Admin Roles

Many applications need different user roles (admin, regular user, moderator). This chapter extends authentication with an `is_admin` flag and admin‑only routes.

Add Admin Flag to User Model

class User(db.Model, UserMixin):
    # ... existing columns ...
    is_admin = db.Column(db.Boolean, default=False)

Create an Admin User

You can create an admin user manually via the Python shell or a script:

admin = User(username='admin', email='admin@example.com', password=hashed_pw, is_admin=True)
db.session.add(admin)
db.session.commit()

Admin‑Only Decorator

from functools import wraps
from flask import abort

def admin_required(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if not current_user.is_authenticated or not current_user.is_admin:
            abort(403)
        return f(*args, **kwargs)
    return decorated_function

Using the Admin Decorator

@app.route('/admin')
@login_required
@admin_required
def admin_panel():
    return 'Admin area – only for admins'

Template‑Level Checks

You can show/hide admin links in templates:

{% if current_user.is_authenticated and current_user.is_admin %}
    Admin Panel
{% endif %}

Two Minute Drill

Add `is_admin` boolean column to User model.
Create a custom `admin_required` decorator.
Protect admin routes with `@login_required` and `@admin_required`.
Use conditional logic in templates to show/hide admin elements.

Need more clarification?

Drop us an email at career@quipoinfotech.com

Welcome to Quipoin

Quipoin Menu

Admin Roles

Need more clarification?