I need the search result to be validated together with the statement that it is a query inside the template.
So if the user is searching for another user and this user does not exist, it returns nothing. otherwise it returns the username of the user.
If request.user just checks the user that is logged in.
something like this
{% if request.GET.q and request.GET.q.is_authenticated %}
but this does not work :D Thank you
Can I use is_authenticated or is there a better way?
<li class="dropdown-hover">
<form class="form-inline">
{% include "tweets/search_form.html" %}
</form>
{% if user in request.GET.q.is_authenticated %}
<div class="dropdown-content x-card-4 x-bar-block" style="width:300px">
<a href='{{ request.GET.q }}'>{{ request.GET.q }}</a><br/>
{% else %}
<div class="dropdown-content x-card-4 x-bar-block" style="width:300px">
<a href='#'>No users found</a><br/>
{% endif %}
</li>
Thank you for any help
There is a better way, just do {% if request.user.is_authenticated %}.
you need to add loginRequiredMixin in your class so it allow to perform tasks only if user is logged in otherwise it redirect to login page.
#andre If you want to show/hide html tags in a template to the guest/logged-in user, you can use this {% if user.is_authenticated %} or you want to show some pages to the logged-in user #tabish-manzoor's solution is great.
Related
I am pretty new to Flask/Flask-Admin.
I have followed the tutorial on flask admin and managed to get the admin panel working but slightly lost on how to get the below things implemented.
https://github.com/flask-admin/flask-admin/tree/master/examples/auth
When logged in as a normal user I can only see "home" page.
How can I expose other views to "normal user" and restrict actions such as read only etc.
I have created a "baseview" which is not associated with any other models as below:
class SitesView(MyBaseView):
#expose('/')
def index(self):
return self.render('views/testviews.html')
admin.add_view(SitesView(name='Test views', endpoint='test views'))
and html as below:
{% extends 'admin/master.html' %}
{% block body %}
{{ super() }}
{% if current_user.has_role('view1') %}
Site1
{% endif %}
{% if current_user.has_role('view2') %}
<a>Site2</a>
{% endif %}
{% if current_user.has_role('view3') %}
<a>Site3</a>
{% endif %}
{% if current_user.has_role('view4') %}
<a>Site4</a>
{% endif %}
{% endblock %}
This gives me a new tab with different views with works as expected.
What I am trying to achieve here is when user click the Site1 link they go to Site1 page within flask-admin interface but I am not sure how to do that. I could create a new route for this but the problem is I can't(don't know how to) extend flask admin template.
For example this works but it redirect the page outside flask-admin template:
#app.route('/views/')
def views():
return render_template('views/views1.html')
and modified the templates>admin>index.html page with below:
<ul class="lead text-center list-group">
{% if current_user.has_role('view1') %}
<li class="list-group-item">View1</li>
{% endif %}
{% if current_user.has_role('view2') %}
<li class="list-group-item">View2</li>
{% endif %}
{% if current_user.has_role('view3') %}
<li class="list-group-item">View3</li>
{% endif %}
{% if current_user.has_role('view4') %}
<li class="list-group-item">View4</li>
{% endif %}
</ul
I want to build the whole web site using flask admin so that I can keep user experience consistence. Am I doing this the wrong way?
Thanks for your time.
Please do let me know if you want me to provide more information on this issue.
Kind Regards.
So after going through documentations and tutorials I have found the solution to my issue.
For my first question:
When logged in as a normal user I can only see "home" page. How can I
expose other views to "normal user" and restrict actions such as read
only etc.
We can do this by overwriting our view functions is_accessible method as below:
def is_accessible(self):
if not current_user.is_active or not current_user.is_authenticated:
return False
if current_user.has_role('superuser') or current_user.has_role('user') or current_user.has_role('view1'):
return True
return False
For my second question we just need to give the endpoint as for our BaseView as below:
class MyView(BaseView):
#expose('/')
def index(self):
return self.render('views.html')
admin.add_view(MyView(name='Custom Views', endpoint='customviews'))
And then in your jinja template you need to call it:
href="{{ url_for('customviews.index') }}
Just one thing to note, doing this:
current_user.has_role('superuser') or current_user.has_role('user') or current_user.has_role('view1')
could get quite messy if we have so many roles, not sure how we would approach this but hoping this will help someone.
Thanks all.
I know this is an old question, but for the following code
current_user.has_role('superuser') or current_user.has_role('user') or current_user.has_role('view1')
What I like to do is having a hybrid_property (available on both Peewee and SQLAlchemy) inside my User class that consolidates these properties. So it'd look something like this:
#hybrid_property
def user_has_administrative_rights(self):
return self.has_role('superuser') or self.has_role('user')
Here's what I'm trying to achieve in "pseudo code":
{% for page in pages %}
{% if 'can_access_page_{{page.name}}' in perms %}
<li>
{{ page.name }}
</li>
{% endif %}
{% endfor %}
How to do this? Permission names I can customize — but still can't figure out this one.
Simplest way is to slightly abuse Django's existing add template filter (intended for numbers but works for strings), as in this answer:
https://stackoverflow.com/a/4524851/202168
You'll need a custom filter. Something like:
#register.filter
def check_page_perms(page, perms):
return 'can_access_page_%s' % page.name in perms
and use it:
{% if page|check_page_perms:perms %}
I would like to create a product that will be available in Shopify's storefront but only accessible for the shop administrator. Is there a way to identify if the current user is an admin via liquid? Or is there any other solution for this. Thanks!
If you're signed in as an admin, when rendering the {{ content_for_header }} include, it will contain some JavaScript to push the page content down to make room for the Shopify admin bar.
We can utilize capture to store the {{ content_for_header }} code as a liquid variable and then use the contains operator to check if admin_bar_iframe exists in the variable.
{% capture CFH %}{{ content_for_header }}{% endcapture %}{{ CFH }}
{% if CFH contains 'admin_bar_iframe' %}
{% assign admin = true %}
{% endif %}
{% if admin %}
<!-- User is an admin -->
{% else %}
<!-- User is not an admin -->
{% endif %}
Note: I've noticed that the Shopify admin bar doesn't populate at all times (I think its a bug). If your Shopify admin bar is not populating on your instance this will not work.
Just figured out this method that works. (Basically the same thing as the old method, just another way around!)
Detecting logged in admin viewing site:
{% if content_for_header contains 'adminBarInjector' %}
<script>
console.log("You're a logged in admin viewing the site!");
</script>
{% endif %}
Detecting admin in design mode:
{% if content_for_header contains 'designMode' %}
<script>
console.log("You're an admin in design mode!");
</script>
{% endif %}
Another approach would be to use Customer Accounts. Liquid provides a {{ customer }} object, which is only present when a user (customer) is logged in.
You can add a specific tag to an admin user and use liquid to verify if a tag is present:
{% if customer.tags contains "admin" %}
And of course you need to identify your product as 'admin-only', for example using tags:
{% if customer.tags contains "admin" and product.tags contains "admin" %}
<!-- render product -->
{% else %}
<!-- do nothing -->
{% endif %}
EDIT: This seems not to be working anymore since an update to Shopify.
I know this is late, but here is what I've used and it has worked correctly in my testing. This is adapted from the previous answers, but allows use for Customise Theme options, etc.
{% capture CFH %}{{ content_for_header }}{% endcapture %}{{ CFH }}
{% assign isAdmin = true %}
{% if CFH contains '"__st"' %}
{% if CFH contains 'admin_bar_iframe' %}{% else %}
{% assign isAdmin = false %}
{% endif %}
{% endif %}
This is a more complete version of that provided by kyle.stearns above (I can't comment on it because new). One of the main instances where admin bar doesn't load is when previewing themes. Here is the amended code which I've used (updated June 2018 - as Shopify edited the way we preview themes):
{% capture CFH %}{{ content_for_header }}{% endcapture %}
{% if CFH contains 'admin_bar_iframe' %}
{% assign admin = true %}
{% elsif CFH contains 'preview_bar_injector-' %}
{% assign admin = true %}
{% endif %}
{% if admin %}
<!-- User is an admin -->
<script>
alert ("do some work");
</script>
{% else %}
<!-- User is not an admin -->
<script>
alert ("please buy some stuff");
</script>
{% endif %}
If you're using Plus then you also have access to the User via api.
I know this is an old question, but it still shows on top in google searches.
There's now a much better way.
Using liquid:
{% if request.design_mode %}
<!-- This will only render in the theme editor -->
{% endif %}
Using javascript:
if (Shopify.designMode) {
// This will only render in the theme editor
}
Source: shopify.dev
Currently there isn't. You could perhaps try inspecting cookies and stuff to see if there's some identifying information that would let you know if the user is an admin, but it would be fragile.
This would also require rendering the items, but hiding them via CSS. Then you'd show them using JS after you've run your checks.
As stated, this would probably be really fragile.
{% for voter in opt.voterlog_set.all %}
{% if user.id != voter.voter.id %}
<span data-url="{% url vote %}" data-id="{{ opt.id }}" class="button">vote</span>
{% endif %}
{% endfor %}
In the code above I want to show the vote option once only if the current user hasn't already voted. The code above prints out the vote option multiple times (once for each entry in voterlog). Django doesn't let me set a custom variable such as a boolean which I can you use to toggle a hasVoted variable. How can I fix this code using Django templates?
Thanks for your help
Since, as you mention, there's no way to set state in a Django template, there isn't any sane way to do this if you don't have access to the view code. If you do have access to the view code, the easiest solution -- and, all in all, the most correct solution -- is to set a context variable user_has_voted in the view, instead of iterating through the voterlogs in the template.
But, if you don't have access to the view, you'll have to use a hack involving some client-side code, like rendering Javascript to set the necessary state and then adding some further Javascript to check that state and adjust the DOM after the page has loaded.
It seems like your logic is wrong though. You'd need something that sets state if and only if the current user IS found in the loop, like this:
{% for voter in opt.voterlog_set.all %}
{% if user.id == voter.voter.id %}
<script type="text/javascript">
window.user_has_voted = true;
</script>
{% endif %}
{% endfor %}
<script type="text/javascript">
if( !window.user_has_voted ) {
document.write('<span data-url="{% url vote %}" data-id="{{ opt.id }}" class="button">vote</span>');
}
</script>
Note that this is a particularly nasty hack -- it should only ever be used if you only have access to the templates and have no control over the context variables being sent in to the templates.
Probably this is not what you want, but what about creating the list of voters in your view, and add it to template context. Then
{% if user not in voters %}
"user is allowed to vote"
{% endif %}
I am trying to call a method in a model from a template and I have come to the conclusion that this cannot be done.
This is my code
{% if request.user.is_authenticated %}
{% if a_story.is_story_liked(request.user.id) %}
<a class="story_like" data-id="{{ a_story.id }}" href="#">Like</a>
{% endif %}
{% else %}
<a class="story_like_login" data-id="{{ a_story.id }}" href="#">Like</a>
{% endif %}
The error happens on the second line. "is_story_liked" checks if the user has "liked" a story or not. If not, then I would write the same anchor tag but with a different class.
I am kinda stumped with this one. I am trying to output different class names: if the user is logged in, if the user is not logged in and if the user has "liked" or not "liked" an article/story.
Method calls in django templates work only if they don't have an argument (eg. {% if request.user.is_authenticated %}). You will either need to put that functionality in the view that renders this template or put this functionality in a custom template tag.