I have created a variable is_admin which is false by default and admin page is accessible only when is_admin is true

Question

My error is :-AttributeError: 'AnonymousUserMixin' object has no attribute 'is_admin' I have been assigned a task of user and admin in flask framework . is _admin variable is defined in class as a boolean field and when it is true it will allow a user to access admin page else it will show page not found

class User(db.Model, UserMixin):
__tablename__ = 'user'
id       = db.Column(db.Integer, primary_key=True)
name     = db.Column(db.String(15), unique=True)
username = db.Column(db.String(15), unique=True)
email    = db.Column(db.String(50), unique=True)
user_password = db.Column(db.String(256))
is_admin = db.Column(db.Boolean, default=True)

Admin model

class SuperModelView(ModelView):
def is_accessible(self):
    if current_user.is_admin == True:
        return current_user.is_authenticated()
    else:
        return abort(404)
def not_auth(self):
    return("You are not authorized")

Superadmin = Admin(
app,
base_template='my_master.html',
template_mode='bootstrap4',
)

 Superadmin.add_view(SuperModelView(User, db.session))

Routes:-

@app.route('/')
def home():
return render_template('index.html')

@app.route('/signup/', methods = ['GET', 'POST'])
def Signup():
form = SignupForm(request.form)

if request.method == 'POST' and form.validate():

    hashed_password = generate_password_hash(form.signup_password.data, method='sha256')

    new_user = User(
        name=form.signup_name.data,
        username = form.signup_username.data,
        email = form.signup_email.data,
        user_password = hashed_password,
        is_admin=True
    )
    db.session.add(new_user)
    db.session.commit()
    flash('You have successfully registered','success')

    return redirect(url_for('Signin'))
else:
    return render_template('signupA.html', form=form)

This is route for admin

@app.route('/admin/')
def adminpage():
return redirect(url_for('adminpage'))

This is route for admin signin page

@app.route('/signin/', methods=['GET','POST'])
def Sign In():
form = SigninForm(request.form)
if request.method == 'POST' and form.validate:
    user = User.query.filter_by(email = form.signin_email.data).first()
    if user:
        if check_password_hash(user.user_password, form.signin_password.data):
            
            flash('You have successfully logged in.', "success")
            session['logged_in'] = True
            session['email'] = user.email
            session['username'] = user.username
            return redirect(url_for('adminpage'))
        else:
            flash('Username or Password Incorrect', "Danger")

            return redirect(url_for('Signin'))
return render_template('signinA.html', form = form)

Error is in below portion

class SuperModelView(ModelView):
    def is_accessible(self):
        if current_user.is_admin == True:
          return current_user.is_authenticated()
        else:
          return abort(404)
   def not_auth(self):
       return("You are not authorized")

Answer 1

This is probably happening because you are checking if the user is an admin before checking if it is authenticated.

Try changing:

def is_accessible(self):
    if current_user.is_admin == True:
        return current_user.is_authenticated()
    else:
        return abort(404)

To:

def is_accessible(self):
    if current_user.is_authenticated and current_user.is_admin:
        return super(SuperModelView, self).is_accessible()
    else:
        return abort(404)