ske087/location_managemet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
location_managemet/app/routes/admin.py
ske087 7a22575dab Initial commit: Location Management Flask app
2026-02-26 19:24:17 +02:00

88 lines
2.9 KiB
Python
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
"""Admin routes user management (admin only)."""
from flask import Blueprint, render_template, redirect, url_for, flash, request, abort
from flask_login import login_required, current_user
from werkzeug.security import generate_password_hash
from app import db
from app.models.user import User
admin_bp = Blueprint("admin", __name__)
def _require_admin():
if not current_user.is_authenticated or not current_user.is_admin():
abort(403)
@admin_bp.route("/users")
@login_required
def list_users():
_require_admin()
users = User.query.order_by(User.username).all()
return render_template("admin/users.html", users=users)
@admin_bp.route("/users/add", methods=["GET", "POST"])
@login_required
def add_user():
_require_admin()
if request.method == "POST":
username = request.form.get("username", "").strip()
password = request.form.get("password", "")
role = request.form.get("role", "user")
if not username or not password:
flash("Username and password are required.", "danger")
return render_template("admin/user_form.html", user=None)
if User.query.filter_by(username=username).first():
flash("Username already exists.", "danger")
return render_template("admin/user_form.html", user=None)
user = User(
username=username,
password_hash=generate_password_hash(password),
role=role,
is_active=True,
)
db.session.add(user)
db.session.commit()
flash(f"User '{username}' created.", "success")
return redirect(url_for("admin.list_users"))
return render_template("admin/user_form.html", user=None)
@admin_bp.route("/users/<int:user_id>/edit", methods=["GET", "POST"])
@login_required
def edit_user(user_id: int):
_require_admin()
user = db.get_or_404(User, user_id)
if request.method == "POST":
user.username = request.form.get("username", user.username).strip()
user.role = request.form.get("role", user.role)
user.is_active = "is_active" in request.form
new_password = request.form.get("password", "").strip()
if new_password:
user.password_hash = generate_password_hash(new_password)
db.session.commit()
flash("User updated.", "success")
return redirect(url_for("admin.list_users"))
return render_template("admin/user_form.html", user=user)
@admin_bp.route("/users/<int:user_id>/delete", methods=["POST"])
@login_required
def delete_user(user_id: int):
_require_admin()
if user_id == current_user.id:
flash("You cannot delete your own account.", "danger")
return redirect(url_for("admin.list_users"))
user = db.get_or_404(User, user_id)
db.session.delete(user)
db.session.commit()
flash(f"User '{user.username}' deleted.", "warning")
return redirect(url_for("admin.list_users"))
Reference in New Issue View Git Blame Copy Permalink