🔍 Code Extractor

Checks if the currently authenticated user has administrator privileges by comparing their email against a hardcoded list of admin emails.

Purpose

This function provides role-based access control (RBAC) for a Flask web application. It verifies whether the current session user is an administrator by checking if their email address exists in a predefined list of admin emails. The function is designed to work with Flask's session management and a custom authentication configuration system. It returns False if authentication is not required, no user is in session, or the user's email is not in the admin list.

Source Code

def is_admin_user():
    """Check if the current user is an admin"""
    if not config.REQUIRE_AUTH or 'user' not in session:
        return False
    user_email = session['user'].get('email', '').lower()
    admin_emails = ['wim@vicebio.com']  # Add more admin emails as needed
    return user_email in admin_emails

Return Value

Returns a boolean value: True if the current user's email is in the admin_emails list and authentication is enabled with a valid user session; False if REQUIRE_AUTH is disabled, no user exists in the session, or the user's email is not in the admin list.

Dependencies

• flask
• config

Required Imports

from flask import session
import config

Usage Example

from flask import Flask, session
import config

app = Flask(__name__)
app.secret_key = 'your-secret-key'

# Configure authentication
config.REQUIRE_AUTH = True

# Simulate user login
with app.test_request_context():
    session['user'] = {'email': 'wim@vicebio.com'}
    
    if is_admin_user():
        print('User has admin privileges')
        # Allow access to admin features
    else:
        print('User does not have admin privileges')
        # Restrict access

# Example as a route decorator check
@app.route('/admin/dashboard')
def admin_dashboard():
    if not is_admin_user():
        return 'Access denied', 403
    return 'Welcome to admin dashboard'

Best Practices

• The admin emails list is hardcoded - consider moving this to a configuration file or database for better maintainability
• Email comparison is case-insensitive (uses .lower()) which is good practice
• This function should be used in conjunction with proper authentication middleware
• Consider creating a decorator function that wraps this check for easier route protection
• The function safely handles missing 'user' key in session and missing 'email' key in user dict
• For production use, consider implementing a more robust role management system with database-backed roles
• Always use this check on server-side routes; never rely solely on client-side checks for security
• Consider logging admin access attempts for security auditing purposes

Tags

Similar Components

AI-powered semantic similarity - components with related functionality:

• function is_authenticated 66.8% similar

  Checks if a user is authenticated by verifying the presence of 'user' and 'access_token' keys in the Flask session object.

  From: /tf/active/vicechatdev/vice_ai/complex_app.py

• function get_current_user 60.0% similar

  Retrieves the current user's email from the Flask session if authenticated, otherwise returns 'anonymous'.

  From: /tf/active/vicechatdev/vice_ai/new_app.py

• function get_user_email 59.7% similar

  Retrieves the email address of the currently authenticated user from the Flask session object.

  From: /tf/active/vicechatdev/vice_ai/complex_app.py

• function login_required 56.8% similar

  A Flask decorator that enforces authentication requirements on routes by checking for user session data and redirecting unauthenticated users to the login page.

  From: /tf/active/vicechatdev/docchat/app.py

• function require_auth_v1 56.5% similar

  A Flask decorator that enforces authentication by checking if a user is authenticated before allowing access to a protected route, redirecting to login if not authenticated.

  From: /tf/active/vicechatdev/vice_ai/complex_app.py