modified: web/app.py

modified: web/blueprints/auth.py modified: web/blueprints/group_admin.py modified: web/blueprints/panel.py modified: web/blueprints/site_admin.py modified: web/config.py new file: web/templates/404.html modified: web/templates/admin/base.html modified: web/templates/admin/group_edit.html modified: web/templates/admin/group_members.html modified: web/templates/admin/groups.html modified: web/templates/admin/user_edit.html modified: web/templates/admin/users.html modified: web/templates/auth/admin_login.html modified: web/templates/auth/login.html modified: web/templates/base.html modified: web/templates/group_admin/base.html modified: web/templates/group_admin/database.html modified: web/templates/group_admin/member_edit.html modified: web/templates/group_admin/members.html modified: web/templates/login.html modified: web/templates/panel/dashboard.html
2026-04-13 09:55:50 +02:00
parent 486aa2ff18
commit 935dc3f909
22 changed files with 260 additions and 50 deletions
--- a/web/blueprints/auth.py
+++ b/web/blueprints/auth.py
@@ -52,13 +52,13 @@ def admin_login():
    return render_template("auth/admin_login.html", error=error)


-@auth.route("/logout")
+@auth.route("/logout", methods=["POST"])
 def logout():
    session.clear()
    return redirect(url_for("auth.login"))


-@auth.route("/switch-group/<int:group_id>")
+@auth.route("/switch-group/<int:group_id>", methods=["POST"])
 def switch_group(group_id):
    if not session.get("user_id") or session.get("is_site_admin"):
        return redirect(url_for("auth.login"))
--- a/web/blueprints/group_admin.py
+++ b/web/blueprints/group_admin.py
@@ -99,7 +99,7 @@ def member_edit(user_id):

    if request.method == "POST":
        role = request.form.get("role", "member")
-        new_perms = {key: (request.form.get(key) == "1") for key, _ in ALL_PERMISSIONS}
+        new_perms = {key: bool(request.form.get(f"perm_{key}")) for key, _ in ALL_PERMISSIONS}
        db.update_member(user_id, group_id, role, new_perms)
        flash("Permissions updated.", "success")
        return redirect(url_for("group_admin.members"))
--- a/web/blueprints/panel.py
+++ b/web/blueprints/panel.py
@@ -118,7 +118,7 @@ def dashboard():
            "proxy_events_today":  query("SELECT COUNT(*) AS c FROM proxy_events    WHERE timestamp >= CURDATE()", fetchone=True)["c"],
        }
        online = query("""
-            SELECT p.username, ps.server_name, ps.login_time
+            SELECT p.uuid AS player_uuid, p.username AS player_name, ps.server_name, ps.login_time
            FROM player_sessions ps
            JOIN players p ON p.uuid = ps.player_uuid
            WHERE ps.logout_time IS NULL
@@ -148,8 +148,9 @@ def dashboard():
        recent = query("""
            SELECT * FROM v_recent_activity LIMIT 50
        """)
-    except Exception as e:
-        flash(f"Database error: {e}", "danger")
+    except Exception:
+        panel.logger.exception("Database error while rendering dashboard")
+        flash("Database query failed. Please contact an administrator.", "danger")
        return render_template("panel/no_db.html")

    return render_template("panel/dashboard.html",
@@ -405,7 +406,7 @@ def perms():
@login_required
 def api_online():
    rows = query("""
-        SELECT p.username, ps.server_name, ps.login_time
+        SELECT p.uuid AS player_uuid, p.username AS player_name, ps.server_name, ps.login_time
        FROM player_sessions ps
        JOIN players p ON p.uuid = ps.player_uuid
        WHERE ps.logout_time IS NULL ORDER BY ps.login_time DESC
--- a/web/blueprints/site_admin.py
+++ b/web/blueprints/site_admin.py
@@ -216,7 +216,7 @@ def user_delete(user_id):
 # Als Gruppe anzeigen (Site-Admin liest Gruppen-DB)
 # ──────────────────────────────────────────────────────────────

-@site_admin.route("/view-group/<int:group_id>")
+@site_admin.route("/view-group/<int:group_id>", methods=["POST"])
@admin_required
 def view_group(group_id):
    """Site Admin temporarily switches into a group to view its MC data."""
@@ -239,7 +239,7 @@ def view_group(group_id):
    return redirect(url_for("panel.dashboard"))


-@site_admin.route("/stop-view")
+@site_admin.route("/stop-view", methods=["POST"])
@admin_required
 def stop_view():
    """Kehrt zum Site-Admin-Dashboard zurück."""