From 31d06deb62a75b213b345bb799b9546db6cbf6ed Mon Sep 17 00:00:00 2001
From: Benjamin Bertrand <benjamin.bertrand@esss.se>
Date: Tue, 22 Aug 2017 16:52:24 +0200
Subject: [PATCH] Make User and Group read-only in Admin interface

User and Group shall not be created locally.
They all come from the LDAP/AD server.
---
 app/admin/views.py | 20 +++++++++++++++++++-
 app/factory.py     |  8 ++++----
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/app/admin/views.py b/app/admin/views.py
index 5f79881..b6e8f3a 100644
--- a/app/admin/views.py
+++ b/app/admin/views.py
@@ -11,7 +11,7 @@ This module customizes the admin views.
 """
 from flask_admin.contrib import sqla
 from flask_login import current_user
-from ..models import Item
+from ..models import Item, User, Group
 from .. import utils
 
 
@@ -21,6 +21,24 @@ class AdminModelView(sqla.ModelView):
         return current_user.is_authenticated and current_user.is_admin
 
 
+class GroupAdmin(AdminModelView):
+    can_create = False
+    can_edit = False
+    can_delete = False
+
+    def __init__(self, session):
+        super().__init__(Group, session)
+
+
+class UserAdmin(AdminModelView):
+    can_create = False
+    can_edit = False
+    can_delete = False
+
+    def __init__(self, session):
+        super().__init__(User, session)
+
+
 class ItemAdmin(AdminModelView):
 
     def __init__(self, session):
diff --git a/app/factory.py b/app/factory.py
index f64c3e0..b9ad716 100644
--- a/app/factory.py
+++ b/app/factory.py
@@ -13,8 +13,8 @@ import sqlalchemy as sa
 from flask import Flask
 from . import settings
 from .extensions import db, migrate, login_manager, ldap_manager, bootstrap, admin, mail, jwt
-from .models import User, Group, Action, Manufacturer, Model, Location, Status
-from .admin.views import AdminModelView, ItemAdmin
+from .models import Action, Manufacturer, Model, Location, Status
+from .admin.views import AdminModelView, ItemAdmin, UserAdmin, GroupAdmin
 from .main.views import bp as main
 from .users.views import bp as users
 from .api.main import bp as api
@@ -90,8 +90,8 @@ def create_app(config=None):
     jwt.init_app(app)
 
     admin.init_app(app)
-    admin.add_view(AdminModelView(Group, db.session))
-    admin.add_view(AdminModelView(User, db.session))
+    admin.add_view(GroupAdmin(db.session))
+    admin.add_view(UserAdmin(db.session))
     admin.add_view(AdminModelView(Action, db.session))
     admin.add_view(AdminModelView(Manufacturer, db.session))
     admin.add_view(AdminModelView(Model, db.session))
-- 
GitLab