From 341a6e61ee60ef17a6178a1f578635d6316b5982 Mon Sep 17 00:00:00 2001
From: Bkolb <bernhard@kolb.cc>
Date: Thu, 2 Apr 2026 12:31:54 +0200
Subject: [PATCH] html refactoring

---
 app/flask-postgres/app/app.py                 | 66 +++++++++++--
 app/flask-postgres/app/templates/base.html    | 56 +++++++++++
 app/flask-postgres/app/templates/login.html   | 82 ++++-----------
 app/flask-postgres/app/templates/profil.html  | 82 +++------------
 .../app/templates/pwdchange.html              | 99 ++++++-------------
 5 files changed, 177 insertions(+), 208 deletions(-)
 create mode 100644 app/flask-postgres/app/templates/base.html
diff --git a/app/flask-postgres/app/app.py b/app/flask-postgres/app/app.py
index 94c0603..d0026b4 100644
--- a/app/flask-postgres/app/app.py
+++ b/app/flask-postgres/app/app.py
@@ -270,6 +270,30 @@ def get_current_user():
         "is_admin": user_is_admin() if session.get("user_id") else False,
     }
 
+def get_current_user_mandant_level():
+    user_id = session.get("user_id")
+    if not user_id:
+        return None
+
+    conn = get_connection()
+    cur = conn.cursor()
+
+    cur.execute("""
+        SELECT m.level
+        FROM app_user u
+        JOIN mandant m ON m.id = u.mandant_id
+        WHERE u.id = %s
+    """, (user_id,))
+
+    row = cur.fetchone()
+
+    cur.close()
+    conn.close()
+
+    if row is None:
+        return None
+
+    return row[0]
 
 def admin_required(view_func):
     @wraps(view_func)
@@ -407,16 +431,42 @@ def health():
         return f"DB Fehler: {exc}\n", 500
 
 
+@app.route("/videos/<path:filename>")
+@login_required
+def protected_videos(filename):
+    mandant_level = get_current_user_mandant_level()
+    if mandant_level is None:
+        abort(403)
+
+    basename = os.path.basename(filename)
+    first_char = basename[:1].upper()
+
+    # Level 0 und 1: alles erlaubt
+    if mandant_level in (0, 1):
+        allowed = True
+
+    # Level 2: nur A und B
+    elif mandant_level == 2:
+        allowed = first_char in ("A", "B")
+
+    # Level 3: nur A
+    elif mandant_level == 3:
+        allowed = first_char == "A"
+
+    else:
+        allowed = False
+
+    if not allowed:
+        abort(403)
+
+    return send_from_directory("/app/images/videos", filename)
+
 @app.route("/images/<path:filename>")
-def images(filename):
-
-    # 🔒 Schutz für Videos
+def serve_image(filename):
     if filename.startswith("videos/"):
-        if not session.get("user_id"):
-            return redirect(url_for("login", next=request.path))
-
-    return send_from_directory("images", filename)
-
+        abort(403)
+    
+    return send_from_directory("/app/images", filename)
 
 @app.route("/styles/<path:filename>")
 def serve_style(filename):
diff --git a/app/flask-postgres/app/templates/base.html b/app/flask-postgres/app/templates/base.html
new file mode 100644
index 0000000..a34fa21
--- /dev/null
+++ b/app/flask-postgres/app/templates/base.html
@@ -0,0 +1,56 @@
+<!DOCTYPE html>
+<html lang="de">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>{{ page_title }}</title>
+  <link rel="stylesheet" href="/styles/site.css">
+</head>
+<body>
+
+  <!-- HEADER + MENU -->
+  <header class="site-header">
+    <div class="header-inner">
+
+      <div class="logo-area">
+        <a href="/home">
+          <img src="/images/Logo-Compliance-Verification-bg-1.png" alt="Logo" class="site-logo">
+        </a>
+      </div>
+
+      <nav class="top-nav">
+        <a href="/home" class="{% if active_page == 'home' %}active{% endif %}">Home</a>
+        <a href="/preise" class="{% if active_page == 'preise' %}active{% endif %}">Preise</a>
+        <a href="/allgemein" class="{% if active_page == 'allgemein' %}active{% endif %}">Allgemein</a>
+
+        {% if is_logged_in %}
+          <div class="user-menu">
+            <button class="user-menu-toggle" type="button">{{ user_name }} ▾</button>
+            <div class="user-menu-dropdown">
+              <a href="/profil">Profil</a>
+              {% if is_admin %}
+                <a href="/admin/mandanten">Admin</a>
+              {% endif %}
+              <a href="/logout">Logout</a>
+            </div>
+          </div>
+        {% else %}
+          <a href="/login" class="{% if active_page == 'login' %}active{% endif %}">Login</a>
+        {% endif %}
+      </nav>
+
+    </div>
+  </header>
+
+  <!-- CONTENT -->
+  <main class="content-area">
+    <section class="content-box">
+
+      {% block content %}
+      {% endblock %}
+
+    </section>
+  </main>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/app/flask-postgres/app/templates/login.html b/app/flask-postgres/app/templates/login.html
index ecba7de..eb36510 100644
--- a/app/flask-postgres/app/templates/login.html
+++ b/app/flask-postgres/app/templates/login.html
@@ -1,71 +1,25 @@
-<!DOCTYPE html>
-<html lang="de">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>{{ page_title }}</title>
-  <link rel="stylesheet" href="/styles/site.css">
-</head>
-<body>
-  <header class="site-header">
-    <div class="header-inner">
-      <div class="logo-area">
-        <a href="/home">
-          <img src="/images/Logo-Compliance-Verification-bg-1.png" alt="Logo" class="site-logo">
-        </a>
-      </div>
+{% extends "base.html" %}
 
-      <nav class="top-nav">
-        <a href="/home" class="{% if active_page == 'home' %}active{% endif %}">Home</a>
-        <a href="/preise" class="{% if active_page == 'preise' %}active{% endif %}">Preise</a>
-        <a href="/allgemein" class="{% if active_page == 'allgemein' %}active{% endif %}">Allgemein</a>
+{% block content %}
 
-        {% if is_logged_in %}
-          <div class="user-menu">
-            <button class="user-menu-toggle" type="button">{{ user_name }} ▾</button>
-            <div class="user-menu-dropdown">
-              <a href="/profil">Profil</a>
-              {% if is_admin %}
-                <a href="/admin/mandanten">Admin</a>
-              {% endif %}
-              <a href="/logout">Logout</a>
-            </div>
-          </div>
-        {% else %}
-          <a href="/login" class="{% if active_page == 'login' %}active{% endif %}">Login</a>
-        {% endif %}
-      </nav>
-    </div>
-  </header>
+<h1>Login</h1>
 
-  <main class="content-area">
-    <section class="content-box login-box">
-      <h1>Login</h1>
-      <p class="intro-text">Bitte melden Sie sich an, um in den Kundenbereich zu gelangen.</p>
-      <p class="intro-text">Sollten Sie noch über keine Login-Daten verfügen, wenden Sie sich bitte an Ihren Kundenbetreuer.</p>
+{% if error_message %}
+  <div class="error-box">{{ error_message }}</div>
+{% endif %}
 
-      {% if error_message %}
-        <div class="error-box">{{ error_message }}</div>
-      {% endif %}
+<form method="post" class="login-form">
+  <div class="form-row">
+    <label>E-Mail</label>
+    <input type="email" name="email" required>
+  </div>
 
-      <form method="post" action="/login" class="login-form">
-        <input type="hidden" name="next" value="{{ next_url }}">
+  <div class="form-row">
+    <label>Passwort</label>
+    <input type="password" name="password" required>
+  </div>
 
-        <div class="form-row">
-          <label for="email">E-Mail</label>
-          <input type="email" id="email" name="email" required>
-        </div>
+  <button type="submit" class="btn-primary">Login</button>
+</form>
 
-        <div class="form-row">
-          <label for="password">Passwort</label>
-          <input type="password" id="password" name="password" required>
-        </div>
-
-        <div class="form-row">
-          <button type="submit" class="btn-primary">Anmelden</button>
-        </div>
-      </form>
-    </section>
-  </main>
-</body>
-</html>
\ No newline at end of file
+{% endblock %}
\ No newline at end of file
diff --git a/app/flask-postgres/app/templates/profil.html b/app/flask-postgres/app/templates/profil.html
index 5eb6c51..bb22126 100644
--- a/app/flask-postgres/app/templates/profil.html
+++ b/app/flask-postgres/app/templates/profil.html
@@ -1,72 +1,20 @@
-<!DOCTYPE html>
-<html lang="de">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>{{ page_title }}</title>
-  <link rel="stylesheet" href="/styles/site.css">
-</head>
-<body>
-  <header class="site-header">
-    <div class="header-inner">
-      <div class="logo-area">
-        <a href="/home">
-          <img src="/images/Logo-Compliance-Verification-bg-1.png" alt="Logo" class="site-logo">
-        </a>
-      </div>
+{% extends "base.html" %}
 
-      <nav class="top-nav">
-        <a href="/home">Home</a>
-        <a href="/preise">Preise</a>
-        <a href="/allgemein">Allgemein</a>
+{% block content %}
 
-        {% if is_logged_in %}
-          <div class="user-menu">
-            <button class="user-menu-toggle" type="button">{{ user_name }} ▾</button>
-            <div class="user-menu-dropdown">
-              <a href="/profil">Profil</a>
-              {% if is_admin %}
-                <a href="/admin/mandanten">Admin</a>
-              {% endif %}
-              <a href="/logout">Logout</a>
-            </div>
-          </div>
-        {% else %}
-          <a href="/login">Login</a>
-        {% endif %}
-      </nav>
-    </div>
-  </header>
+<h1>Profil</h1>
 
-  <main class="content-area">
-    <section class="content-box">
-      <h1>Profil</h1>
+<table class="admin-table">
+  <tr><th>ID</th><td>{{ profile.id }}</td></tr>
+  <tr><th>Name</th><td>{{ profile.name }}</td></tr>
+  <tr><th>E-Mail</th><td>{{ profile.email }}</td></tr>
+  <tr><th>Mandant</th><td>{{ profile.mandant_name }} ({{ profile.mandant_kuerzel }})</td></tr>
+  <tr><th>Mandant E-Mail</th><td>{{ profile.mandant_email or '-' }}</td></tr>
+  <tr><th>Mandant Level</th><td>{{ profile.mandant_level }}</td></tr>
+</table>
 
-      <table class="admin-table">
-        <tr><th>ID</th><td>{{ profile.id }}</td></tr>
-        <tr><th>Name</th><td>{{ profile.name }}</td></tr>
-        <tr><th>E-Mail</th><td>{{ profile.email }}</td></tr>
-        <tr><th>Mandant</th><td>{{ profile.mandant_name }} ({{ profile.mandant_kuerzel }})</td></tr>
-        <tr><th>Status</th><td>{{ profile.status }}</td></tr>
-        <tr><th>Letzter Login</th><td>{{ profile.last_login }}</td></tr>
+<div class="admin-actions">
+  <a href="/pwdchange" class="btn-primary">Passwort ändern</a>
+</div>
 
-      
-<tr>
-  <th>Mandant E-Mail</th>
-  <td>{{ profile.mandant_email }}</td>
-</tr>
-
-<tr>
-  <th>Mandant Level</th>
-  <td>{{ profile.mandant_level }}</td>
-</tr>
-      </table>
-
-        <div class="admin-actions">
-            <a href="/pwdchange" class="btn-primary">Passwort ändern</a>
-        </div>
-
-    </section>
-  </main>
-</body>
-</html>
\ No newline at end of file
+{% endblock %}
\ No newline at end of file
diff --git a/app/flask-postgres/app/templates/pwdchange.html b/app/flask-postgres/app/templates/pwdchange.html
index dc3a3c6..c224c63 100644
--- a/app/flask-postgres/app/templates/pwdchange.html
+++ b/app/flask-postgres/app/templates/pwdchange.html
@@ -1,78 +1,39 @@
-<!DOCTYPE html>
-<html lang="de">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <title>{{ page_title }}</title>
-  <link rel="stylesheet" href="/styles/site.css">
-</head>
-<body>
-  <header class="site-header">
-    <div class="header-inner">
-      <div class="logo-area">
-        <a href="/home">
-          <img src="/images/Logo-Compliance-Verification-bg-1.png" alt="Logo" class="site-logo">
-        </a>
-      </div>
+{% extends "base.html" %}
 
-      <nav class="top-nav">
-        <a href="/home">Home</a>
-        <a href="/preise">Preise</a>
-        <a href="/allgemein">Allgemein</a>
+{% block content %}
 
-        {% if is_logged_in %}
-          <div class="user-menu">
-            <button class="user-menu-toggle" type="button">{{ user_name }} ▾</button>
-            <div class="user-menu-dropdown">
-              <a href="/profil">Profil</a>
-              {% if is_admin %}
-                <a href="/admin/mandanten">Admin</a>
-              {% endif %}
-              <a href="/logout">Logout</a>
-            </div>
-          </div>
-        {% else %}
-          <a href="/login">Login</a>
-        {% endif %}
-      </nav>
-    </div>
-  </header>
+<h1>Passwort ändern</h1>
 
-  <main class="content-area">
-    <section class="content-box login-box">
-      <h1>Passwort ändern</h1>
-      <p class="intro-text">Ändern Sie hier Ihr Passwort.</p>
+{% if error_message %}
+  <div class="error-box">{{ error_message }}</div>
+{% endif %}
 
-      {% if error_message %}
-        <div class="error-box">{{ error_message }}</div>
-      {% endif %}
+{% if success_message %}
+  <div class="success-box">{{ success_message }}</div>
+{% endif %}
 
-      {% if success_message %}
-        <div class="success-box">{{ success_message }}</div>
-      {% endif %}
+<form method="post" class="login-form">
 
-      <form method="post" action="/pwdchange" class="login-form">
-        <div class="form-row">
-          <label for="current_password">Aktuelles Passwort</label>
-          <input type="password" id="current_password" name="current_password" required>
-        </div>
+  <div class="form-row">
+    <label>Aktuelles Passwort</label>
+    <input type="password" name="current_password" required>
+  </div>
 
-        <div class="form-row">
-          <label for="new_password">Neues Passwort</label>
-          <input type="password" id="new_password" name="new_password" required>
-        </div>
+  <div class="form-row">
+    <label>Neues Passwort</label>
+    <input type="password" name="new_password" required>
+  </div>
 
-        <div class="form-row">
-          <label for="confirm_password">Neues Passwort bestätigen</label>
-          <input type="password" id="confirm_password" name="confirm_password" required>
-        </div>
+  <div class="form-row">
+    <label>Bestätigen</label>
+    <input type="password" name="confirm_password" required>
+  </div>
 
-        <div class="admin-actions">
-          <button type="submit" class="btn-primary">Passwort speichern</button>
-          <a href="/profil" class="btn-secondary">Zurück zum Profil</a>
-        </div>
-      </form>
-    </section>
-  </main>
-</body>
-</html>
\ No newline at end of file
+  <div class="admin-actions">
+    <button type="submit" class="btn-primary">Speichern</button>
+    <a href="/profil" class="btn-secondary">Zurück zum Profil</a>
+  </div>
+
+</form>
+
+{% endblock %}
\ No newline at end of file

ID	{{ profile.id }}
Name	{{ profile.name }}
E-Mail	{{ profile.email }}
Mandant	{{ profile.mandant_name }} ({{ profile.mandant_kuerzel }})
Mandant E-Mail	{{ profile.mandant_email or '-' }}
Mandant Level	{{ profile.mandant_level }}