args,**kwargs):
if "logged_in" in session:
return f(*args,**kwargs)
else:
flash("Bu Sayfayı Görüntülemek İçin Giriş Yapmalısınız","danger")
return redirect(location=(url_for("login")))
return decorated_function
@app.before_request
def before_request_func():
class RegisterForm(Form):
name = StringField("İsim Soyisim",validators=[validators.Length(min=4,message="En az 4 karakter uzunluğunda bir girdi giriniz"),validators.Datarequired()])
user_name = StringField("Kullanıcı Adı",validators.Datarequired()])
email = StringField("Email Adresi",validators.Datarequired(),validators.Email(message="Lütfen Geçerli Bir Email Giriniz")])
password = PasswordField("Şifre",validators=[validators.Datarequired("Lütfen Bir Parola Belirleyin"),validators.EqualTo(fieldname="confirm",message="Parolanız Uyuşmuyor")])
confirm = PasswordField("Parola Doğrula")
class LoginForm(Form):
email = StringField("Email Adresi",validators=[validators.Datarequired(message="Lütfen Emailinizi Giriniz")])
password = PasswordField("Şifre",validators=[validators.Datarequired(message="Lütfen Şifrenizi Giriniz")])
app = Flask(__name__)
MysqL = MysqL(app)
app.secret_key = "furkanselek"
app.config["MysqL_DATABASE_HOST"] = "localhost"
app.config["MysqL_DATABASE_USER"] = "root"
app.config["MysqL_DATABASE_PASSWORD"] = ""
app.config["MysqL_DB"] = "furkanselek"
app.config['MysqL_CURSORCLASS'] = "DictCursor"
app.config["MysqL_DATABASE_PORT"] = "3306"
@app.route("/")
def index():
return render_template("index.html")
@app.route("/about")
def about():
return render_template("about.html")
@app.route("/register",methods=["GET","POST"])
def register():
form = RegisterForm(request.form)
if request.method == "POST" and form.validate():
name = form.name.data
username = form.user_name.data
email = form.email.data
password = pbkdf2_sha256.encrypt(form.password.data)
cursor = MysqL.connection.cursor()
sorgu = ("Insert into users (name,email,username,password) VALUES(%s,%s,%s)")
cursor.execute(sorgu,(name,password))
MysqL.connection.commit()
cursor.close()
flash("Başarıyla Kayıt Oldunuz",category="warning")
return redirect(location =(url_for("login")))
else:
return render_template("register.html",form= form)
@app.route("/login","POST"])
def login():
form = LoginForm(request.form)
if request.method == "POST" and form.validate():
email = form.email.data
password_entered = form.password.data
cursor = MysqL.connection.cursor()
query = ("SELECT * FROM users WHERE email = %s")
result = cursor.execute(query,(email,))
if result > 0:
data = cursor.fetchone()
username = data["username"]
password = data["password"]
if pbkdf2_sha256.verify(password_entered,password):
flash("Başarıyla Giriş Yaptınız",category="warning")
if username == "maxkonrad":
session["admin"] = True
session["logged_in"] = True
session["username"] = username
return redirect(location=(url_for("index")))
else:
session["logged_in"] = True
session["username"] = username
return redirect(location=(url_for("index")))
else:
flash("Parolanızı Yanlış Girdiniz",category="warning")
return redirect(location=(url_for("login")))
else:
flash("Bu Email ile Kayıt Olmuş Bir Kullanıcı Yok")
return redirect(location=(url_for("login")))
else:
return render_template("login.html",form= form)
@app.route("/logout")
@login_required
def logout():
session.clear()
return redirect(location=(url_for("index")))
@app.route("/addarticle","POST"])
def addarticle():
return render_template("addarticle.html")
@app.route("/profile")
@login_required
def profile():
return render_template("profile.html")
if __name__ == "__main__":
app.run(debug=True)
解决方法
在 Role based authorization in flask-login 中,接受的答案似乎使用 Flask-Principal 但是,您也可以使用 Flask-User 来执行此操作,它似乎得到了更积极的维护。有一个 superb basic-app for Flask-User 可以启动一个 app.py 文件。该应用程序提供了两个角色(admin 和 manager)以及三个路由,演示了 Flask-User 提供的基于身份验证和基本角色的授权。它们是不言自明的:
# The Home page is accessible to anyone
@app.route('/')
def home_page():
# The Members page is only accessible to authenticated users
@app.route('/members')
@login_required # Use of @login_required decorator
def member_page():
# The Admin page requires an 'Admin' role.
@app.route('/admin')
@roles_required('Admin') # Use of @roles_required decorator
def admin_page():
Flask-User 也可以用来做更复杂的授权形式。您可以创建更多角色,然后授权路由以仅允许具有该角色和/或其他角色的用户访问。例如,您可以创建管理员、教师和学生角色。然后根据这些角色和/或角色组合改变可访问性。下面是几个例子:
@admin_blueprint.route('/admin/teacher_or_admin')
@roles_required(['admin','teacher']) # requires admin OR teacher role
def admin_teacher_or_admin():
return "You have the right roles to access this page - it requires admin OR teacher roles"
@admin_blueprint.route('/admin/teacher_and_admin')
@roles_required('admin','teacher') # requires admin AND teacher roles
def admin_teacher_and_admin():
return "You have the right roles to access this view"
@admin_blueprint.route('/admin/student')
@roles_required('student')
def admin_student():
return "You have the right roles to access this page - requires student role"
虽然它不像上面的基本用户应用程序那样是单个文件,但此存储库演示了这些更高级的烧瓶用户授权功能:https://github.com/lfernandez55/3200_Final_Project_Challenge
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。