From 84759f9508abd3398ff4b55a36b92475d5a9c7a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20Gruszczy=C5=84ski?= Date: Tue, 4 Nov 2025 10:33:32 +0100 Subject: [PATCH] rewrite --- routes/auth_routes.py | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/routes/auth_routes.py b/routes/auth_routes.py index ca89d3f..bf229ca 100644 --- a/routes/auth_routes.py +++ b/routes/auth_routes.py @@ -20,10 +20,26 @@ def login_required(f): return decorated_function +def admin_required(f): + """Decorator - require admin role""" + @wraps(f) + def decorated_function(*args, **kwargs): + if 'user_id' not in session: + return redirect(url_for('auth.login')) + + user = User.query.get(session['user_id']) + if not user or not user.is_admin: + return jsonify({'error': 'Admin access required', 'success': False}), 403 + + return f(*args, **kwargs) + return decorated_function + + @auth_bp.route('/login', methods=['GET', 'POST']) def login(): """Login page and authentication""" if request.method == 'GET': + # Check if already logged in if 'user_id' in session: return redirect(url_for('main.index')) @@ -49,18 +65,20 @@ def login(): logger.warning(f"[AUTH] Login failed - wrong password for '{username}'", flush=True) return render_template('auth/login.html', error='Invalid credentials'), 401 - session.clear() + session.clear() session['user_id'] = user.id session['username'] = user.username session['is_admin'] = user.is_admin - session.permanent = True + session.permanent = True + # Zaloguj w basie danych from datetime import datetime user.last_login = datetime.utcnow() db.session.commit() logger.info(f"[AUTH] User '{username}' logged in successfully", flush=True) + # Redirect do dashboard return redirect(url_for('main.index')) except Exception as e: