From f384a9da66247755cd96a6215333b3961814d1dd Mon Sep 17 00:00:00 2001
From: Benjamin Bertrand <benjamin.bertrand@esss.se>
Date: Thu, 26 Apr 2018 10:23:27 +0200
Subject: [PATCH] Add RQ Dashboard blueprint

- RQ Dashboard shall only be accessible to admin users
- "REDIS_URL" is hard-coded in rq-dashboard (had to rename RQ_REDIS_URL)
---
 app/commands.py         |  2 +-
 app/factory.py          |  3 +++
 app/main/views.py       | 15 ++++++++++++---
 app/settings.py         |  2 +-
 app/templates/base.html |  1 +
 environment.yml         |  2 ++
 6 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/app/commands.py b/app/commands.py
index 3134399..221ca71 100644
--- a/app/commands.py
+++ b/app/commands.py
@@ -94,7 +94,7 @@ def register_cli(app):
     @app.cli.command()
     def runworker():
         """Run RQ worker"""
-        redis_url = current_app.config['RQ_REDIS_URL']
+        redis_url = current_app.config['REDIS_URL']
         redis_connection = redis.from_url(redis_url)
         with rq.Connection(redis_connection):
             worker = rq.Worker(current_app.config['QUEUES'])
diff --git a/app/factory.py b/app/factory.py
index 94371ed..afea592 100644
--- a/app/factory.py
+++ b/app/factory.py
@@ -10,6 +10,7 @@ Create the WSGI application.
 
 """
 import sqlalchemy as sa
+import rq_dashboard
 from flask import Flask
 from whitenoise import WhiteNoise
 from . import settings, models
@@ -30,6 +31,7 @@ from .commands import register_cli
 def create_app(config=None):
     app = Flask(__name__)
 
+    app.config.from_object(rq_dashboard.default_settings)
     app.config.from_object(settings)
     app.config.from_envvar('LOCAL_SETTINGS', silent=True)
     app.config.update(config or {})
@@ -118,6 +120,7 @@ def create_app(config=None):
     app.register_blueprint(user_api, url_prefix='/api/v1/user')
     app.register_blueprint(inventory_api, url_prefix='/api/v1/inventory')
     app.register_blueprint(network_api, url_prefix='/api/v1/network')
+    app.register_blueprint(rq_dashboard.blueprint, url_prefix='/rq')
 
     app.wsgi_app = WhiteNoise(app.wsgi_app, root='static/')
     app.wsgi_app.add_files(
diff --git a/app/main/views.py b/app/main/views.py
index dcc9375..3fc9bcb 100644
--- a/app/main/views.py
+++ b/app/main/views.py
@@ -11,14 +11,23 @@ This module implements the main blueprint.
 """
 import os
 import redis
-from flask import Blueprint, render_template, jsonify, g, current_app
-from flask_login import login_required
+import rq_dashboard
+from flask import Blueprint, render_template, jsonify, g, current_app, abort
+from flask_login import login_required, current_user
 from rq import push_connection, pop_connection
 from .. import utils
 
 bp = Blueprint('main', __name__)
 
 
+# Allow only admin to access the RQ Dashboard
+@rq_dashboard.blueprint.before_request
+@login_required
+def before_request():
+    if not current_user.is_admin:
+        abort(403)
+
+
 # Declare custom error handlers for all views
 @bp.app_errorhandler(403)
 def forbidden_error(error):
@@ -63,7 +72,7 @@ def modified_static_file(endpoint, values):
 def get_redis_connection():
     redis_connection = getattr(g, '_redis_connection', None)
     if redis_connection is None:
-        redis_url = current_app.config['RQ_REDIS_URL']
+        redis_url = current_app.config['REDIS_URL']
         redis_connection = g._redis_connection = redis.from_url(redis_url)
     return redis_connection
 
diff --git a/app/settings.py b/app/settings.py
index 1694d16..e45241b 100644
--- a/app/settings.py
+++ b/app/settings.py
@@ -30,7 +30,7 @@ SESSION_TYPE = 'redis'
 SESSION_REDIS_URL = 'redis://redis:6379/0'
 CACHE_TYPE = 'redis'
 CACHE_REDIS_URL = 'redis://redis:6379/1'
-RQ_REDIS_URL = 'redis://redis:6379/2'
+REDIS_URL = 'redis://redis:6379/2'
 QUEUES = ['default']
 
 LDAP_HOST = 'esss.lu.se'
diff --git a/app/templates/base.html b/app/templates/base.html
index 0477e63..e0c6574 100644
--- a/app/templates/base.html
+++ b/app/templates/base.html
@@ -28,6 +28,7 @@
           <a class="nav-item nav-link {{ is_active(path.startswith("/network")) }}" href="{{ url_for('network.list_hosts') }}">Network</a>
           {% if current_user.is_authenticated and current_user.is_admin %}
             <a class="nav-item nav-link" href="{{ url_for('admin.index') }}">Admin</a>
+            <a class="nav-item nav-link" href="{{ url_for('rq_dashboard.overview') }}">RQ Dashboard</a>
           {% endif %}
           <a class="nav-item nav-link" href="{{ config['DOCUMENTATION_URL'] }}" target="_blank">Help</a>
         </div>
diff --git a/environment.yml b/environment.yml
index 5134bf9..5e8fd7e 100644
--- a/environment.yml
+++ b/environment.yml
@@ -96,6 +96,7 @@ dependencies:
 - ecdsa=0.13=py36_0
 - pip:
   - ansible-tower-cli==3.2.1
+  - arrow==0.12.1
   - dominate==2.3.1
   - email-validator==1.0.2
   - git+https://github.com/beenje/flask-bootstrap@4.0.0.0.dev1
@@ -107,6 +108,7 @@ dependencies:
   - inflection==0.3.1
   - pytest-factoryboy==2.0.1
   - rq==0.10.0
+  - rq-dashboard==0.3.10
   - sphinxcontrib-httpdomain==1.6.0
   - sqlalchemy-citext==1.3.post0
   - sqlalchemy-continuum==1.3.3
-- 
GitLab