Fix superadmin access control and modal aria-hidden warning

- Implement role normalization system to handle role name variants (superadmin, super_admin, administrator) - Add session persistence configuration (PERMANENT_SESSION_LIFETIME = 7 days) - Add modules JSON column to users database table schema - Update setup script with backward compatibility check for modules column - Fix user_management_simple route to properly fetch and display modules - Resolve modal aria-hidden accessibility warning by managing focus on close button - All changes deployed and tested successfully
2025-12-26 20:08:54 +02:00
parent 8f6f27722a
commit d09bf34e85
11 changed files with 77 additions and 8719 deletions
--- a/py_app/app/access_control.py
+++ b/py_app/app/access_control.py
@@ -3,7 +3,7 @@ Simple access control decorators for the 4-tier system
 """
 from functools import wraps
 from flask import session, redirect, url_for, flash, request
-from .permissions_simple import check_access, ROLES
+from .permissions_simple import check_access, ROLES, normalize_role

 def requires_role(min_role_level=None, required_modules=None, page=None):
    """
@@ -22,9 +22,21 @@ def requires_role(min_role_level=None, required_modules=None, page=None):
                flash('Please log in to access this page.')
                return redirect(url_for('main.login'))
            
-            user_role = session.get('role')
+            user_role_raw = session.get('role')
+            user_role = normalize_role(user_role_raw)
            user_modules = session.get('modules', [])
            
+            # Debug - write to a variable we can check
+            import json
+            debug_info = {
+                'user': session.get('user'),
+                'raw_role': user_role_raw,
+                'normalized_role': user_role,
+                'modules': user_modules,
+                'min_level_needed': min_role_level,
+                'requested_page': request.path
+            }
+            
            # If page is specified, use automatic access checking
            if page:
                if not check_access(user_role, user_modules, page):
@@ -35,8 +47,10 @@ def requires_role(min_role_level=None, required_modules=None, page=None):
            # Manual role level checking
            if min_role_level:
                user_level = ROLES.get(user_role, {}).get('level', 0)
+                debug_info['user_level'] = user_level
+                debug_info['access_granted'] = user_level >= min_role_level
                if user_level < min_role_level:
-                    flash('Access denied: Insufficient privileges.')
+                    flash(f'Access denied: Insufficient privileges. (Your level: {user_level}, Required: {min_role_level})')
                    return redirect(url_for('main.dashboard'))
            
            # Module requirement checking