Flaskframework~30 mins

Admin panel protection in Flask - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Admin panel protection

📖 Scenario: You are building a simple web app with Flask. It has an admin panel that only logged-in users with admin rights can access.This project will guide you to protect the admin panel route so only authorized users can see it.

🎯 Goal: Create a Flask app with a protected admin panel route. Only users with is_admin = True can access /admin. Others get redirected to the login page.

📋 What You'll Learn

Create a Flask app with a user dictionary containing username and admin status

Add a variable to simulate the current logged-in user

Write a route for /admin that checks if the user is admin

Redirect non-admin users to /login route

💡 Why This Matters

🌍 Real World

Web apps often have admin panels that only certain users can access. Protecting these routes is essential for security.

💼 Career

Understanding route protection and user authorization is a key skill for backend web developers working with Flask or similar frameworks.

Progress0 / 4 steps

Create user data

Create a dictionary called users with these exact entries: 'alice': {'is_admin': True}, 'bob': {'is_admin': False}, 'carol': {'is_admin': False}.

Flask

# Your code here

Need a hint?

Use a dictionary with usernames as keys and another dictionary with is_admin boolean as value.

Simulate logged-in user

Add a variable called current_user and set it to the string 'bob' to simulate the logged-in user.

Flask

users = {
    'alice': {'is_admin': True},
    'bob': {'is_admin': False},
    'carol': {'is_admin': False}
}
# Your code here

Need a hint?

Just create a variable current_user and assign the string 'bob'.

Create admin route with protection

Import Flask, redirect, and url_for. Create a Flask app called app. Write a route for /admin that checks if users[current_user]['is_admin'] is True. If yes, return the string 'Welcome to admin panel'. Otherwise, redirect to url_for('login').

Flask

users = {
    'alice': {'is_admin': True},
    'bob': {'is_admin': False},
    'carol': {'is_admin': False}
}

current_user = 'bob'

# Your code here

Need a hint?

Use @app.route('/admin') decorator and check admin status inside the function.

Add login route

Add a route for /login that returns the string 'Please log in'.

Flask

from flask import Flask, redirect, url_for

users = {
    'alice': {'is_admin': True},
    'bob': {'is_admin': False},
    'carol': {'is_admin': False}
}

current_user = 'bob'

app = Flask(__name__)

@app.route('/admin')
def admin():
    if users[current_user]['is_admin']:
        return 'Welcome to admin panel'
    else:
        return redirect(url_for('login'))

# Your code here

Need a hint?

Use @app.route('/login') and return the login message string.