modified: web/app.py

modified: web/blueprints/auth.py modified: web/blueprints/group_admin.py modified: web/blueprints/panel.py modified: web/blueprints/site_admin.py modified: web/config.py new file: web/templates/404.html modified: web/templates/admin/base.html modified: web/templates/admin/group_edit.html modified: web/templates/admin/group_members.html modified: web/templates/admin/groups.html modified: web/templates/admin/user_edit.html modified: web/templates/admin/users.html modified: web/templates/auth/admin_login.html modified: web/templates/auth/login.html modified: web/templates/base.html modified: web/templates/group_admin/base.html modified: web/templates/group_admin/database.html modified: web/templates/group_admin/member_edit.html modified: web/templates/group_admin/members.html modified: web/templates/login.html modified: web/templates/panel/dashboard.html
2026-04-13 09:55:50 +02:00
parent 486aa2ff18
commit 935dc3f909
22 changed files with 260 additions and 50 deletions
--- a/web/templates/group_admin/base.html
+++ b/web/templates/group_admin/base.html
@@ -21,9 +21,12 @@
            <a href="{{ url_for('panel.dashboard') }}" class="btn btn-outline-dark btn-sm">
                <i class="bi bi-grid me-1"></i>Panel
            </a>
-            <a href="{{ url_for('auth.logout') }}" class="btn btn-dark btn-sm">
-                <i class="bi bi-box-arrow-right"></i>
-            </a>
+            <form method="post" action="{{ url_for('auth.logout') }}" class="d-inline">
+                <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
+                <button type="submit" class="btn btn-dark btn-sm">
+                    <i class="bi bi-box-arrow-right"></i>
+                </button>
+            </form>
        </div>
    </div>
 </nav>
--- a/web/templates/group_admin/database.html
+++ b/web/templates/group_admin/database.html
@@ -15,6 +15,7 @@
                {% endif %}

                <form method="post">
+                    <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
                    <div class="row g-3">
                        <div class="col-md-8">
                            <label class="form-label">Host *</label>
@@ -48,18 +49,22 @@
                        </div>
                    </div>

-                    <div class="d-flex gap-2 mt-4">
+                    <div class="mt-4">
                        <button type="submit" name="action" value="test_save" class="btn btn-success">
                            <i class="bi bi-plug-fill me-1"></i>Test & Save
                        </button>
-                        {% if creds %}
-                        <button type="submit" name="action" value="delete" class="btn btn-outline-danger"
-                                onclick="return confirm('Delete DB configuration?')">
-                            <i class="bi bi-trash3 me-1"></i>Remove
-                        </button>
-                        {% endif %}
                    </div>
                </form>
+
+                {% if creds %}
+                <form method="post" action="{{ url_for('group_admin.database_delete') }}" class="d-inline">
+                    <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
+                    <button type="submit" class="btn btn-outline-danger mt-2"
+                            onclick="return confirm('Delete DB configuration?')">
+                        <i class="bi bi-trash3 me-1"></i>Remove
+                    </button>
+                </form>
+                {% endif %}
            </div>
        </div>
    </div>
@@ -79,13 +84,13 @@
                <p class="small text-muted mb-1"><strong>Required tables:</strong></p>
                <ul class="small text-muted">
                    <li>player_sessions</li>
-                    <li>chat_messages</li>
+                    <li>player_chat</li>
                    <li>player_commands</li>
                    <li>block_events</li>
                    <li>player_deaths</li>
                    <li>proxy_events</li>
                    <li>server_events</li>
-                    <li>permission_changes</li>
+                    <li>plugin_events</li>
                </ul>
            </div>
        </div>
--- a/web/templates/group_admin/member_edit.html
+++ b/web/templates/group_admin/member_edit.html
@@ -16,6 +16,7 @@
            </div>
            <div class="card-body">
                <form method="post">
+                    <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
                    <div class="mb-3">
                        <label class="form-label">Role</label>
                        <select name="role" class="form-select">
@@ -33,7 +34,7 @@
                        <div class="form-check form-switch">
                            <input class="form-check-input" type="checkbox" role="switch"
                                   name="perm_{{ key }}" id="perm_{{ key }}"
-                                   {{ 'checked' if perms.get(key, True) }}>
+                                {{ 'checked' if current_perms.get(key, True) }}>
                            <label class="form-check-label" for="perm_{{ key }}">{{ label }}</label>
                        </div>
                    </div>
--- a/web/templates/group_admin/members.html
+++ b/web/templates/group_admin/members.html
@@ -29,6 +29,7 @@
                            </a>
                            <form method="post" action="{{ url_for('group_admin.member_remove', user_id=m.id) }}" class="d-inline"
                                  onsubmit="return confirm('Remove {{ m.username }}?')">
+                                <input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
                                <button type="submit" class="btn btn-sm btn-outline-danger" title="Remove">
                                    <i class="bi bi-person-dash"></i>
                                </button>