0
0
Flaskframework~10 mins

Admin panel protection in Flask - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Concept Flow - Admin panel protection
User requests admin page
Check if user is logged in
Yes / No
Redirect
Yes / No
Show admin
This flow checks if a user is logged in and is an admin before showing the admin panel. Otherwise, it redirects or shows an error.
Execution Sample
Flask
from flask import Flask, session, redirect, url_for

app = Flask(__name__)

@app.route('/admin')
def admin_panel():
    if not session.get('logged_in'):
        return redirect(url_for('login'))
    if not session.get('is_admin'):
        return 'Access denied', 403
    return 'Welcome to admin panel'
This Flask route protects the admin panel by checking login and admin status in the session.
Execution Table
StepUser logged_in?User is_admin?ActionOutput
1FalseN/ARedirect to loginRedirect to /login
2TrueFalseReturn access denied403 Access denied
3TrueTrueShow admin panelWelcome to admin panel
💡 Stops when user is either not logged in or not admin, else shows admin panel
Variable Tracker
VariableStartStep 1Step 2Step 3
session['logged_in']NoneFalseTrueTrue
session['is_admin']NoneN/AFalseTrue
Key Moments - 2 Insights
Why do we check if the user is logged in before checking admin status?
Because if the user is not logged in, we should not check admin rights and immediately redirect to login (see execution_table step 1).
What happens if a logged-in user is not an admin?
The code returns a 403 Access Denied response, preventing access to the admin panel (see execution_table step 2).
Visual Quiz - 3 Questions
Test your understanding
Look at the execution table, what is the output when the user is logged in but not an admin?
ARedirect to login page
BWelcome to admin panel
C403 Access denied
DPage not found
💡 Hint
Check row with logged_in=True and is_admin=False in execution_table
At which step does the code redirect the user to the login page?
AStep 1
BStep 2
CStep 3
DNever
💡 Hint
Look at the action column in execution_table for redirect
If session['logged_in'] is True and session['is_admin'] is True, what will the output be?
ARedirect to login
BWelcome to admin panel
C403 Access denied
DError page
💡 Hint
Check the last row in execution_table for logged_in=True and is_admin=True
Concept Snapshot
Flask admin panel protection:
- Check if user is logged in (session['logged_in'])
- If not, redirect to login page
- If logged in, check if user is admin (session['is_admin'])
- If not admin, return 403 Access Denied
- If admin, show admin panel content
Full Transcript
This example shows how to protect an admin panel in Flask. When a user requests the admin page, the code first checks if the user is logged in by looking at session['logged_in']. If not logged in, the user is redirected to the login page. If logged in, the code then checks if the user has admin rights by checking session['is_admin']. If the user is not an admin, the server returns a 403 Access Denied error. Only if the user is logged in and is an admin does the server show the admin panel content. This protects sensitive admin pages from unauthorized access.