0

This question has a similar question that was posted 7 years ago. I want to know what is pertinent currently. Flask-auth, Principal and Flask Security

I have found so much documentation on login and user authorization and controls im a little uncertain how I should be going about this. Im using Flask_SQLAlchemy and sqlite to build a CRUD app. I want to be able to create user specific login authorization and roles so that some portions of the app are or are not visible depending on your role and or authorization. I was hoping that maybe someone could provide the differences and/or the pros and cons or maybe what the industry standard is? Im looking at

Flask-Admin - https://flask-admin.readthedocs.io/en/latest/introduction/

Role based Authorization - https://flask-user.readthedocs.io/en/latest/authorization.html

login_required - https://flask-login.readthedocs.io/en/latest/

Flask Principal - https://pythonhosted.org/Flask-Principal/

Also, theres the option of writing your own code, Im already using -

#check if user is logged in
def is_logged_in(f):
    @wraps(f)
    def wrap(*args, **kwargs):
        if 'logged_in' in session:
            return f(*args, **kwargs)
        else:
            flash('Unauthorized, Please login', 'danger')
            return redirect(url_for('home'))
    return wrap

and I was going to implement -

def admin_required(f):
    @wraps(f)
    def wrap(*args, **kwargs):
        if current_user.role == "Admin":
            return f(*args, **kwargs)
        else:
            flash("You need to be an admin to view this page.")
            return redirect(url_for('index'))

    return wrap

Any thoughts, opinions or insight on this would be great! Thank you!

Diggty66
  • 43
  • 3
  • 9

1 Answers1

3

While you listed some related plugins, you did not specify what you want to do.

A couple of thoughts about the mentioned plugins:

  • Flask Principal -> unmaintained

  • Flask-User -> no commits for over a year; that's a warning sign for me; I would not use it

  • Flask-Admin -> I have used it for one app, where I needed basic CRUD implementation and an user and an admin role; worked out ok; while there is activity, the project is drowning in issues and pull requests; e.g. examples are broken for years; trivial pull requests do not get merged

  • Flask-Login -> I use it for every Flask project, works pretty well; no authorization suppport!; while the maintainer is pretty inactive, one of the Flask core maintainers has access to the project and does some housekeeping work

So, if you want to use Flask, I'd go with Flask-Login, except you have a very basic crud application, than you could have a look at Flask-Admin.

If Flask is not a given requirement, I'd have a look at eg Django or other frameworks.

Jürgen Gmach
  • 5,366
  • 3
  • 20
  • 37