33 lines
1.3 KiB
Python
33 lines
1.3 KiB
Python
from flask import abort
|
|
from flask_jwt_extended import get_jwt_identity
|
|
from models import User, db
|
|
import os
|
|
from werkzeug.security import generate_password_hash
|
|
|
|
|
|
def admin_required(user_id, message='Access denied.'):
|
|
user = User.query.get(user_id)
|
|
if user is None or user.role != "Administrator":
|
|
abort(403, message)
|
|
|
|
|
|
def validate_access(owner_id, message='Access denied.'):
|
|
# Check if user try to access or edit resource that does not belong to them
|
|
logged_user_id = int(get_jwt_identity())
|
|
logged_user_role = User.query.get(logged_user_id).role
|
|
if logged_user_role != "Administrator" and logged_user_id != owner_id:
|
|
abort(403, message)
|
|
|
|
|
|
def init_db():
|
|
"""Create default admin account if database is empty"""
|
|
with db.session.begin():
|
|
if not User.query.first(): # Check if user table is empty
|
|
admin_username = os.getenv("ADMIN_USERNAME", "admin")
|
|
admin_email = os.getenv("ADMIN_EMAIL", "admin@example.pl")
|
|
admin_password = os.getenv("ADMIN_PASSWORD", "admin")
|
|
hashed_password = generate_password_hash(admin_password)
|
|
admin = User(username=admin_username, email=admin_email, password=hashed_password, role='Administrator')
|
|
db.session.add(admin)
|
|
db.session.commit()
|