Simon/MClogger
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

modified: web/blueprints/site_admin.py

Browse Source 
modified:   web/panel_db.py
	modified:   web/templates/admin/user_edit.html
	modified:   web/templates/admin/users.html
This commit is contained in:
SimolZimol
2026-04-13 18:25:09 +02:00
parent 31b45d4db4
commit fe2e5e3c9c
4 changed files with 323 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

131
web/blueprints/site_admin.py
View File

@@ -352,28 +352,139 @@ def group_invite_resend(group_id, invite_id):
@site_admin.route("/users")
@admin_required
def users():
return render_template("admin/users.html", users=db.list_all_users())
return render_template(
"admin/users.html",
users=db.list_all_users(),
pending_invites=db.list_all_active_invites(),
)
@site_admin.route("/users/new", methods=["GET", "POST"])
@admin_required
def user_new():
groups = db.list_all_groups()
if request.method == "POST":
username = request.form.get("username", "").strip()
email = request.form.get("email", "").strip()
password = request.form.get("password", "")
is_site_admin = request.form.get("is_site_admin") == "1"
if not username or not email or not password:
flash("All fields are required.", "danger")
group_id_raw = request.form.get("group_id", "").strip()
role = request.form.get("role", "viewer")
group_id = int(group_id_raw) if group_id_raw else None
error = None
if not username or not email:
error = "Username and email are required."
elif db.get_user_by_username(username):
flash("Username already taken.", "danger")
error = "Username already taken."
elif db.get_user_by_email(email):
flash("Email address already in use.", "danger")
error = "Email address already in use."
elif db.get_active_invite_by_username_global(username):
error = "There is already an active invitation for this username."
elif db.get_active_invite_by_email_global(email):
error = "There is already an active invitation for this email."
elif group_id and role not in GROUP_ROLE_SET:
error = "Invalid role selected."
if error:
flash(error, "danger")
return render_template("admin/user_edit.html", user=None, groups=groups)
effective_role = role if group_id else "member"
token = db.create_group_invite(group_id, username, email, effective_role,
session["user_id"], is_site_admin=is_site_admin)
invite_url = url_for("auth.accept_invite", token=token, _external=True)
mail_settings = db.get_site_mail_settings()
if mail_settings:
if group_id:
group = db.get_group_by_id(group_id)
subject = f"Invitation to join {group['name']}"
body = (
f"Hello {username},\n\n"
f"You have been invited to join the group '{group['name']}' on MCLogger"
f" as {role_label(effective_role)}.\n"
f"Open this link to create your account:\n\n{invite_url}\n\n"
f"This invite expires in {Config.INVITE_EXPIRY_HOURS} hours.\n"
)
else:
subject = "You have been invited to MCLogger"
body = (
f"Hello {username},\n\n"
f"You have been invited to create an account on MCLogger.\n"
f"Open this link to create your account:\n\n{invite_url}\n\n"
f"This invite expires in {Config.INVITE_EXPIRY_HOURS} hours.\n"
)
try:
send_mail(mail_settings, email, subject, body)
invite = db.get_invite_by_token(token)
if invite:
db.mark_invite_sent_global(invite["id"])
flash(f"Invitation email sent to '{email}'.", "success")
except Exception:
flash(
f"Invitation created, but email delivery failed. "
f"Share this link manually: {invite_url}",
"warning",
)
else:
db.create_user(username, email, password, is_site_admin)
flash(f"User '{username}' created.", "success")
return redirect(url_for("site_admin.users"))
return render_template("admin/user_edit.html", user=None)
flash(f"Invitation created for '{username}'. Share this link: {invite_url}", "success")
return redirect(url_for("site_admin.users"))
return render_template("admin/user_edit.html", user=None, groups=groups)
@site_admin.route("/users/invites/<int:invite_id>/revoke", methods=["POST"])
@admin_required
def user_invite_revoke(invite_id):
db.revoke_invite_global(invite_id)
flash("Invitation revoked.", "success")
return redirect(url_for("site_admin.users"))
@site_admin.route("/users/invites/<int:invite_id>/resend", methods=["POST"])
@admin_required
def user_invite_resend(invite_id):
invite = db.get_invite_by_id_global(invite_id)
if not invite:
flash("Invitation not found.", "danger")
return redirect(url_for("site_admin.users"))
if invite.get("accepted_at") or invite.get("revoked_at") or invite["expires_at"] <= datetime.utcnow():
flash("Invitation is no longer active.", "danger")
return redirect(url_for("site_admin.users"))
last_sent = invite.get("last_sent_at")
if last_sent and (datetime.utcnow() - last_sent) < timedelta(seconds=Config.INVITE_RESEND_COOLDOWN_SECONDS):
flash("Please wait before resending this invite again.", "warning")
return redirect(url_for("site_admin.users"))
mail_settings = db.get_site_mail_settings()
if not mail_settings:
flash("No SMTP settings configured.", "danger")
return redirect(url_for("site_admin.users"))
invite_url = url_for("auth.accept_invite", token=invite["token"], _external=True)
if invite["group_id"]:
group = db.get_group_by_id(invite["group_id"])
subject = f"Invitation to join {group['name']}"
body = (
f"Hello {invite['invited_username']},\n\n"
f"You have been invited to join the group '{group['name']}' on MCLogger"
f" as {role_label(invite['role'])}.\n"
f"Open this link to create your account:\n\n{invite_url}\n\n"
f"This invite expires on {invite['expires_at']}.\n"
)
else:
subject = "You have been invited to MCLogger"
body = (
f"Hello {invite['invited_username']},\n\n"
f"You have been invited to create an account on MCLogger.\n"
f"Open this link to create your account:\n\n{invite_url}\n\n"
f"This invite expires on {invite['expires_at']}.\n"
)
try:
send_mail(mail_settings, invite["invited_email"], subject, body)
db.mark_invite_sent_global(invite_id)
flash("Invitation email resent.", "success")
except Exception:
flash("Resend failed. Please verify SMTP settings and try again.", "danger")
return redirect(url_for("site_admin.users"))
@site_admin.route("/users/<int:user_id>/edit", methods=["GET", "POST"])

92
web/panel_db.py
View File

@@ -103,7 +103,8 @@ PANEL_SCHEMA = [
"""CREATE TABLE IF NOT EXISTS group_invites (
id INT AUTO_INCREMENT PRIMARY KEY,
group_id INT NOT NULL,
group_id INT NULL,
is_site_admin TINYINT(1) NOT NULL DEFAULT 0,
invited_username VARCHAR(50) NOT NULL,
invited_email VARCHAR(255) NOT NULL,
role ENUM('group_owner','group_admin','moderator','viewer','auditor','admin','member') DEFAULT 'viewer',
@@ -115,7 +116,6 @@ PANEL_SCHEMA = [
send_count INT NOT NULL DEFAULT 0,
accepted_at DATETIME NULL,
revoked_at DATETIME NULL,
UNIQUE KEY uq_group_pending_invite_email (group_id, invited_email, revoked_at, accepted_at),
FOREIGN KEY (group_id) REFERENCES user_groups(id) ON DELETE CASCADE,
FOREIGN KEY (created_by_user_id) REFERENCES users(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4""",
@@ -176,6 +176,16 @@ def init_databases():
cur.execute("ALTER TABLE group_invites ADD COLUMN send_count INT NOT NULL DEFAULT 0")
except Exception:
pass
try:
cur.execute("SET foreign_key_checks=0")
cur.execute("ALTER TABLE group_invites MODIFY group_id INT NULL")
cur.execute("SET foreign_key_checks=1")
except Exception:
pass
try:
cur.execute("ALTER TABLE group_invites ADD COLUMN is_site_admin TINYINT(1) NOT NULL DEFAULT 0")
except Exception:
pass
finally:
panel.close()
@@ -229,13 +239,13 @@ def create_user_for_group(username: str, email: str, password: str, group_id: in
conn.close()
def create_group_invite(group_id: int, username: str, email: str, role: str, created_by_user_id: int) -> str:
def create_group_invite(group_id, username: str, email: str, role: str, created_by_user_id: int, is_site_admin: bool = False) -> str:
expires_at = datetime.utcnow() + timedelta(hours=Config.INVITE_EXPIRY_HOURS)
token = secrets.token_urlsafe(32)
_panel_query(
"INSERT INTO group_invites (group_id, invited_username, invited_email, role, token, created_by_user_id, expires_at, last_sent_at, send_count) "
"VALUES (%s,%s,%s,%s,%s,%s,%s,NULL,0)",
(group_id, username, email, role, token, created_by_user_id, expires_at),
"INSERT INTO group_invites (group_id, invited_username, invited_email, role, token, created_by_user_id, expires_at, last_sent_at, send_count, is_site_admin) "
"VALUES (%s,%s,%s,%s,%s,%s,%s,NULL,0,%s)",
(group_id, username, email, role, token, created_by_user_id, expires_at, int(is_site_admin)),
write=True,
)
return token
@@ -291,7 +301,7 @@ def get_invite_by_token(token: str):
return _panel_query(
"SELECT gi.*, g.name AS group_name, u.username AS created_by_username "
"FROM group_invites gi "
"JOIN user_groups g ON g.id = gi.group_id "
"LEFT JOIN user_groups g ON g.id = gi.group_id "
"JOIN users u ON u.id = gi.created_by_user_id "
"WHERE gi.token=%s",
(token,),
@@ -307,6 +317,64 @@ def revoke_group_invite(invite_id: int, group_id: int):
)
def list_all_active_invites():
"""All pending invites across every group (for site admin users page)."""
return _panel_query(
"SELECT gi.*, g.name AS group_name, u.username AS created_by_username "
"FROM group_invites gi "
"LEFT JOIN user_groups g ON g.id = gi.group_id "
"JOIN users u ON u.id = gi.created_by_user_id "
"WHERE gi.accepted_at IS NULL AND gi.revoked_at IS NULL AND gi.expires_at > UTC_TIMESTAMP() "
"ORDER BY gi.created_at DESC"
)
def get_invite_by_id_global(invite_id: int):
return _panel_query(
"SELECT gi.*, g.name AS group_name, u.username AS created_by_username "
"FROM group_invites gi "
"LEFT JOIN user_groups g ON g.id = gi.group_id "
"JOIN users u ON u.id = gi.created_by_user_id "
"WHERE gi.id=%s",
(invite_id,),
fetchone=True,
)
def revoke_invite_global(invite_id: int):
_panel_query(
"UPDATE group_invites SET revoked_at=UTC_TIMESTAMP() WHERE id=%s AND accepted_at IS NULL AND revoked_at IS NULL",
(invite_id,),
write=True,
)
def mark_invite_sent_global(invite_id: int):
_panel_query(
"UPDATE group_invites SET last_sent_at=UTC_TIMESTAMP(), send_count=send_count+1 WHERE id=%s",
(invite_id,),
write=True,
)
def get_active_invite_by_email_global(email: str):
return _panel_query(
"SELECT * FROM group_invites WHERE invited_email=%s "
"AND accepted_at IS NULL AND revoked_at IS NULL AND expires_at > UTC_TIMESTAMP()",
(email,),
fetchone=True,
)
def get_active_invite_by_username_global(username: str):
return _panel_query(
"SELECT * FROM group_invites WHERE invited_username=%s "
"AND accepted_at IS NULL AND revoked_at IS NULL AND expires_at > UTC_TIMESTAMP()",
(username,),
fetchone=True,
)
def mark_group_invite_sent(invite_id: int, group_id: int):
_panel_query(
"UPDATE group_invites SET last_sent_at=UTC_TIMESTAMP(), send_count=send_count+1 WHERE id=%s AND group_id=%s",
@@ -342,10 +410,16 @@ def accept_group_invite(token: str, password: str) -> dict | None:
(invite["invited_username"], invite["invited_email"], pw_hash, salt, 0),
)
user_id = cur.lastrowid
site_admin_flag = int(bool(invite.get("is_site_admin")))
cur.execute(
"INSERT INTO group_members (user_id, group_id, role, permissions) VALUES (%s,%s,%s,%s)",
(user_id, invite["group_id"], invite["role"], json.dumps(permissions)),
"UPDATE users SET is_site_admin=%s WHERE id=%s",
(site_admin_flag, user_id),
)
if invite["group_id"] is not None:
cur.execute(
"INSERT INTO group_members (user_id, group_id, role, permissions) VALUES (%s,%s,%s,%s)",
(user_id, invite["group_id"], invite["role"], json.dumps(permissions)),
)
cur.execute(
"UPDATE group_invites SET accepted_at=UTC_TIMESTAMP() WHERE id=%s AND accepted_at IS NULL AND revoked_at IS NULL",
(invite["id"],),

62
web/templates/admin/user_edit.html
View File

@@ -1,15 +1,15 @@
{% extends "admin/base.html" %}
{% block title %}{{ 'Edit User' if user else 'New User' }}{% endblock %}
{% block title %}{{ 'Edit User' if user else 'Invite New User' }}{% endblock %}
{% block content %}
<div class="d-flex align-items-center gap-2 mb-4">
<a href="{{ url_for('site_admin.users') }}" class="btn btn-sm btn-outline-secondary">
<i class="bi bi-arrow-left"></i>
</a>
<h2 class="mb-0">{{ 'Edit User: ' ~ user.username if user else 'New User' }}</h2>
<h2 class="mb-0">{{ 'Edit User: ' ~ user.username if user else 'Invite New User' }}</h2>
</div>
<div class="row">
<div class="col-md-6">
<div class="col-md-7">
<div class="card border-secondary">
<div class="card-body">
<form method="post">
@@ -24,14 +24,42 @@
<input type="email" name="email" class="form-control" required
value="{{ user.email if user else request.form.get('email', '') }}">
</div>
{% if user %}
<div class="mb-3">
<label class="form-label">{{ 'New Password (leave blank = unchanged)' if user else 'Password *' }}</label>
<input type="password" name="{{ 'new_password' if user else 'password' }}" class="form-control"
{{ '' if user else 'required' }}>
{% if not user %}
<div class="form-text">Minimum 8 characters recommended.</div>
{% endif %}
<label class="form-label">New Password <span class="text-muted">(leave blank = unchanged)</span></label>
<input type="password" name="new_password" class="form-control">
</div>
{% else %}
{# ── Invite form: group + role (optional) ── #}
<div class="mb-3">
<label class="form-label">Group <span class="text-muted">(optional)</span></label>
<select name="group_id" id="invite_group" class="form-select" onchange="toggleRoleField()">
<option value="">— No group —</option>
{% for g in (groups or []) %}
<option value="{{ g.id }}"
{% if request.form.get('group_id')|string == g.id|string %}selected{% endif %}>
{{ g.name }}
</option>
{% endfor %}
</select>
<div class="form-text">If selected, the user will be added to this group upon accepting the invite.</div>
</div>
<div class="mb-3" id="role_field" style="display:none;">
<label class="form-label">Group Role</label>
<select name="role" class="form-select">
<option value="viewer">Viewer</option>
<option value="auditor">Auditor</option>
<option value="member">Member</option>
<option value="moderator">Moderator</option>
<option value="group_admin">Group Admin</option>
<option value="group_owner">Group Owner</option>
</select>
</div>
<div class="alert alert-info py-2 mb-3">
<i class="bi bi-envelope-check me-1"></i>
The user will receive an email with a link to set their own password.
</div>
{% endif %}
<div class="mb-4">
<div class="form-check">
<input type="checkbox" name="is_site_admin" id="is_site_admin" class="form-check-input"
@@ -44,7 +72,11 @@
</div>
<div class="d-flex gap-2">
<button type="submit" class="btn btn-success">
<i class="bi bi-check-lg me-1"></i>{{ 'Save' if user else 'Create' }}
{% if user %}
<i class="bi bi-check-lg me-1"></i>Save
{% else %}
<i class="bi bi-envelope-fill me-1"></i>Send Invitation
{% endif %}
</button>
<a href="{{ url_for('site_admin.users') }}" class="btn btn-outline-secondary">Cancel</a>
</div>
@@ -53,4 +85,14 @@
</div>
</div>
</div>
{% if not user %}
<script>
function toggleRoleField() {
var gid = document.getElementById('invite_group').value;
document.getElementById('role_field').style.display = gid ? 'block' : 'none';
}
// Show role field if a group was pre-selected (e.g. after validation error)
document.addEventListener('DOMContentLoaded', toggleRoleField);
</script>
{% endif %}
{% endblock %}

68
web/templates/admin/users.html
View File

@@ -4,11 +4,77 @@
<div class="d-flex justify-content-between align-items-center mb-4">
<h2><i class="bi bi-people-fill me-2"></i>Users</h2>
<a href="{{ url_for('site_admin.user_new') }}" class="btn btn-success">
<i class="bi bi-person-plus-fill me-1"></i>New User
<i class="bi bi-envelope-plus-fill me-1"></i>Invite User
</a>
</div>
{# ── Pending Invitations ── #}
{% if pending_invites %}
<h5 class="text-muted mb-2"><i class="bi bi-envelope-open me-1"></i>Pending Invitations</h5>
<div class="card border-warning mb-4">
<div class="card-body p-0">
<table class="table table-hover mb-0 small">
<thead>
<tr>
<th>Username</th>
<th>Email</th>
<th>Group</th>
<th>Role</th>
<th>Expires</th>
<th>Sent</th>
<th class="text-end">Actions</th>
</tr>
</thead>
<tbody>
{% for inv in pending_invites %}
<tr>
<td class="fw-semibold">{{ inv.invited_username }}</td>
<td class="text-muted">{{ inv.invited_email }}</td>
<td>
{% if inv.group_name %}
<span class="badge bg-secondary">{{ inv.group_name }}</span>
{% else %}
<span class="text-muted"></span>
{% endif %}
</td>
<td>{{ inv.role }}</td>
<td class="text-muted">{{ inv.expires_at | fmt_dt }}</td>
<td class="text-muted">{{ inv.send_count }}×</td>
<td class="text-end">
{# Copy link #}
{% set invite_url = url_for('auth.accept_invite', token=inv.token, _external=True) %}
<button type="button" class="btn btn-sm btn-outline-secondary"
title="Copy invite link"
onclick="navigator.clipboard.writeText('{{ invite_url }}').then(()=>this.title='Copied!')">
<i class="bi bi-clipboard"></i>
</button>
{# Resend #}
<form method="post" action="{{ url_for('site_admin.user_invite_resend', invite_id=inv.id) }}" class="d-inline">
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
<button type="submit" class="btn btn-sm btn-outline-info" title="Resend email">
<i class="bi bi-send"></i>
</button>
</form>
{# Revoke #}
<form method="post" action="{{ url_for('site_admin.user_invite_revoke', invite_id=inv.id) }}" class="d-inline"
onsubmit="return confirm('Revoke invitation for {{ inv.invited_username }}?')">
<input type="hidden" name="_csrf_token" value="{{ csrf_token() }}">
<button type="submit" class="btn btn-sm btn-outline-danger" title="Revoke">
<i class="bi bi-x-circle"></i>
</button>
</form>
</td>
</tr>
{% endfor %}
</tbody>
</table>
</div>
</div>
{% endif %}
<div class="card border-secondary">
<h5 class="text-muted mb-2"><i class="bi bi-people me-1"></i>Registered Users</h5>
<div class="card border-secondary">
<div class="card-body p-0">
<table class="table table-hover mb-0">
<thead>