uploaded

2025-07-16 16:44:43 +03:00
parent f075cdf871
commit 52e4daf37f
3 changed files with 105 additions and 18 deletions
--- a/app/routes/admin.py
+++ b/app/routes/admin.py
@@ -414,16 +414,30 @@ def edit_user():
    user = User.query.get_or_404(user_id)
    
    # Get form data
+    username = request.form.get('username', '').strip()
    role = request.form.get('role', 'user')
    is_active = 'is_active' in request.form
    password = request.form.get('password', '').strip()
    
+    if not username:
+        flash('Username cannot be empty.', 'danger')
+        return redirect(url_for('admin.index'))
+    
    if role not in ['user', 'admin']:
        flash('Invalid role specified.', 'danger')
        return redirect(url_for('admin.index'))
    
+    # Check if username is taken by another user
+    if username != user.username:
+        existing_user = User.query.filter_by(username=username).first()
+        if existing_user:
+            flash('Username already exists.', 'danger')
+            return redirect(url_for('admin.index'))
+    
    try:
        # Update user
+        old_username = user.username
+        user.username = username
        user.role = role
        user.is_active_user = is_active
        
@@ -436,8 +450,9 @@ def edit_user():
        
        db.session.commit()
        
-        log_action(f"User '{user.username}' updated - Role: {role}, Active: {is_active}")
-        flash(f'User "{user.username}" updated successfully.', 'success')
+        log_action(f"User '{old_username}' updated - Username: {username}, Role: {role}, Active: {is_active}" + 
+                   (", Password changed" if password else ""))
+        flash(f'User "{username}" updated successfully.', 'success')
        
    except Exception as e:
        db.session.rollback()