modified: web/app.py

modified: web/blueprints/auth.py modified: web/blueprints/group_admin.py modified: web/blueprints/panel.py modified: web/blueprints/site_admin.py modified: web/config.py new file: web/templates/404.html modified: web/templates/admin/base.html modified: web/templates/admin/group_edit.html modified: web/templates/admin/group_members.html modified: web/templates/admin/groups.html modified: web/templates/admin/user_edit.html modified: web/templates/admin/users.html modified: web/templates/auth/admin_login.html modified: web/templates/auth/login.html modified: web/templates/base.html modified: web/templates/group_admin/base.html modified: web/templates/group_admin/database.html modified: web/templates/group_admin/member_edit.html modified: web/templates/group_admin/members.html modified: web/templates/login.html modified: web/templates/panel/dashboard.html
2026-04-13 09:55:50 +02:00
parent 486aa2ff18
commit 935dc3f909
22 changed files with 260 additions and 50 deletions
--- a/web/templates/base.html
+++ b/web/templates/base.html
@@ -103,10 +103,13 @@
        <div class="mb-2 sidebar-hide-collapsed">
            <small class="text-muted">Switch group:</small>
            {% for g in user_groups %}
-            <a href="{{ url_for('auth.switch_group', group_id=g.id) }}"
-               class="btn btn-sm w-100 mt-1 {{ 'btn-success' if g.id == session.get('group_id') else 'btn-outline-secondary' }}">
-                {{ g.name }}
-            </a>
+            <form method="post" action="{{ url_for('auth.switch_group', group_id=g.id) }}" class="mt-1">
+                <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
+                <button type="submit"
+                        class="btn btn-sm w-100 {{ 'btn-success' if g.id == session.get('group_id') else 'btn-outline-secondary' }}">
+                    {{ g.name }}
+                </button>
+            </form>
            {% endfor %}
        </div>
        {% endif %}
@@ -119,9 +122,12 @@
        {% endif %}
        {% if session.get('is_site_admin') %}
        {% if session.get('admin_viewing') %}
-        <a href="{{ url_for('site_admin.stop_view') }}" class="btn btn-warning btn-sm mb-1">
-            <i class="bi bi-arrow-left"></i> <span>Back to Admin</span>
-        </a>
+        <form method="post" action="{{ url_for('site_admin.stop_view') }}" class="mb-1">
+            <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
+            <button type="submit" class="btn btn-warning btn-sm w-100">
+                <i class="bi bi-arrow-left"></i> <span>Back to Admin</span>
+            </button>
+        </form>
        {% else %}
        <a href="{{ url_for('site_admin.dashboard') }}" class="btn btn-outline-danger btn-sm mb-1">
            <i class="bi bi-shield-fill"></i> <span>Site Admin</span>
@@ -135,9 +141,12 @@
                <span id="online-count">—</span> <span class="sidebar-hide-collapsed">Online</span>
            </div>
            <small class="text-muted d-block mb-1 sidebar-hide-collapsed">{{ session.get('username', '') }}</small>
-            <a href="{{ url_for('auth.logout') }}" class="btn btn-outline-danger btn-sm w-100">
-                <i class="bi bi-box-arrow-right"></i> <span>Logout</span>
-            </a>
+            <form method="post" action="{{ url_for('auth.logout') }}">
+                <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
+                <button type="submit" class="btn btn-outline-danger btn-sm w-100">
+                    <i class="bi bi-box-arrow-right"></i> <span>Logout</span>
+                </button>
+            </form>
        </div>
    </nav>