diff --git a/app.py b/app.py
index 249d3b6..301c5e7 100644
--- a/app.py
+++ b/app.py
@@ -323,21 +323,36 @@ def edit_user(guild_id, user_id):
connection = get_db_connection()
cursor = connection.cursor(dictionary=True)
+ # Hole die Berechtigungen des aktuellen Admins
+ admin_user_id = session["discord_user"]["id"]
+ cursor.execute("SELECT permission FROM user_data WHERE guild_id = %s AND user_id = %s", (guild_id, admin_user_id))
+ admin_data = cursor.fetchone()
+ max_permission = admin_data["permission"] if admin_data else 0
+
if request.method == "POST":
points = int(request.form.get("points", 0))
level = int(request.form.get("level", 1))
ban = int(request.form.get("ban", 0))
+ permission = int(request.form.get("permission", 0))
+ askmultus = int(request.form.get("askmultus", 0))
+ filter_value = int(request.form.get("filter_value", 0))
+ rank = request.form.get("rank", "")
+ xp = int(request.form.get("xp", 0))
+
+ # Validierung der Berechtigungen
+ if permission > max_permission:
+ flash("You cannot assign a permission level higher than your own.", "danger")
+ return redirect(url_for("edit_user", guild_id=guild_id, user_id=user_id))
# Update der Benutzerdaten
cursor.execute("""
UPDATE user_data
- SET points = %s, level = %s, ban = %s
+ SET points = %s, level = %s, ban = %s, permission = %s, askmultus = %s, filter_value = %s, rank = %s, xp = %s
WHERE guild_id = %s AND user_id = %s
- """, (points, level, ban, guild_id, user_id))
+ """, (points, level, ban, permission, askmultus, filter_value, rank, xp, guild_id, user_id))
connection.commit()
flash("User data updated successfully!", "success")
- # Nach dem Speichern zum server_admin_dashboard weiterleiten
return redirect(url_for("server_admin_dashboard", guild_id=guild_id))
# Daten des spezifischen Benutzers laden
@@ -347,7 +362,7 @@ def edit_user(guild_id, user_id):
cursor.close()
connection.close()
- return render_template("edit_user.html", user_data=user_data, guild_id=guild_id)
+ return render_template("edit_user.html", user_data=user_data, guild_id=guild_id, max_permission=max_permission)
return redirect(url_for("landing_page"))
diff --git a/templates/edit_user.html b/templates/edit_user.html
index 96f2c7e..85dd71f 100644
--- a/templates/edit_user.html
+++ b/templates/edit_user.html
@@ -19,6 +19,26 @@
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+