---
toc: true
comments: true
layout: notebook
title: Flask JWT Roles User/Admin User
description: 2nd Team Teach
courses: { CSP: {week: 19} }
type: hacks
authors: Ananya Asudani, Arushi Pandey, Priya Suvarnagiri, Sumedha Kamaraju
---

## <font face="Times New Roman" color="#FFC0CB">User Roles:</font>

<span style="font-family: 'Times New Roman', sans-serif;">Users are individuals who interact with the web application.
User roles define the level of access and permissions a user has within the application.
Common user roles might include regular users who can access certain features, view content, and interact with the application.

## <font face="Times New Roman" color="#FFC0CB">Admin Roles:</font>

<span style="font-family: 'Times New Roman', sans-serif;">Admins are users with elevated privileges and control over the application.
Admin roles typically have access to additional features and functionalities that regular users don't have.
Admins may have the ability to manage user accounts, access sensitive information, and perform administrative tasks.
In the context of a Flask application, these roles are often implemented using a concept called "Authorization" or "Access Control." Flask provides mechanisms to manage user sessions, check user roles, and restrict access to certain parts of the application based on the user's role.</span>

<span style="font-family: 'Times New Roman', sans-serif;">For example, you might have routes in your Flask application that are only accessible to users with admin roles. Here's a simplified example using Flask's @app.route decorator and a hypothetical user_role variable:</span>




In [None]:
from flask import Flask, render_template

app = Flask(__name__)

@app.route('/user/dashboard')
def user_dashboard():
    # Code for user dashboard
    return render_template('user_dashboard.html')

@app.route('/admin/dashboard')
def admin_dashboard():
    # Code for admin dashboard
    return render_template('admin_dashboard.html')

if __name__ == '__main__':
    app.run(debug=True)

In a real-world scenario, you would likely use a more robust authentication and authorization system, such as Flask-Login or Flask-Security, to handle user roles and permissions securely.

Remember that this is a simplified explanation, and the actual implementation might vary based on the specific requirements of your web application.

## <font face="Times New Roman" color="#FFC0CB">Role Based Authorization:</font>

<span style="font-family: 'Times New Roman', sans-serif;">Authorization and @roles_required decorator:</span>

<span style="font-family: 'Times New Roman', sans-serif;">Authorization is the process of specifying and enforcing access rights of users to resources. Flask-User provides role-based authorization through the use of the @roles_required decorator. This decorator is applied to view functions (route handlers) in Flask.</span>


### <font face="Times New Roman" color="#FFC0CB">Conditions for Access:</font>

<span style="font-family: 'Times New Roman', sans-serif;">For a user to access a route decorated with @roles_required:</span>

<span style="font-family: 'Times New Roman', sans-serif;">- The user must be logged in and the user must be associated with the specified role names.</span>

<span style="font-family: 'Times New Roman', sans-serif;">If these conditions are not met, an 'Unauthorized access' error message is shown, and the user is redirected to the USER_UNAUTHORIZED_ENDPOINT.</span>

<span style="font-family: 'Times New Roman', sans-serif;">Example of @roles_required decorator:
The provided example demonstrates a route /admin/dashboard that requires the user to be logged in and associated with the 'Admin' role.</span>

In [None]:
from flask_user import roles_required

@route('/admin/dashboard')    # @route() must always be the outer-most decorator
@roles_required('Admin')
def admin_dashboard():
    # render the admin dashboard

*Note that the comparison of role names is case-sensitive.

### Simple AND/OR operations:

AND Operation: At the decorator level, if multiple role names are specified, the user must have all the specified roles.
OR Operation: At the argument level, each item may be a role name or a list of role names. If a list of role names is specified, the user must have any one of the specified roles to gain access.
Example of OR operation:

Ensures that the user is ('Starving' AND (an 'Artist' OR a 'Programmer'))
@roles_required('Starving', ['Artist', 'Programmer'])

The nesting level only goes as deep as the example shows.

Required Role and UserRoles data-models:
The @roles_required decorator depends on the Role and UserRoles data-models, in addition to the User data-model. These data-models likely define the roles available in the application and the association between users and roles.

Example App:
The explanation refers to a "Basic App" that demonstrates the use of the @roles_required decorator. It would be worthwhile to refer to the documentation or example code provided by Flask-User to see the actual implementation of these concepts in a complete application.


## User data-model

## flexible class name

## Fixed data ,odel property names

## Flexible database column names

## Optional Role and UserRoles data models

## Optional UserEmail Data Model
