diff options
| author | rubenwardy <rw@rubenwardy.com> | 2018-07-30 00:42:11 +0100 |
|---|---|---|
| committer | rubenwardy <rw@rubenwardy.com> | 2018-07-30 00:42:11 +0100 |
| commit | b296b9b299fa4d07bedc25c791d1a039d4b9fb72 (patch) | |
| tree | 357b0ff3ffac9b2989f35fe8e848ce3005aeee6e /app/views/admin.py | |
| parent | dd6257a0a042f1ae82bcd00c999fade3746abdbf (diff) | |
| download | cheatdb-b296b9b299fa4d07bedc25c791d1a039d4b9fb72.tar.xz | |
Fix two bugs
Diffstat (limited to 'app/views/admin.py')
| -rw-r--r-- | app/views/admin.py | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/app/views/admin.py b/app/views/admin.py index 0e44897..19bcd4b 100644 --- a/app/views/admin.py +++ b/app/views/admin.py @@ -36,7 +36,10 @@ class MyModelView(ModelView): def inaccessible_callback(self, name, **kwargs): # redirect to login page if user doesn't have access - return redirect(url_for('user.login', next=request.url)) + if current_user.is_authenticated: + abort(403) + else: + return redirect(url_for('user.login', next=request.url)) admin = Admin(app, name='ContentDB', template_mode='bootstrap3', url="/admin/db") admin.add_view(MyModelView(User, db.session)) |