diff --git a/admin/admin.py b/admin/admin.py index cdc9bf88..ac3c0626 100644 --- a/admin/admin.py +++ b/admin/admin.py @@ -3,7 +3,7 @@ __copyright__ = "Copyright (c) 2024, Utrecht University" __license__ = "GPLv3, see LICENSE" -from flask import Blueprint, g, render_template, Response +from flask import abort, Blueprint, render_template, Response import api @@ -18,11 +18,17 @@ @admin_bp.route("/") def index() -> Response: - # Call api to check is user is admin - is_admin = api.call("admin_is_user_admin", {}) - if ( - is_admin - ): # TODO redirect to the access-dinied html (available) for non-admin user - print("Test api_group_user_is_admin success, from Portal") - - return render_template("admin.html") + """ + Route to the admin page. It checks if the current user has admin + privileges and directs them accordingly. + + Returns: + Rendered template or aborts the request (403) if access is denied. + """ + has_admin_access = api.call("admin_has_access", data={})["data"] + print(f"Admin access check from Portal: {has_admin_access}") + + if has_admin_access: + return render_template("admin.html") + else: + return abort(403) diff --git a/general/templates/general/user.html b/general/templates/general/user.html index f3fc078b..8bfda149 100644 --- a/general/templates/general/user.html +++ b/general/templates/general/user.html @@ -1,24 +1,27 @@ {% if g.user %} -
- -
- - Notifications {% if g.notifications %}{{ g.notifications }}{% endif %} - - Settings - {% if config.get('TOKENS_ENABLED') %} - Data Access Password - {% endif %} -
- Administration - Group Manager - Statistics -
- Log out -
+ +
+ + Notifications {% if g.notifications %}{{ g.notifications }}{% endif %} + + Settings + {% if config.get('TOKENS_ENABLED') %} + Data Access Password + {% endif %} +
+ {% if g.administration %} + Administration + {% endif %} + Group Manager + Statistics +
+ Log out
+
{% else %} - Sign in +Sign in {% endif %}