modified: web/blueprints/auth.py

modified: web/blueprints/group_admin.py modified: web/config.py modified: web/panel_db.py new file: web/templates/auth/accept_invite.html modified: web/templates/group_admin/base.html modified: web/templates/group_admin/members.html
2026-04-13 10:26:47 +02:00
parent 484687a076
commit 6b13ea5c22
7 changed files with 404 additions and 12 deletions
--- a/web/blueprints/group_admin.py
+++ b/web/blueprints/group_admin.py
@@ -63,11 +63,12 @@ def members():
    group_id    = session["group_id"]
    group       = db.get_group_by_id(group_id)
    members     = db.get_group_members(group_id)
+    pending_invites = db.list_active_group_invites(group_id)
    all_users   = db.list_all_users()
    member_ids  = {m["id"] for m in members}
    non_members = [u for u in all_users if u["id"] not in member_ids and not u["is_site_admin"]]
    return render_template("group_admin/members.html",
-        group=group, members=members, non_members=non_members,
+        group=group, members=members, non_members=non_members, pending_invites=pending_invites,
        all_permissions=ALL_PERMISSIONS)


@@ -83,6 +84,52 @@ def member_add():
    return redirect(url_for("group_admin.members"))


+@group_admin.route("/members/invite", methods=["POST"])
+@group_admin_required
+def member_invite():
+    group_id = session["group_id"]
+    username = request.form.get("username", "").strip()
+    email = request.form.get("email", "").strip()
+    role = request.form.get("role", "member")
+
+    if not username or not email:
+        flash("Username and email are required.", "danger")
+        return redirect(url_for("group_admin.members"))
+
+    if "@" not in email:
+        flash("Please provide a valid email address.", "danger")
+        return redirect(url_for("group_admin.members"))
+
+    if role not in {"member", "admin"}:
+        flash("Invalid role selected.", "danger")
+        return redirect(url_for("group_admin.members"))
+
+    if db.get_user_by_username(username):
+        flash("Username already exists.", "danger")
+        return redirect(url_for("group_admin.members"))
+
+    if db.get_user_by_email(email):
+        flash("Email address is already in use.", "danger")
+        return redirect(url_for("group_admin.members"))
+
+    if db.get_active_invite_by_email(group_id, email):
+        flash("There is already an active invitation for this email in the group.", "danger")
+        return redirect(url_for("group_admin.members"))
+
+    token = db.create_group_invite(group_id, username, email, role, session["user_id"])
+    invite_url = url_for("auth.accept_invite", token=token, _external=True)
+    flash(f"Invitation created for '{username}'. Share this link: {invite_url}", "success")
+    return redirect(url_for("group_admin.members"))
+
+
+@group_admin.route("/invites/<int:invite_id>/revoke", methods=["POST"])
+@group_admin_required
+def revoke_invite(invite_id):
+    db.revoke_group_invite(invite_id, session["group_id"])
+    flash("Invitation revoked.", "success")
+    return redirect(url_for("group_admin.members"))
+
+
@group_admin.route("/members/<int:user_id>/edit", methods=["GET", "POST"])
@group_admin_required
 def member_edit(user_id):