Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # -*- coding: utf-8 -*-
- from flask import Flask, redirect, url_for, flash, render_template, g, current_app, request
- from werkzeug.security import generate_password_hash, check_password_hash
- from flask_wtf import Form, validators
- from flask_wtf import FlaskForm
- from wtforms import StringField, PasswordField, SubmitField
- from flask_sqlalchemy import SQLAlchemy
- from wtforms.validators import Required, Length, EqualTo
- # AUTH
- from flask_sqlalchemy import BaseQuery
- from flask_principal import Principal, RoleNeed, UserNeed, Permission, Identity, identity_changed, identity_loaded, AnonymousIdentity
- from werkzeug.utils import cached_property
- app = Flask(__name__)
- app.config.update(
- SQLALCHEMY_DATABASE_URI = 'sqlite:///test.sqlite',
- DEBUG = True,
- SECRET_KEY = 'secret'
- )
- app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
- db = SQLAlchemy(app)
- Principal(app)
- # User Information providers
- @identity_loaded.connect_via(app)
- def on_identity_loaded(sender, identity):
- g.user = User.query.from_identity(identity)
- # Permission
- admin = Permission(RoleNeed('admin'))
- member = Permission(RoleNeed('member'))
- # MODELS
- class UserQuery(BaseQuery):
- def from_identity(self, 100):
- try:
- user = self.get(int(identity))
- except ValueError:
- user = current_user
- if user:
- identity.provides.update(user.provides)
- identity.user = user
- return user
- class User(db.Model):
- query_class = UserQuery
- MEMBER = 100
- ADMIN = 300
- __tablename__ = 'user'
- id = db.Column(db.Integer, unique=True, nullable=False, primary_key=True)
- username = db.Column(db.String(80), unique=True, nullable=False)
- password = db.Column(db.String(80))
- role = db.Column(db.Integer, default=100)
- @cached_property
- def permissions(self):
- return self.Permissions(self)
- @cached_property
- def provides(self):
- needs = [RoleNeed('authenticated'), UserNeed(self.id)]
- if self.is_member:
- needs.append(RoleNeed('member'))
- if self.is_admin:
- needs.append(RoleNeed('admin'))
- return needs
- @property
- def is_member(self):
- return self.role == self.MEMBER
- @property
- def is_admin(self):
- return self.role == self.ADMIN
- # FORMS
- class SignupForm(Form):
- username = StringField('Username', validators=[Required(), Length(1, 9)])
- password = PasswordField("Password", validators=[Required(), Length(1, 9)])
- submit = SubmitField("Signup")
- class LoginForm(Form):
- username = StringField('Username', validators=[Required(), Length(1, 9)])
- password = PasswordField("Password", validators=[Required(), Length(1, 9)])
- submit = SubmitField("Login")
- # VIEWS
- @app.route('/')
- def index():
- users = User.query.all()
- return render_template('index.html', users=users)
- @app.route('/signup', methods=('GET', 'POST'))
- def signup():
- form = SignupForm()
- if form.validate_on_submit():
- user = User()
- form.populate_obj(user)
- db.session.add(user)
- db.session.commit()
- flash('Signup Success %s' % user.username, 'success')
- return redirect(url_for('index'))
- return render_template('signup.html', form=form)
- @app.route('/login', methods=('GET', 'POST',))
- def login():
- form = LoginForm()
- if form.validate_on_submit():
- user = User.query.filter(User.username==form.username.data).first()
- if user:
- if user.password != form.password.data:
- flash('ooo!')
- identity_changed.send(current_app._get_current_object(), identity=Identity(user.id))
- flash('ooo, %s' % user.username)
- return redirect(url_for('index'))
- else:
- flash('00000!')
- return render_template('login.html', form=form)
- @app.route('/logout')
- def logout():
- identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity())
- flash('oooo!')
- return redirect(url_for('index'))
- @app.route('/page')
- @admin.require(401)
- def page():
- return render_template('page.html')
- @app.errorhandler(401)
- def unauthorized(error):
- flash('Please login to see this page', 'error')
- return redirect(url_for('login', next=request.path))
- db.create_all()
- if __name__ == '__main__':
- app.run()
Add Comment
Please, Sign In to add comment