Thank you for this, here is a related observation in case it is useful. I have been struggling with a similar problem of user roles not persisting in subsequent requests after login. Being a beginner, and playing with different things like flask-user (which I never got working) and settling on a) flask-principal and flask-login and b) flask-navigation instead of flask-nav.
This is so I can 1) easily control which menu items appear based on Principal and 2) avoid having the navigation markup generated outside of a template (as I was always taught to separate logic and presentation and writing a custom menu renderer for flask-nav just to change the surrounding HTML didn't seem right if I want to change the HTML later). I couldn't find a way to iterate through flask-nav objects or add custom properties to nav items whereas in flask-navigation I am creating a custom Item extending flask-navigation's Item to add permissions required.
The challenge I was also trying to solve was having a hierarchy of roles to prevent having to put complex Permission statements in my views (e.g. Admin is also editor, is also user, is also anonymous user etc.) Having googled furiously I couldn't find any concept of hierarchy like that. I also don't particularly want to have multiple roles assigned to a user in my model.
My mistakes were:
- The above in the load order
- As I hadn't yet put roles into my models so that there was a many to many relationship between User and Role, in my ignorance I did not realise that Flask-Login needed to load the roles in the @login_manager.user_loader function if the roles wheren't yet in the model. I instead assigned the roles in the login view after login_user(user) before issuing the flask-principal signal.
- With my different approach the roles got assigned, but forgotten on the next request. This post gave me the clues I was searching for.
This is what I ended up doing - all other Principal related code is as in the docs and above.
#CAVEATS - still learning Flask so this may not be the right approach and it is still a W.I.P.
#added a kind of hierarchy order field to User to drive multiple roles in Permissions
#with this model I only have to assign one role to a user
class Role(db.Model):
__tablename__ = 'roles'
id = db.Column(db.Integer(), primary_key=True)
name = db.Column(db.String(50), unique=True)
description = db.Column(db.String(200))
hierarchy_order = db.Column(db.Integer)
internal = db.Column(db.Boolean) # this is only so I can identify registered users and internal users
users = db.relationship('User', backref='role',lazy='dynamic')
def __repr__(self):
return '<Role: {}>'.format(self.name)
# changed common flask-login example @login_manager.user_loader as follows
@login_manager.user_loader
def load_user(user_id):
user = User.query.get(int(user_id))
#work out what roles are below current role
permissable_roles = Role.query.filter(Role.hierarchy_order<=user.role.hierarchy_order).all()
user.roles = permissable_roles
return user
I would dearly love to have this approach as a common convention, but I think I am stuck with having a loop in @login_manager.user_loader which assigns the multiple roles as a hierarchy working down from the assigned role. I hope some of this helps someone struggling with how it all ties together. I still have a lot to learn about where flask stores things and when they are available in different contexts.