feat: add admin user management

2026-04-13 10:10:07 +02:00
parent 9a87ef9562
commit 3c99c3683e
7 changed files with 265 additions and 27 deletions
--- a/app/templates/settings/index.html
+++ b/app/templates/settings/index.html
@@ -72,29 +72,103 @@
  <section class="panel">
    <p class="eyebrow">Gamification</p>
    <h2>Badge-Regeln pflegen</h2>
-    <div class="badge-settings">
-      {% for badge in badges %}
-        <form method="post" action="{{ url_for('settings.update_badge', badge_id=badge.id) }}" class="badge-setting-card">
-          <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
-          <div>
-            <strong>{{ badge.name }}</strong>
-            <p class="muted">{{ badge.description }}</p>
-          </div>
-          <div class="field field--compact">
-            <label>Schwelle</label>
-            <input type="number" name="threshold" min="1" value="{{ badge.threshold }}">
-          </div>
-          <div class="field field--compact">
-            <label>Bonus</label>
-            <input type="number" name="bonus_points" min="0" value="{{ badge.bonus_points }}">
-          </div>
-          <label class="checkbox checkbox--compact">
-            <input type="checkbox" name="active" {% if badge.active %}checked{% endif %}>
-            <span>Aktiv</span>
-          </label>
-          <button type="submit" class="button button--secondary">Badge speichern</button>
-        </form>
-      {% endfor %}
-    </div>
+    {% if current_user.is_admin %}
+      <div class="badge-settings">
+        {% for badge in badges %}
+          <form method="post" action="{{ url_for('settings.update_badge', badge_id=badge.id) }}" class="badge-setting-card">
+            <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+            <div>
+              <strong>{{ badge.name }}</strong>
+              <p class="muted">{{ badge.description }}</p>
+            </div>
+            <div class="field field--compact">
+              <label>Schwelle</label>
+              <input type="number" name="threshold" min="1" value="{{ badge.threshold }}">
+            </div>
+            <div class="field field--compact">
+              <label>Bonus</label>
+              <input type="number" name="bonus_points" min="0" value="{{ badge.bonus_points }}">
+            </div>
+            <label class="checkbox checkbox--compact">
+              <input type="checkbox" name="active" {% if badge.active %}checked{% endif %}>
+              <span>Aktiv</span>
+            </label>
+            <button type="submit" class="button button--secondary">Badge speichern</button>
+          </form>
+        {% endfor %}
+      </div>
+    {% else %}
+      <p class="muted">Badge-Regeln können nur von einem Admin geändert werden.</p>
+    {% endif %}
  </section>
+
+  {% if current_user.is_admin %}
+    <section class="panel">
+      <p class="eyebrow">Admin</p>
+      <h2>Nutzerverwaltung</h2>
+      <div class="badge-settings">
+        <form method="post" action="{{ url_for('settings.create_user') }}" class="badge-setting-card">
+          {{ admin_form.hidden_tag() }}
+          <div>
+            <strong>Neuen Nutzer anlegen</strong>
+            <p class="muted">Hier legst du weitere Personen kontrolliert an, ohne freie Registrierung.</p>
+          </div>
+          <div class="field">
+            {{ admin_form.name.label }}
+            {{ admin_form.name() }}
+          </div>
+          <div class="field">
+            {{ admin_form.email.label }}
+            {{ admin_form.email() }}
+          </div>
+          <div class="field">
+            {{ admin_form.password.label }}
+            {{ admin_form.password() }}
+          </div>
+          <label class="checkbox">
+            {{ admin_form.is_admin() }}
+            <span>Als Admin anlegen</span>
+          </label>
+          {{ admin_form.submit(class_='button button--secondary') }}
+        </form>
+      </div>
+
+      <div class="admin-user-list">
+        {% for user in users %}
+          <article class="admin-user-card">
+            <div class="admin-user-card__identity">
+              {{ avatar(user) }}
+              <div>
+                <strong>{{ user.name }}</strong>
+                <p class="muted">{{ user.email }}</p>
+              </div>
+            </div>
+            <div class="chip-row">
+              {% if user.is_admin %}
+                <span class="reward-chip">Admin</span>
+              {% endif %}
+              {% if user.id == current_user.id %}
+                <span class="point-pill">Du</span>
+              {% endif %}
+            </div>
+            <div class="admin-user-card__actions">
+              <form method="post" action="{{ url_for('settings.toggle_admin', user_id=user.id) }}">
+                <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+                <input type="hidden" name="make_admin" value="{{ 0 if user.is_admin else 1 }}">
+                <button type="submit" class="button button--ghost">
+                  {% if user.is_admin %}Admin entziehen{% else %}Zum Admin machen{% endif %}
+                </button>
+              </form>
+              <form method="post" action="{{ url_for('settings.delete_user', user_id=user.id) }}" onsubmit="return confirm('Diesen Nutzer wirklich entfernen? Zugewiesene Aufgaben bleiben erhalten, aber ohne Person.')">
+                <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+                <button type="submit" class="button button--secondary" {% if user.id == current_user.id %}disabled{% endif %}>
+                  Nutzer löschen
+                </button>
+              </form>
+            </div>
+          </article>
+        {% endfor %}
+      </div>
+    </section>
+  {% endif %}
 {% endblock %}