feat: Add comprehensive admin user management system

- Add user status toggle (activate/deactivate) functionality - Add user deletion with post/comment transfer to admin - Implement safety checks for admin protection - Add interactive JavaScript for user management actions - Update admin users interface with action buttons - Add confirmation dialogs for destructive operations - Update README with new admin features and capabilities - Add database migration utility for future updates Features: - Toggle user active/inactive status - Delete users with content preservation - Transfer all posts/comments to admin on user deletion - Prevent admin self-modification and deletion - AJAX-powered interface with real-time feedback - Comprehensive error handling and user notifications
2025-07-24 03:07:52 +03:00
parent 60ef02ced9
commit 7018ae13f0
4 changed files with 409 additions and 84 deletions
--- a/app/routes/admin.py
+++ b/app/routes/admin.py
@@ -190,6 +190,80 @@ def user_detail(user_id):
                         user_posts=user_posts, 
                         user_comments=user_comments)

+@admin.route('/users/<int:user_id>/toggle-status', methods=['POST'])
+@login_required
+@admin_required
+def toggle_user_status(user_id):
+    """Toggle user active/inactive status"""
+    user = User.query.get_or_404(user_id)
+    
+    # Prevent self-modification if current user is admin
+    if user.is_admin and user.id == current_user.id:
+        return jsonify({'success': False, 'error': 'Cannot deactivate your own admin account'})
+    
+    # Toggle status
+    user.is_active = not user.is_active
+    status = "activated" if user.is_active else "deactivated"
+    
+    try:
+        db.session.commit()
+        return jsonify({
+            'success': True, 
+            'message': f'User {user.nickname} has been {status}',
+            'is_active': user.is_active
+        })
+    except Exception as e:
+        db.session.rollback()
+        return jsonify({'success': False, 'error': f'Failed to update user status: {str(e)}'})
+
+@admin.route('/users/<int:user_id>/delete', methods=['DELETE', 'POST'])
+@login_required
+@admin_required
+def delete_user(user_id):
+    """Delete user and transfer their posts to admin"""
+    user = User.query.get_or_404(user_id)
+    
+    # Prevent self-deletion
+    if user.id == current_user.id:
+        return jsonify({'success': False, 'error': 'Cannot delete your own account'})
+    
+    # Prevent deletion of other admins
+    if user.is_admin:
+        return jsonify({'success': False, 'error': 'Cannot delete admin accounts'})
+    
+    try:
+        # Transfer all user's posts to current admin
+        user_posts = Post.query.filter_by(author_id=user.id).all()
+        for post in user_posts:
+            post.author_id = current_user.id
+        
+        # Transfer all user's comments to current admin
+        user_comments = Comment.query.filter_by(author_id=user.id).all()
+        for comment in user_comments:
+            comment.author_id = current_user.id
+        
+        # Delete user's likes (they will be orphaned)
+        Like.query.filter_by(user_id=user.id).delete()
+        
+        # Delete user's page views
+        PageView.query.filter_by(user_id=user.id).delete()
+        
+        username = user.nickname
+        user_posts_count = len(user_posts)
+        
+        # Delete the user
+        db.session.delete(user)
+        db.session.commit()
+        
+        return jsonify({
+            'success': True, 
+            'message': f'User {username} has been deleted. {user_posts_count} posts transferred to {current_user.nickname}.'
+        })
+        
+    except Exception as e:
+        db.session.rollback()
+        return jsonify({'success': False, 'error': f'Failed to delete user: {str(e)}'})
+
@admin.route('/analytics')
@login_required
@admin_required