Override routes? Want to make invite_user available only to admin role

lingthio / Flask-User

Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.

http://flask-user.readthedocs.io/

MIT License

1.06k stars 294 forks source link

Override routes? Want to make invite_user available only to admin role #278

Open GitMorin opened 4 years ago

GitMorin commented 4 years ago

Is there a way I can overwrite the user_invite functionality so only users with admin role can access the route? I dont want anyone to be able to invite new users.

carissableker commented 2 years ago

Using a CustomUserManager, you can over ride the default invitation view which is here:

https://github.com/lingthio/Flask-User/blob/5c652e6479036c3d33aa1626524e4e65bd3b961e/flask_user/user_manager__views.py#L317-L320

and add the roles_required decorator

class CustomUserManager(UserManager):

    @login_required
    @roles_required('specialrole')
    def invite_user_view(self):
        """ Allows users to send invitations to register an account. """

        <rest of original code>

mgonline86 commented 2 years ago

@carissableker Thanks 😊, I implemented your solution and it worked like magic. and here is how I did it

# Customize Flask-User
class CustomUserManager(UserManager):
  # Making user invitation limited to admin role only
  @roles_required('admin')
  def invite_user_view(self):
    return super().invite_user_view()

# Setup Flask-User and specify the User data-model
user_manager = CustomUserManager(app, db, User)