IT_asset_management/app/routes/settings.py

from flask import Blueprint, render_template, redirect, url_for, flash, request, current_app
from flask_login import login_required, current_user
from app.extensions import db
from app.models.admin_user import AdminUser

bp = Blueprint('settings', __name__, url_prefix='/settings')


@bp.route('/')
@login_required
def index():
    admins = AdminUser.query.order_by(AdminUser.username).all()
    return render_template('settings/index.html', admins=admins, config=current_app.config)


@bp.route('/admin/new', methods=['POST'])
@login_required
def create_admin():
    username = request.form.get('username', '').strip()
    email = request.form.get('email', '').strip()
    full_name = request.form.get('full_name', '').strip()
    password = request.form.get('password', '')
    role = request.form.get('role', 'admin')

    if not username or not email or not password:
        flash('Username, email and password are required.', 'danger')
        return redirect(url_for('settings.index'))

    if AdminUser.query.filter_by(username=username).first():
        flash(f'Username "{username}" is already taken.', 'danger')
        return redirect(url_for('settings.index'))

    admin = AdminUser(username=username, email=email, full_name=full_name, role=role)
    admin.set_password(password)
    db.session.add(admin)
    db.session.commit()
    flash(f'Admin user "{username}" created.', 'success')
    return redirect(url_for('settings.index'))


@bp.route('/admin/<int:admin_id>/toggle', methods=['POST'])
@login_required
def toggle_admin(admin_id):
    admin = AdminUser.query.get_or_404(admin_id)
    if admin.id == current_user.id:
        flash('You cannot deactivate your own account.', 'danger')
        return redirect(url_for('settings.index'))
    admin.is_active = not admin.is_active
    db.session.commit()
    status = 'activated' if admin.is_active else 'deactivated'
    flash(f'Admin "{admin.username}" {status}.', 'success')
    return redirect(url_for('settings.index'))