0
0
Flaskframework~20 mins

Admin panel protection in Flask - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Challenge - 5 Problems
🎖️
Admin Panel Protector
Get all challenges correct to earn this badge!
Test your skills under time pressure!
component_behavior
intermediate
2:00remaining
What happens when a non-admin user tries to access the admin panel?
Consider this Flask route protecting an admin panel:
from flask import Flask, session, redirect, url_for
app = Flask(__name__)
app.secret_key = 'secret'

@app.route('/admin')
def admin_panel():
    if session.get('role') != 'admin':
        return redirect(url_for('login'))
    return 'Welcome to admin panel'

What will a user with session role 'user' see when visiting '/admin'?
AThey see a blank page with no content.
BThey see the text 'Welcome to admin panel'.
CThey get a 404 Not Found error.
DThey get redirected to the login page.
Attempts:
2 left
💡 Hint
Check what happens when the session role is not 'admin'.
📝 Syntax
intermediate
2:00remaining
Identify the syntax error in this Flask admin check
What is wrong with this Flask route code?
@app.route('/admin')
def admin():
    if session['role'] = 'admin':
        return 'Admin access'
    return 'Access denied'
AThe return statements must be inside a try block.
Bsession['role'] should be session.get('role').
CUsing '=' instead of '==' in the if condition.
DMissing parentheses in the route decorator.
Attempts:
2 left
💡 Hint
Check the operator used in the if statement.
state_output
advanced
2:00remaining
What is the output after setting session role to admin?
Given this Flask snippet:
from flask import Flask, session
app = Flask(__name__)
app.secret_key = 'secret'

@app.route('/set_admin')
def set_admin():
    session['role'] = 'admin'
    return 'Role set'

@app.route('/admin')
def admin():
    if session.get('role') == 'admin':
        return 'Welcome admin'
    return 'Access denied'

What will a user see after visiting '/set_admin' then '/admin' in the same browser session?
AFirst 'Role set', then 'Access denied'.
BFirst 'Role set', then 'Welcome admin'.
CBoth routes return 'Access denied'.
DBoth routes return 'Role set'.
Attempts:
2 left
💡 Hint
Session data persists between requests in the same browser.
🔧 Debug
advanced
2:00remaining
Why does this admin check always deny access?
Examine this Flask code:
@app.route('/admin')
def admin():
    if session.get('role') is 'admin':
        return 'Admin panel'
    return 'Denied'

Even when session['role'] is set to 'admin', users see 'Denied'. Why?
AUsing 'is' for string comparison causes the check to fail.
Bsession.get('role') returns None always.
CThe route decorator is missing parentheses.
DFlask sessions do not support string values.
Attempts:
2 left
💡 Hint
Check how string comparison should be done in Python.
🧠 Conceptual
expert
3:00remaining
Which method best secures an admin panel in Flask?
You want to protect your Flask admin panel so only logged-in admins can access it. Which approach is best?
ACheck session role in each admin route and redirect unauthorized users.
BUse a global variable to store admin status and check it in routes.
CAllow all users to access admin routes but hide admin content with JavaScript.
DStore admin password in plain text and check it on every request.
Attempts:
2 left
💡 Hint
Think about secure, server-side checks for user roles.