How to restrict access to the site database in Flask?

K

kunjut192020-02-17 21:14:56

MongoDB

kunjut19, 2020-02-17 21:14:56

I'm still quite new to the database and do not understand how it all works. I would like someone to clarify this point.
There is a website written in Flask. The site is a common wall on which any user can post their message. But the message appears on the wall only after the approval of the admin. Modify or delete entries users should not have rights (even their own) - only the admin.
So. The user "Admin" with full rights has been created in the MongoDB database. It is through it that Flask connects to the database (I prescribe the user and his password through app.config ).
The question is, is it necessary to create a separate "user" database for regular users of the site? To limit their ability to add something to the database directly or edit any records? If so, how can I switch the Flask application to another user? Or is it possible to limit the functionality of ordinary users to the internal mechanisms of the site, and not the database?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

E

Evloshevsky Nikolay, 2020-02-26
@n1k_crimea

If I understand everything correctly, then only the admin user is needed, with full rights.
why you connect each "instance" of the application to the database through the admin is not clear, it is fundamentally not the right solution for your project.
use flask-admin to moderate ads.