From cc32b0459d1ff7c9551cae37a852b99d0e13e310 Mon Sep 17 00:00:00 2001
From: Edward Betts <edward@4angle.com>
Date: Sun, 24 Sep 2023 22:19:09 +0100
Subject: [PATCH] Add admin mode

---
 main.py               | 22 +++++++++++++++++++++-
 templates/login.html  | 16 ++++++++++++++++
 templates/person.html |  2 +-
 3 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 templates/login.html

diff --git a/main.py b/main.py
index 7751551..abeffd0 100755
--- a/main.py
+++ b/main.py
@@ -59,7 +59,7 @@ def drop_start(s: str, start: str) -> str:
 @app.route("/person/<int:person_id>", methods=["GET", "POST"])
 def person(person_id: int) -> str | Response:
     item = model.Person.query.get(person_id)
-    if flask.request.method == "POST":
+    if flask.request.method == "POST" and check_admin_mode():
         qid = flask.request.form["wikidata_qid"] or None
         item.name = flask.request.form["name"]
 
@@ -115,6 +115,7 @@ def person(person_id: int) -> str | Response:
         Event=model.Event,
         plural=plural,
         wikidata_hits=wikidata_hits,
+        is_admin=check_admin_mode,
     )
 
 
@@ -405,6 +406,25 @@ def person_image_filename(person_id: int) -> str:
     return os.path.join("wikidata_photo", "thumb", person.wikidata_photo[0])
 
 
+@app.route("/login", methods=["GET", "POST"])
+def login() -> str | Response:
+    """Login page."""
+    if flask.request.method == "GET":
+        return flask.render_template("login.html")
+    password = flask.request.form["password"]
+    if password != app.config["ADMIN_PASSWORD"]:
+        endpoint = flask.endpoint
+        return flask.redirect(endpoint)
+
+    flask.session["admin_password"] = password
+    return flask.redirect(flask.url_for("index"))
+
+
+def check_admin_mode() -> bool:
+    """User is an admin."""
+    return bool(flask.session.get("admin_password") == app.config["ADMIN_PASSWORD"])
+
+
 @app.route("/github_wikidata")
 def github_wikidata() -> str:
     """Look for speakers on Wikidata based on the GitHub property."""
diff --git a/templates/login.html b/templates/login.html
new file mode 100644
index 0000000..efcd454
--- /dev/null
+++ b/templates/login.html
@@ -0,0 +1,16 @@
+{% extends "base.html" %}
+
+{% block title %}Conference archive{% endblock %}
+
+  {% block content %}
+  <h1>Conference archive</h1>
+
+  <div>Admin login.</div>
+
+  <form method="POST">
+    <label for="password">Password:</label>
+    <input type="password" id="password" name="password"/>
+    <button>login</button>
+  </form>
+
+{% endblock %}
diff --git a/templates/person.html b/templates/person.html
index d37ddde..786998d 100644
--- a/templates/person.html
+++ b/templates/person.html
@@ -45,7 +45,7 @@
   {% endif %}
   </p>
 
-  {% if config.ADMIN_MODE %}
+  {% if is_admin() %}
   {% set search_for = item.name + ' ' + " haswbstatement:P31=Q5" %}
   <p><a href="https://www.wikidata.org/w/index.php?search={{ search_for | urlencode }}&title=Special%3ASearch&ns0=1&ns120=1">Search for {{ item.name }} on Wikidata</a></p>