Flaskframework~30 mins

Why authorization matters in Flask - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Perf

Why authorization matters

📖 Scenario: You are building a simple web app where users can see their own profile information. Authorization ensures that users cannot see or change other users' data.

🎯 Goal: Create a Flask app that stores user profiles and only shows the logged-in user's profile page. This teaches why authorization is important to protect user data.

📋 What You'll Learn

Create a dictionary called users with exact user data

Create a variable called current_user to simulate logged-in user

Use a Flask route /profile that shows only the current user's profile

Add a check to prevent access to other users' profiles

💡 Why This Matters

🌍 Real World

Authorization is critical in web apps to protect user data and privacy. This project shows a simple way to restrict access to user profiles.

💼 Career

Understanding authorization helps you build secure web applications and is a key skill for backend and full-stack developers.

Progress0 / 4 steps

DATA SETUP: Create user data dictionary

Create a dictionary called users with these exact entries: 'alice': {'name': 'Alice', 'age': 30}, 'bob': {'name': 'Bob', 'age': 25}, 'carol': {'name': 'Carol', 'age': 27}.

Flask

# Create the users dictionary with exact entries
# Your code here

Need a hint?

Use a dictionary with usernames as keys and another dictionary for their details.

CONFIGURATION: Set current logged-in user

Create a variable called current_user and set it to the string 'bob' to simulate the logged-in user.

Flask

users = {
    'alice': {'name': 'Alice', 'age': 30},
    'bob': {'name': 'Bob', 'age': 25},
    'carol': {'name': 'Carol', 'age': 27}
}

# Set the current logged-in user
# Your code here

Need a hint?

Just assign the string 'bob' to the variable current_user.

CORE LOGIC: Create Flask route to show current user's profile

Import Flask and create an app. Then create a route /profile that returns the profile of the current_user from the users dictionary as a string.

Flask

from flask import Flask

app = Flask(__name__)

# Create /profile route to show current_user's profile
# Your code here

Need a hint?

Use @app.route('/profile') and a function that returns the current user's info from the dictionary.

COMPLETION: Add authorization check to prevent access to other users

Modify the /profile route to accept a username parameter from the URL path like /profile/<username>. Return the profile only if username matches current_user. Otherwise, return the string 'Unauthorized'.

Flask

from flask import Flask

app = Flask(__name__)

users = {
    'alice': {'name': 'Alice', 'age': 30},
    'bob': {'name': 'Bob', 'age': 25},
    'carol': {'name': 'Carol', 'age': 27}
}

current_user = 'bob'

# Modify /profile route to accept username and check authorization
# Your code here

Need a hint?

Use a URL parameter <username> and compare it to current_user inside the route function.