Authentication and authorization can be integrated into Flask via the Flask-Login and Flask-Principal plugins. (Or also potentially via the Flask-Security plugin.)
HOWEVER: Flask-Admin--another plugin which provides a backend dashboard--is not a registered blueprint...and, I believe (insomuch as I can tell), the decorators used by Flask-Login and Flask-Principal--and that are otherwise required for a user to access a rendered view...those decorators only operate on views that are part of a registered blueprint.
TWO QUESTIONS:
1) How do I register Flask-Admin as a blueprint in my app, and/or otherwise enable Flask-Login and/or Flask-Principal decorators to protect views associated with Flask-Admin?
2) Why do Flask-Login and Flask-Principal work only on objects which are "natively" part of my app...and not objects (e.g., "Admin" object) that is imported from a plugin? How can I work around this problem...if indeed I am perceiving it correctly?
I gather this is the problem insomuch as it's no sweat for me to create protected views for my app's main index page...or any other page with a view located inside a blueprint. I just can't seem to do it for the Flask-Admin index page (which, again, has no blueprint).
Flask-Admin provides another way of providing authentication - you simply subclass the AdminIndex
and BaseIndex
views (or views from contrib
if you only need those) and implement the is_accessible
method. See the documentation for more details. There is also an example provided in the repository.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With