modified: app.py

modified:   templates/admin_giveaways.html

app.py

@@ -411,61 +411,154 @@ def download_logs():
     return redirect(url_for("landing_page"))
 
 @app.route("/admin/giveaways", methods=["GET", "POST"])
-def admin_giveaways():
-    """Zeigt eine Liste aller Giveaways an und ermöglicht das Bearbeiten und Sortieren."""
-    if is_admin():
-        connection = get_giveaway_db_connection()  # Verbindung zur Giveaway-Datenbank
+def manage_giveaways():
+    """Verwalte alle Giveaways (nur für Admins)."""
+    if "discord_user" in session:
+        user_info = session["discord_user"]
+        user_id = user_info["id"]
+
+        # Überprüfe, ob der Benutzer Admin-Rechte hat
+        connection = get_db_connection()  # Verbindung zur User-Datenbank
         cursor = connection.cursor(dictionary=True)
 
-        # Sortierung nach bestimmten Feldern
-        sort_field = request.args.get("sort", "id")  # Standardmäßig nach 'id' sortieren
-        order = request.args.get("order", "asc")  # Standardmäßig aufsteigend sortieren
+        cursor.execute("SELECT permission FROM user_data WHERE user_id = %s", (user_id,))
+        user_data = cursor.fetchone()
 
-        # Holen aller Giveaways aus der Datenbank
-        cursor.execute(f"SELECT * FROM giveaways ORDER BY {sort_field} {order}")
-        giveaways = cursor.fetchall()
-        
-        cursor.close()
-        connection.close()
+        if user_data and user_data["permission"] >= 8:
+            connection.close()
+
+            # Verbindung zur Giveaway-Datenbank herstellen
+            giveaway_connection = get_giveaway_db_connection()
+            giveaway_cursor = giveaway_connection.cursor(dictionary=True)
+
+            # Alle Giveaways aus der Giveaway-Datenbank abrufen
+            giveaway_cursor.execute("SELECT * FROM giveaways")
+            giveaways = giveaway_cursor.fetchall()
+
+            giveaway_cursor.close()
+            giveaway_connection.close()
+
+            return render_template("admin_giveaways.html", user_info=user_info, giveaways=giveaways)
+        else:
+            return redirect(url_for("user_dashboard"))
 
-        return render_template("admin_giveaways.html", giveaways=giveaways, sort_field=sort_field, order=order)
     return redirect(url_for("login"))
 
-@app.route("/admin/giveaways/edit/<int:giveaway_id>", methods=["GET", "POST"])
-def edit_giveaway(giveaway_id):
-    """Bearbeitet ein spezifisches Giveaway."""
-    if is_admin():
-        connection = get_giveaway_db_connection()  # Verbindung zur Giveaway-Datenbank
+
+@app.route("/admin/giveaway/edit/<int:id>", methods=["GET", "POST"])
+def edit_giveaway(id):
+    """Bearbeite ein bestehendes Giveaway."""
+    if "discord_user" in session:
+        user_info = session["discord_user"]
+        user_id = user_info["id"]
+
+        # Überprüfe, ob der Benutzer Admin-Rechte hat
+        connection = get_db_connection()
         cursor = connection.cursor(dictionary=True)
 
-        if request.method == "POST":
-            platform = request.form.get("platform")
-            name = request.form.get("name")
-            game_key = request.form.get("game_key")
-            winner_dc_id = request.form.get("winner_dc_id")
-            aktiv = bool(request.form.get("aktiv"))
+        cursor.execute("SELECT permission FROM user_data WHERE user_id = %s", (user_id,))
+        user_data = cursor.fetchone()
 
-            # Update der Giveaways-Daten
-            cursor.execute("""
-                UPDATE giveaways
-                SET platform = %s, name = %s, game_key = %s, winner_dc_id = %s, aktiv = %s
-                WHERE id = %s
-            """, (platform, name, game_key, winner_dc_id, aktiv, giveaway_id))
-            connection.commit()
+        if user_data and user_data["permission"] >= 8:
+            connection.close()
 
-            flash("Giveaway updated successfully!", "success")
-            return redirect(url_for("admin_giveaways"))
+            giveaway_connection = get_giveaway_db_connection()
+            cursor = giveaway_connection.cursor(dictionary=True)
 
-        # Daten des spezifischen Giveaways laden
-        cursor.execute("SELECT * FROM giveaways WHERE id = %s", (giveaway_id,))
-        giveaway = cursor.fetchone()
-        
-        cursor.close()
-        connection.close()
+            if request.method == "POST":
+                platform = request.form["platform"]
+                name = request.form["name"]
+                game_key = request.form["game_key"]
+                winner_dc_id = request.form["winner_dc_id"]
+
+                # Update the giveaway
+                cursor.execute("""
+                    UPDATE giveaways
+                    SET platform = %s, name = %s, game_key = %s, winner_dc_id = %s
+                    WHERE id = %s
+                """, (platform, name, game_key, winner_dc_id, id))
+                giveaway_connection.commit()
+
+                cursor.close()
+                giveaway_connection.close()
+
+                return redirect(url_for("manage_giveaways"))
+
+            # Hole die aktuellen Daten des Giveaways
+            cursor.execute("SELECT * FROM giveaways WHERE id = %s", (id,))
+            giveaway = cursor.fetchone()
+
+            cursor.close()
+            giveaway_connection.close()
+
+            return render_template("edit_giveaway.html", giveaway=giveaway)
 
-        return render_template("edit_giveaway.html", giveaway=giveaway)
     return redirect(url_for("login"))
 
+@app.route("/admin/giveaway/delete/<int:id>", methods=["POST"])
+def delete_giveaway(id):
+    """Lösche ein Giveaway aus der Datenbank."""
+    if "discord_user" in session:
+        user_info = session["discord_user"]
+        user_id = user_info["id"]
+
+        connection = get_db_connection()
+        cursor = connection.cursor(dictionary=True)
+
+        cursor.execute("SELECT permission FROM user_data WHERE user_id = %s", (user_id,))
+        user_data = cursor.fetchone()
+
+        if user_data and user_data["permission"] >= 8:
+            connection.close()
+
+            # Verbindung zur Giveaway-Datenbank herstellen
+            giveaway_connection = get_giveaway_db_connection()
+            cursor = giveaway_connection.cursor()
+
+            cursor.execute("DELETE FROM giveaways WHERE id = %s", (id,))
+            giveaway_connection.commit()
+
+            cursor.close()
+            giveaway_connection.close()
+
+            return redirect(url_for("manage_giveaways"))
+
+    return redirect(url_for("login"))
+
+@app.route("/admin/giveaway/toggle_active/<int:id>", methods=["POST"])
+def toggle_active(id):
+    """Aktiviere oder deaktiviere ein Giveaway."""
+    if "discord_user" in session:
+        user_info = session["discord_user"]
+        user_id = user_info["id"]
+
+        connection = get_db_connection()
+        cursor = connection.cursor(dictionary=True)
+
+        cursor.execute("SELECT permission FROM user_data WHERE user_id = %s", (user_id,))
+        user_data = cursor.fetchone()
+
+        if user_data and user_data["permission"] >= 8:
+            connection.close()
+
+            giveaway_connection = get_giveaway_db_connection()
+            cursor = giveaway_connection.cursor(dictionary=True)
+
+            # Hole den aktuellen Status
+            cursor.execute("SELECT aktiv FROM giveaways WHERE id = %s", (id,))
+            giveaway = cursor.fetchone()
+
+            # Toggle den Aktiv-Status
+            new_status = not giveaway["aktiv"]
+            cursor.execute("UPDATE giveaways SET aktiv = %s WHERE id = %s", (new_status, id))
+            giveaway_connection.commit()
+
+            cursor.close()
+            giveaway_connection.close()
+
+            return redirect(url_for("manage_giveaways"))
+
+    return redirect(url_for("login"))
 
 @app.route("/user/giveaways", methods=["GET"])
 def user_giveaways():