Flask-User | Customizable User Authorization & User Management | Authentication library

It has been a few days since I rebuilt my project but when I was testing some things this morning I wanted to update my Werkzeug package due to an issue I was having with its Multidict class, I rebuilt and started getting this error:

Context:

I want to restrict access to a user's page only to the user. since I wont know the user's names I cant specify their name in the roles_required decorator.

So what im doing at the moment is using flask-user to assign a role to the user and using @roles_required decorator to restrict the access to this user only. FYI im setting the roles name to the users_id(uuid)

Problem:

I cant hardcode the users role id in the roles_required() decorator. How can i possibly set this to a variable? so that i can do a query against my db to check if this user should be able to access

I am experimenting with Flask-User. Between Flask-User and Flask Flask-Sqlalchemy 2.4.4 is used and Sqlalchemy 1.3.20.

I have a model that will list actions that are available to logged in users based on the "role(s)" they have. The engine I am using is MySQL (Mariadb).

This question has a similar question that was posted 7 years ago. I want to know what is pertinent currently. Flask-auth, Principal and Flask Security

I have found so much documentation on login and user authorization and controls im a little uncertain how I should be going about this. Im using Flask_SQLAlchemy and sqlite to build a CRUD app. I want to be able to create user specific login authorization and roles so that some portions of the app are or are not visible depending on your role and or authorization. I was hoping that maybe someone could provide the differences and/or the pros and cons or maybe what the industry standard is? Im looking at

Flask-Admin - https://flask-admin.readthedocs.io/en/latest/introduction/

Role based Authorization - https://flask-user.readthedocs.io/en/latest/authorization.html

login_required - https://flask-login.readthedocs.io/en/latest/

Flask Principal - https://pythonhosted.org/Flask-Principal/

Also, theres the option of writing your own code, Im already using -

I forked this app: https://github.com/cyrilrbt/canadian-nutrient-file/blob/master/cnf/settings.py

You can see there in settings.py and below it's using DEBUG = (os.getenv('CNF_DEBUG', 'True') == 'True') I activated my conda env in the terminal and entered command after activating iPython console:

I need to introduce role-based authorization in existing Flask application. Because of that I can't just swap currently used flask-login package with flask-user for example. Nevertheless I have to restrict access to some endpoints to "admin" users without rebuilding entire code base.

I came up with a decorator like this:

I have found a similar question here, but the answer does not seem to work for me.

I use Flask User (which extends Flask Login, I believe) and for the most part it works very well. I have built my own completely fresh templates for sign in and registration, rather than using their provided ones. Following the documentation, I have placed these templates at templates/flask_user/login.html, templates/flask_user/register.html and so on.

I have also set USER_UNAUTHENTICATED_ENDPOINT = "login" and USER_UNAUTHORIZED_ENDPOINT = "login" in my config file, where login is the name of my login route.

The problem is that if I'm signed out and I try to directly access a page that requires the user to be logged in, I will be sent to http://localhost:5000/user/sign-in and shown the Flask-Login sign in page. Two things wrong with this: 1) This is not the correct route for signing in, and 2) This is not the correct template for signing in.

I'd be grateful for any help anybody can suggest for this, please.

EDIT:

Code from __init__.py that initialises the app and the LoginManager:

I am trying to use Flask-User (which incorporates Flask-Login). I would like to use the @login_required and @roles_required decorators to manage access to routes. However, it is not working.

The Flask-User documentation shows login_required being imported from flask_user, not flask_login. When imported from flask_login it works as expected, but if I switch it to be imported from flask_user it does not work. Instead, it says that an authenticated user is not signed in.

Why don't I just import from flask_login? Well, I could, but that does not solve my other problem which is that @roles_required can only be imported from flask_user, and that does not work either (same problem as above - says that authenticated users are not signed in).

My setup is below. I would be grateful if anyone could help me out, please. I have previously had Flask User working on another app, but can't figure out what's going wrong here. At the moment, the user database is stored in an SQLite database.

config.py

This is prolly a stupid question but I am experimenting with Flask-User. I see the venv/.../flask_user/user_manager__settings.py file and see