This question was asked here How to rename “/admin” to other URL in web2py?
For all the web2py applications, web2py admin url is same, i. e. www.example.com/admin or 127.0.0.1:8000/admin. One should prevent access to admin interface to public or external users. Admin url should be changed from /admin to /some-other-url which is difficult to guess. admin is just another app like welcome or example app, so changing appliacation name will change url to it.
For example to change admin to w2p-adm2in do following steps
1. Rename admin folder with w2p-adm2in
On linux
|
1 2 |
cd web2py/applications mv admin w2p-adm2in |
On Windows
|
1 2 |
cd web2py/applications rename admin w2p-adm2in |
If you are in local environment, you can also do it using your file explorer
2. Fix broken links
Due to changes done in Step 1, links to admin app are broken. Links to admin app needs to be replaced with links to w2p-adm2in.
In app_name/controllers/appadmin.py
Update response.menu, change it to following
|
1 2 3 4 5 |
response.menu = [[T('design'), False, URL('w2p-adm2in', 'default', 'design', args=[request.application])], [T('db'), False, URL('index')], [T('state'), False, URL('state')], [T('cache'), False, URL('ccache')]] |
3. Instead of admin app, check user is logged in to w2p-adm2in app
while accessing appadmin, by default controller app_name/controllers/appadmin.py checks whether user is logged in to admin app or not, if not then it redirects to admin app(admin app login page), now it should check whether user is logged in to w2p-adm2in app and if not it should redirect to w2p-adm2in. To acheive this, pass
other_application='w2p-adm2in' as parameter to method
gluon.fileutils.check_credentials()
After step 2 and step 3, diff file of app_name/controllers/appadmin.py will look like following
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
if not (gluon.fileutils.check_credentials(request) or auth.has_membership(manager_role)): raise HTTP(403, "Not authorized") menu = False -elif (request.application == 'admin' and not session.authorized) or \ - (request.application != 'admin' and not gluon.fileutils.check_credentials(request)): - redirect(URL('admin', 'default', 'index', +elif (request.application == 'w2p-adm2in' and not session.authorized) or \ + (request.application != 'w2p-adm2in' and not gluon.fileutils.check_credentials(request, other_application='w2p-adm2in')): + redirect(URL('w2p-adm2in', 'default', 'index', vars=dict(send=URL(args=request.args, vars=request.vars)))) ignore_rw = True response.view = 'appadmin.html' if menu: - response.menu = [[T('design'), False, URL('admin', 'default', 'design', + response.menu = [[T('design'), False, URL('w2p-adm2in', 'default', 'design', args=[request.application])], [T('db'), False, URL('index')], [T('state'), False, URL('state')], [T('cache'), False, URL('ccache')]] |
4. Change links to error page (tickets)
By default links to error is /admin/default/ticket/[ticket_id], Now it should be /w2p-adm2in/default/ticket/[ticket_id]
So add/replace/append following lines to web2py/routes.py
|
1 2 |
error_message = '<html><body><h1>{b15f91eef52e7c6d40fd3fe45227e26332e4c02be027e4e72c6ecf7adacefb97}s</h1></body></html>' error_message_ticket = '<html><body><h1>Internal error</h1>Ticket issued: <a href="/w2p-adm2in/default/ticket/{b15f91eef52e7c6d40fd3fe45227e26332e4c02be027e4e72c6ecf7adacefb97}(ticket)s" target="_blank">{b15f91eef52e7c6d40fd3fe45227e26332e4c02be027e4e72c6ecf7adacefb97}(ticket)s</a></body></html>' |
If routes.py file does not exist in web2py folder then create it containing above lines.
If you more changes that needs to be done, please comment below.
About Gaurav Vichare
