Authentication and authorization can be integrated into Flask via the Flask-Login and Flask-Principal plugins. (Or also potentially via the Flask-Security plugin.)
HOWEVER: Flask-Admin–another plugin which provides a backend dashboard–is not a registered blueprint…and, I believe (insomuch as I can tell), the decorators used by Flask-Login and Flask-Principal–and that are otherwise required for a user to access a rendered view…those decorators only operate on views that are part of a registered blueprint.
TWO QUESTIONS:
1) How do I register Flask-Admin as a blueprint in my app, and/or otherwise enable Flask-Login and/or Flask-Principal decorators to protect views associated with Flask-Admin?
2) Why do Flask-Login and Flask-Principal work only on objects which are “natively” part of my app…and not objects (e.g., “Admin” object) that is imported from a plugin? How can I work around this problem…if indeed I am perceiving it correctly?
I gather this is the problem insomuch as it’s no sweat for me to create protected views for my app’s main index page…or any other page with a view located inside a blueprint. I just can’t seem to do it for the Flask-Admin index page (which, again, has no blueprint).
Flask-Admin provides another way of providing authentication – you simply subclass the
AdminIndexandBaseIndexviews (or views fromcontribif you only need those) and implement theis_accessiblemethod. See the documentation for more details. There is also an example provided in the repository.