Add second endpoint checking for admin rights

app.py

@@ -10,12 +10,15 @@ domain = getattr(config, "WIKI_DOMAIN", None)
 app = Flask(__name__)
 app.config.from_object(config)
 
-def try_wiki_login(user, password):
+def try_wiki_login(user, password, check_admin=False):
     client = WikiClient(endpoint=config.WIKI_API_ENDPOINT)
     try:
         client.login(user, password, domain=domain)
+        result = True
+        if check_admin:
+            result = "sysop" in client.get_rights()
         client.logout()
-        return True
+        return result
     except WikiException as error:
         print(error)
     return False
@@ -31,3 +34,13 @@ def index():
         return Response("Forbidden", status=403)
     return Response("OK", status=200)
 
+@app.route("/admin/")
+def admin():
+    auth = request.authorization
+    if not auth:
+        return Response(
+            "Please authenticate with your Wiki credentials.", 401,
+            {"WWW-Authenticate": "Basic realm=\"Wiki\""})
+    if not try_wiki_login(auth.username, auth.password, check_admin=True):
+        return Response("Forbidden", status=403)
+    return Response("OK", status=200)

wiki.py

@@ -70,3 +70,10 @@ class WikiClient:
         except JSONDecodeError:
             raise WikiException("Server did not return valid JSON.")
 
+    def get_rights(self):
+        answer = self.do_action("query", meta="userinfo", uiprop="groups")
+        try:
+            return answer["query"]["userinfo"]["groups"]
+        except KeyError as error:
+            print(error)
+            return []