From ea8eda35a7bd831964c38b38cc9a5b19bcb44d6a Mon Sep 17 00:00:00 2001
From: 0livd <0livd@users.noreply.github.com>
Date: Thu, 18 May 2017 10:48:09 +0100
Subject: Public project creation and admin permissions (#210)
* Add a @requires_admin decorator
It can be used to protect specific endpoints with ADMIN_PASSWORD
(a password that is stored unencrypted in the settings)
The decorator has no effect if ADMIN_PASSWORD is an empty string (default value)
* Require admin permissions to access create project endpoint
When ADMIN_PASSWORD is not empty, project creation form on the
home page will be replaced by a link to the create project endpoint
so one is able to enter the admin password before filling the form
---
budget/templates/authenticate.html | 6 ++++++
budget/templates/forms.html | 10 ++++++++++
budget/templates/home.html | 4 ++++
3 files changed, 20 insertions(+)
(limited to 'budget/templates')
diff --git a/budget/templates/authenticate.html b/budget/templates/authenticate.html
index 98914d0..f241c48 100644
--- a/budget/templates/authenticate.html
+++ b/budget/templates/authenticate.html
@@ -7,7 +7,13 @@
to") }} {{ _("create it") }}{{ _("?") }}
{% endif %}
+{% if admin_auth %}
+
+{% else %}
+{% endif %}
{% endblock %}
diff --git a/budget/templates/forms.html b/budget/templates/forms.html
index 01e5486..ffdd165 100644
--- a/budget/templates/forms.html
+++ b/budget/templates/forms.html
@@ -45,6 +45,16 @@
{% endmacro %}
+{% macro admin(form) %}
+
+ {% include "display_errors.html" %}
+
+ {{ form.hidden_tag() }}
+ {{ input(form.admin_password) }}
+ {{ submit(form.submit) }}
+
+{% endmacro %}
+
{% macro create_project(form, home=False) %}
{% include "display_errors.html" %}
diff --git a/budget/templates/home.html b/budget/templates/home.html
index edbee61..c7a9d1e 100644
--- a/budget/templates/home.html
+++ b/budget/templates/home.html
@@ -28,6 +28,9 @@
+ {% endif %}
{% endblock %}
--
cgit v1.1