Why we are here?
This article covers how to excrypt the plaintext password when you create a user via Flask-Superadmin
Flask admin or Django admin?
As an introductory Flask-Admin is not a Django admin to be clear on what it does. Because, Django admin’s crisp user,auth,group tables puts itself in upfront place. No issues, if you are not worrying for admin in your application infact if you are stick with Flask.I am also in the same situation where I like to use Flask, SqlAlchemy, jinja2 for my project with some admin tricks. Recently, I came to the situation where i need to setup the admin which could be accessed by few special users. I was hanging around with Flask-Admin which seems covering up almost many things.But, I was struck to limitize(authorize) the users for the admin url. It can be done and i was facing other Relationship constraint issues(instead of generating FK field in admin, It takes M2M field for the self-referential field in sqlalchemy table)I spent little time on that. Finally, even anonymous user can access it’s admin url.So, I just starter looking Flask_Superadmin. It fixes the issue what i was seeing in Flask-Admin.
How to override admin to manipulate the model field?
My requirement is that i can create the user account via Flask-Superadmin. But, I had no way to encrypt the plain text password when you create a new user profile.If it is Django simply I can override save method in the model class to manipulate the fields, this will do the job completely for saving via orm, saving via admin. In Flask, if you create via sqlalchemy orm, the concept varies while doing through admin.
So, How to do it in Flask-SuperAdmin?
Simply, you have to override the save_model to manipulate the object if it is being saved via flask-admin.This save_model has no business with sqlalchemy-orm due to session based db commit. if you want to manipulate the object in admin, you can do it by overriding the save_model. I am showing the example when you enter the plain text password, it is going to be encrypted before the db commit.
Class User(db.Model): #field1 #field2 #field3 #class method def set_password(self, password): self.password = generate_password_hash(password)
The set_password class method will encrypt the given plain text password
class UserModel(model.ModelAdmin): #other customizations def save_model(self, instance, form, adding=False): form.populate_obj(instance) instance.set_password(instance.password) #play here if adding: self.session.add(instance) self.session.commit() return instance admin.register(User, UserModel)
If you are looking for this exact trick, This post is reached lucky level 🙂