Snippets are unofficial and unmaintained.
This is an archived view of user-submitted snippets. Despite being hosted on the Flask site, they are not official. No Flask maintainer has curated or checked the snippets for security, correctness, or design.
A common need of a website is to have an admin interface that is only accessible to a subset of users (ex. users with an admin role). Putting this code in the same modules (files) as the rest of the site can clutter things quickly.
Here is some boilerplate that leverages the power of Blueprints to separate the admin views/forms/etc from the rest of the site, as well as conveniently handle the need to restrict all requests to admin views.
from flask import Flask import admin app = Flask(__name__) app.register_blueprint(admin.bp, url_prefix='/admin')
from flask import Blueprint from flask import redirect, request from google.appengine.api import users bp = Blueprint('admin', __name__) @bp.before_request def restrict_bp_to_admins(): if not users.is_current_user_admin(): return redirect(users.create_login_url(request.url))
This example makes use of Google App Engine's User API for authentication/authorization, but could easily be modified to support another authorization mechanism.
You may also prefer to abort the request with a HTTP 403 (
abort(403)) instead of returning the user back to the login page.
This snippet by Sean Lynch can be used freely for anything you like. Consider it public domain.