官方例子

from flask import Flask, render_template
from flask_sqlalchemy import SQLAlchemy
from flask_security import Security, SQLAlchemyUserDatastore, \
    UserMixin, RoleMixin, login_required
# Create app
app = Flask(__name__)
app.config['DEBUG'] = True
app.config['SECRET_KEY'] = 'super-secret'
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite://'
# Create database connection object
db = SQLAlchemy(app)
# Define models
roles_users = db.Table('roles_users',
        db.Column('user_id', db.Integer(), db.ForeignKey('user.id')),
        db.Column('role_id', db.Integer(), db.ForeignKey('role.id')))
class Role(db.Model, RoleMixin):
    id = db.Column(db.Integer(), primary_key=True)
    name = db.Column(db.String(80), unique=True)
    description = db.Column(db.String(255))
class User(db.Model, UserMixin):
    id = db.Column(db.Integer, primary_key=True)
    email = db.Column(db.String(255), unique=True)
    password = db.Column(db.String(255))
    active = db.Column(db.Boolean())
    confirmed_at = db.Column(db.DateTime())
    roles = db.relationship('Role', secondary=roles_users,
                            backref=db.backref('users', lazy='dynamic'))
# Setup Flask-Security
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
security = Security(app, user_datastore)
# Create a user to test with
@app.before_first_request
def create_user():
    db.create_all()
    user_datastore.create_user(email='
 
[email protected]', password='password')
    db.session.commit()
# Views
@app.route('/')
@login_required
def home():
    return render_template('index.html')
if __name__ == '__main__':
    app.run()

擴充套件要求資料庫必須要有User和Role這兩張表以及包含相應的欄位，Flask-Security才能夠幫助我們生成許可權管理的解決方案。舉個簡單的例子，通過使用Flask-Security， 我們可以用下面的方式建立使用者：

from urls import db， User,  Role
from flask_security import SQLAlchemyUserDatastore, Security
# Setup Flask-Security
user_datastore = SQLAlchemyUserDatastore(db, User, Role)
security = Security(app, user_datastore)
db.create_all()
# 建立管理員
admin = user_datastore.create_user(email='[email protected]
 
', password='admin')
# 建立普通使用者角色和Admin角色
user_role = user_datastore.create_role(name='User', description='Generic user role')
admin_role = user_datastore.create_role(name='Admin', description='Admin user role')
# 為admin新增Admin角色(admin_role)
user_datastore.add_role_to_user(admin, admin_role)db.session.commit()

進行檢視的訪問許可權限制

class MyModelView(sqla.ModelView):

    # def is_accessible(self):
    #     if current_user.is_authenticated and current_user.email == "admin":
    #         return True
    #     return False
    def is_accessible(self):
        return current_user.is_authenticated

    def inaccessible_callback(self, name, **kwargs):
          return redirect(url_for('admin.index', next=request.url))

新增檔案功能

@app.route('/admin/get_fileadmin')
@login_required                    #進行驗證使用者，未登陸不能訪問試圖
    def get_static():
        path = op.join(op.dirname(__file__), 'static')
        admin.add_view(FileAdmin(path, '/static/', name='Static Files'))
        return redirect('/admin')

前端

{% extends 'admin/master.html' %}
{% block body %}
<div class="container" align="right">
 <h5 align="center">Welcome to 後臺管理！</h5>
    <br>
    <p align="center">管理員<a href="/login">登入</a></p >
    <p align="center">管理員<a href="/logout">登出</a></p >
    <br>
</div>
{% endblock %}

內容有點多，有點亂，自己看著寫吧