2

As we all know, flask-admin allows the users with same role have the same privilege. However, in my app I'd like to restrict only the user who created a query to view and edit.

For example, there are many users with the same role called "developers", he/she creates a code review and wait for approval.

The pic below shows developer Gina can see developer Bill's project in the list(which is not desired). What I'd like to achieve is only Gina and the reviewers(Wesker and Steve here) can view this project in the list.

I've put the code here , if it's not appropriate I will remove the link. Thanks in advance.

enter image description here

Samoth
  • 716
  • 15
  • 34

3 Answers3

5

Overriding ModelView, you can filter results to show logged user own results:

def get_query(self):
  return self.session.query(self.model).filter(self.model.user==current_user)

def get_count_query(self):
  return self.session.query(func.count('*')).filter(self.model.user==current_user)

You can find more info here: Flask-Admin default filters

Jean Cassol
  • 483
  • 5
  • 8
0

You should have to create another user role to achieve your goal. It will help you to save your time and you can easily customize the view specifically for the particular individual or group.

Please go through this link

Gaurav Paliwal
  • 1,556
  • 16
  • 27
0

Having the info you provided, a solution might look like the following

  1. Rewrite/extend the logic which gathers the Project records so that there are only records belonging to the current user. An example to demonstrate might looks like this:

    pseudo-sql

    SELECT team, name, project_name, version, ... FROM projects where name = current_user.name

  2. Rewrite/extend the logic responsible for saving the record so that it will verify that the current_user is allowed to make changes to the given project record

Igor
  • 2,834
  • 2
  • 26
  • 44