Simon/MClogger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modified: web/blueprints/auth.py

Browse Source 
modified:   web/blueprints/group_admin.py
	modified:   web/config.py
	modified:   web/panel_db.py
	new file:   web/templates/auth/accept_invite.html
	modified:   web/templates/group_admin/base.html
	modified:   web/templates/group_admin/members.html
This commit is contained in:
simon
2026-04-13 10:26:47 +02:00
parent 484687a076
commit 6b13ea5c22
7 changed files with 404 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
web/templates/auth/accept_invite.html Normal file
View File

@@ -0,0 +1,72 @@
<!DOCTYPE html>
<html lang="en" data-bs-theme="dark">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Accept Invitation</title>
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css">
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap-icons@1.11.3/font/bootstrap-icons.min.css">
<style>
body { display: flex; align-items: center; justify-content: center; min-height: 100vh; background: #0d1117; }
.invite-card { width: 100%; max-width: 460px; }
</style>
</head>
<body>
<div class="invite-card p-4">
<div class="text-center mb-4">
<i class="bi bi-envelope-open-heart-fill fs-1 text-success"></i>
<h3 class="fw-bold mt-2">Accept Invitation</h3>
<p class="text-muted small mb-0">Join {{ invite.group_name }} on MCLogger</p>
</div>
<div class="card border-secondary">
<div class="card-body">
<div class="mb-3 small text-muted">
<div><strong>Username:</strong> {{ invite.invited_username }}</div>
<div><strong>Email:</strong> {{ invite.invited_email }}</div>
<div><strong>Role:</strong> {{ invite.role|capitalize }}</div>
<div><strong>Expires:</strong> {{ invite.expires_at | fmt_dt }}</div>
</div>
{% if error %}
<div class="alert alert-danger py-2">{{ error }}</div>
{% endif %}
{% if is_invalid %}
<div class="alert alert-warning mb-0">
{% if is_expired %}
This invitation has expired.
{% elif invite.revoked_at %}
This invitation has been revoked.
{% else %}
This invitation has already been used.
{% endif %}
</div>
{% else %}
<form method="post">
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
<div class="mb-3">
<label class="form-label">Choose Password</label>
<input type="password" name="password" class="form-control" minlength="8" required>
</div>
<div class="mb-3">
<label class="form-label">Confirm Password</label>
<input type="password" name="confirm_password" class="form-control" minlength="8" required>
</div>
<button type="submit" class="btn btn-success w-100">
<i class="bi bi-check2-circle me-1"></i>Create Account
</button>
</form>
{% endif %}
</div>
</div>
<div class="text-center mt-3">
<a href="{{ url_for('auth.login') }}" class="text-muted small">
<i class="bi bi-arrow-left me-1"></i>Back to login
</a>
</div>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>

1
web/templates/group_admin/base.html
View File

@@ -44,6 +44,7 @@
{% block content %}{% endblock %}
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
<script src="{{ url_for('static', filename='js/main.js') }}"></script>
{% block scripts %}{% endblock %}
</body>
</html>

110
web/templates/group_admin/members.html
View File

@@ -4,7 +4,7 @@
<h2 class="mb-4"><i class="bi bi-people-fill me-2"></i>Members</h2>
<div class="row g-3">
<!-- Mitgliederliste -->
<!-- Member list -->
<div class="col-md-8">
<div class="card border-secondary">
<div class="card-header">Current Members ({{ members|length }})</div>
@@ -46,19 +46,109 @@
</table>
</div>
</div>
<div class="card border-secondary mt-3">
<div class="card-header"><i class="bi bi-envelope-paper-fill me-2"></i>Pending Invitations ({{ pending_invites|length }})</div>
<div class="card-body p-0">
<table class="table table-hover mb-0">
<thead><tr><th>User</th><th>Role</th><th>Expires</th><th class="text-end">Actions</th></tr></thead>
<tbody>
{% for invite in pending_invites %}
{% set invite_url = url_for('auth.accept_invite', token=invite.token, _external=True) %}
<tr>
<td>
<div>{{ invite.invited_username }}</div>
<div class="small text-muted" id="invite-link-{{ invite.id }}">{{ invite.invited_email }}</div>
</td>
<td>
{% if invite.role == 'admin' %}
<span class="badge bg-warning text-dark"><i class="bi bi-star-fill me-1"></i>Admin</span>
{% else %}
<span class="badge bg-secondary">Member</span>
{% endif %}
</td>
<td class="small text-muted">{{ invite.expires_at | fmt_dt }}</td>
<td class="text-end">
<button type="button" class="btn btn-sm btn-outline-primary copy-btn" data-target="#invite-url-{{ invite.id }}" title="Copy invite link">
<i class="bi bi-clipboard"></i>
</button>
<form method="post" action="{{ url_for('group_admin.revoke_invite', invite_id=invite.id) }}" class="d-inline"
onsubmit="return confirm('Revoke invitation for {{ invite.invited_username }}?')">
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
<button type="submit" class="btn btn-sm btn-outline-danger" title="Revoke">
<i class="bi bi-x-lg"></i>
</button>
</form>
<div class="d-none" id="invite-url-{{ invite.id }}">{{ invite_url }}</div>
</td>
</tr>
{% else %}
<tr><td colspan="4" class="text-muted text-center py-3">No pending invitations</td></tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
</div>
<!-- Member invitation note: only Site Admin can add new users to groups -->
<!-- Group management actions -->
<div class="col-md-4">
<div class="card border-secondary">
<div class="card-header"><i class="bi bi-info-circle me-2"></i>Note</div>
<div class="card border-secondary mb-3">
<div class="card-header"><i class="bi bi-person-plus-fill me-2"></i>Add Existing User</div>
<div class="card-body">
<p class="text-muted small">
New members must be added by the <strong>Site Admin</strong>.
</p>
<p class="text-muted small">
As group admin you can manage permissions of existing members and remove members.
</p>
{% if non_members %}
<form method="post" action="{{ url_for('group_admin.member_add') }}">
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
<div class="mb-3">
<label class="form-label">User</label>
<select name="user_id" class="form-select" required>
{% for user in non_members %}
<option value="{{ user.id }}">{{ user.username }} ({{ user.email }})</option>
{% endfor %}
</select>
</div>
<div class="mb-3">
<label class="form-label">Role</label>
<select name="role" class="form-select">
<option value="member">Member</option>
<option value="admin">Admin</option>
</select>
</div>
<button type="submit" class="btn btn-outline-success w-100">
<i class="bi bi-person-plus-fill me-1"></i>Add to Group
</button>
</form>
{% else %}
<p class="text-muted small mb-0">No existing users are available to add.</p>
{% endif %}
</div>
</div>
<div class="card border-secondary">
<div class="card-header"><i class="bi bi-envelope-plus-fill me-2"></i>Invite New User</div>
<div class="card-body">
<form method="post" action="{{ url_for('group_admin.member_invite') }}">
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
<div class="mb-3">
<label class="form-label">Username</label>
<input type="text" name="username" class="form-control" maxlength="50" required>
</div>
<div class="mb-3">
<label class="form-label">Email</label>
<input type="email" name="email" class="form-control" maxlength="255" required>
<div class="form-text">The user will receive an invite link and set their own password.</div>
</div>
<div class="mb-3">
<label class="form-label">Role</label>
<select name="role" class="form-select">
<option value="member">Member</option>
<option value="admin">Admin</option>
</select>
</div>
<button type="submit" class="btn btn-success w-100">
<i class="bi bi-envelope-plus-fill me-1"></i>Create Invitation
</button>
</form>
</div>
</div>
</div>