rewrite

2025-11-04 10:33:32 +01:00
parent 5a687549a9
commit 84759f9508
1 changed files with 20 additions and 2 deletions
--- a/routes/auth_routes.py
+++ b/routes/auth_routes.py
@@ -20,10 +20,26 @@ def login_required(f):
    return decorated_function


+def admin_required(f):
+    """Decorator - require admin role"""
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if 'user_id' not in session:
+            return redirect(url_for('auth.login'))
+        
+        user = User.query.get(session['user_id'])
+        if not user or not user.is_admin:
+            return jsonify({'error': 'Admin access required', 'success': False}), 403
+        
+        return f(*args, **kwargs)
+    return decorated_function
+
+
@auth_bp.route('/login', methods=['GET', 'POST'])
 def login():
    """Login page and authentication"""
    if request.method == 'GET':
+        # Check if already logged in
        if 'user_id' in session:
            return redirect(url_for('main.index'))
        
@@ -49,18 +65,20 @@ def login():
            logger.warning(f"[AUTH] Login failed - wrong password for '{username}'", flush=True)
            return render_template('auth/login.html', error='Invalid credentials'), 401
        
-        session.clear()
+        session.clear() 
        session['user_id'] = user.id
        session['username'] = user.username
        session['is_admin'] = user.is_admin
-        session.permanent = True
+        session.permanent = True  
        
+        # Zaloguj w basie danych
        from datetime import datetime
        user.last_login = datetime.utcnow()
        db.session.commit()
        
        logger.info(f"[AUTH] User '{username}' logged in successfully", flush=True)
        
+        # Redirect do dashboard
        return redirect(url_for('main.index'))
    
    except Exception as e: