DjalimSimaila/SAE-A2-TruthInquiry
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add decorator to restrict admin endpoints

Browse Source
This commit is contained in:
Thomas Rubini 2023-03-27 16:57:41 +02:00
parent 7d27561697
commit 17d39ceb91
No known key found for this signature in database
GPG Key ID: C7D287C8C1CAC373
3 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
truthinquiry/routes/routes_admin.py
View File

@ -3,18 +3,22 @@ from sqlalchemy import select, or_
from truthinquiry.ext.database.models import * from truthinquiry.ext.database.models import *
from truthinquiry.ext.database.fsa import db from truthinquiry.ext.database.fsa import db
from truthinquiry.utils import require_admin
routes_admin = flask.Blueprint("admin", __name__) routes_admin = flask.Blueprint("admin", __name__)
DEFAULT_LANG = "FR" DEFAULT_LANG = "FR"
@routes_admin.route("/") @routes_admin.route("/")
@require_admin(ui=True)
def index(): def index():
npcs_objs = db.session.query(Npc).all() npcs_objs = db.session.query(Npc).all()
npcs_dicts = [{"id": npc_obj.NPC_ID, "name": npc_obj.NAME_LOCALE.get_text(DEFAULT_LANG).TEXT} for npc_obj in npcs_objs] npcs_dicts = [{"id": npc_obj.NPC_ID, "name": npc_obj.NAME_LOCALE.get_text(DEFAULT_LANG).TEXT} for npc_obj in npcs_objs]
return flask.render_template("admin/index.html", npcs=npcs_dicts) return flask.render_template("admin/index.html", npcs=npcs_dicts)
@routes_admin.route("/npc/<npc_id>") @routes_admin.route("/npc/<npc_id>")
@require_admin(ui=True)
def npc(npc_id): def npc(npc_id):
if npc_id == "new": if npc_id == "new":
return flask.render_template("admin/npc.html", npc={}) return flask.render_template("admin/npc.html", npc={})
@ -36,6 +40,7 @@ def npc(npc_id):
return flask.render_template("admin/npc.html", npc=npc_dict) return flask.render_template("admin/npc.html", npc=npc_dict)
@routes_admin.route("/questions") @routes_admin.route("/questions")
@require_admin(ui=True)
def questions(): def questions():
lang = DEFAULT_LANG lang = DEFAULT_LANG
@ -62,6 +67,7 @@ def questions():
return flask.render_template("admin/questions.html", questions=data, langs=["FR", "EN"]) return flask.render_template("admin/questions.html", questions=data, langs=["FR", "EN"])
@routes_admin.route("/places") @routes_admin.route("/places")
@require_admin(ui=True)
def places(): def places():
lang = DEFAULT_LANG lang = DEFAULT_LANG
@ -70,6 +76,7 @@ def places():
return flask.render_template("admin/places.html", places=places_dicts) return flask.render_template("admin/places.html", places=places_dicts)
@routes_admin.route("/traits") @routes_admin.route("/traits")
@require_admin(ui=True)
def traits(): def traits():
lang = DEFAULT_LANG lang = DEFAULT_LANG

5
truthinquiry/routes/routes_api_admin.py
View File

@ -3,11 +3,13 @@ from sqlalchemy import select, delete, or_
from truthinquiry.ext.database.models import * from truthinquiry.ext.database.models import *
from truthinquiry.ext.database.fsa import db from truthinquiry.ext.database.fsa import db
from truthinquiry.utils import require_admin
routes_api_admin = flask.Blueprint("api_admin", __name__) routes_api_admin = flask.Blueprint("api_admin", __name__)
@routes_api_admin.route("/setQuestions", methods=["GET", "POST"]) @routes_api_admin.route("/setQuestions", methods=["GET", "POST"])
@require_admin(api=True)
def set_questions(): def set_questions():
if not flask.request.json: if not flask.request.json:
return {"error": 1, "msg": "no json set"} return {"error": 1, "msg": "no json set"}
@ -44,6 +46,7 @@ def set_questions():
return {"error": 0} return {"error": 0}
@routes_api_admin.route("/setTraits", methods=["GET", "POST"]) @routes_api_admin.route("/setTraits", methods=["GET", "POST"])
@require_admin(api=True)
def set_traits(): def set_traits():
input_lang = flask.request.json["lang"] input_lang = flask.request.json["lang"]
input_traits = flask.request.json["traits"] input_traits = flask.request.json["traits"]
@ -86,6 +89,7 @@ def set_traits():
return {"error": 0} return {"error": 0}
@routes_api_admin.route("/setPlaces", methods=["GET", "POST"]) @routes_api_admin.route("/setPlaces", methods=["GET", "POST"])
@require_admin(api=True)
def set_places(): def set_places():
input_lang = flask.request.json["lang"] input_lang = flask.request.json["lang"]
input_places = flask.request.json["places"] input_places = flask.request.json["places"]
@ -124,6 +128,7 @@ def set_places():
return {"error": 0} return {"error": 0}
@routes_api_admin.route("/setNpc", methods=["GET", "POST"]) @routes_api_admin.route("/setNpc", methods=["GET", "POST"])
@require_admin(api=True)
def set_npc(): def set_npc():
input_lang = flask.request.json["lang"] input_lang = flask.request.json["lang"]
input_npc = flask.request.json["npc"] input_npc = flask.request.json["npc"]

20
truthinquiry/utils.py Normal file
View File

@ -0,0 +1,20 @@
from functools import wraps
import flask
def require_admin(*args, **kwargs):
def decorator(route):
@wraps(route)
def decorated_function(*route_args, **route_kwargs):
if flask.session.get("admin"):
return route(*route_args, **route_kwargs)
elif kwargs.get("api"):
return {"error": 1, "msg": "Invalid authentication"}
elif kwargs.get("ui"):
return flask.redirect("/admin/auth")
else:
raise ValueError("Can't determine request type")
return decorated_function
return decorator