alexander-bauer
commented
7 years ago This can be accomplished by building a similar admin_required decorator.
Closed alexander-bauer closed 7 years ago
alexander-bauer
commented
7 years ago This can be accomplished by building a similar admin_required decorator.
alexander-bauer
commented
7 years ago @Mjacks3 We're going to have to write this decorator ourselves, but it should be fairly simple.
alexander-bauer
commented
7 years ago Since the @admin_required directive is implemented now, all that's left to do is make sure editing of accounts is properly locked down. @Mjacks3 can you take care of that?
Mjacks3
commented
7 years ago yup. leave it to me!
Mjacks3
commented
7 years ago @alexander-bauer I tested (admin) account creation, editing, deletion and profile editing. all good (user) profile editing, edit accounts page access, non-self profile access and self deletion. all success
alexander-bauer
commented
7 years ago @Mjacks3 I just poked at the code, and it looks good. I'm comfortable closing this.
Some pages have the
@app.login_requireddirective, but do not otherwise check whether the logged in user is an admin.