user Admin im Mandant

app/flask-postgres/app/app.py

@@ -24,6 +24,7 @@ from security import (
     admin_required,
     get_current_user,
     get_current_user_mandant_level,
+    user_admin_required,
 )
 from logging_config import setup_logging
 
@@ -260,7 +261,7 @@ def login():
         cur = conn.cursor()
 
         cur.execute("""
-            SELECT id, email, name, password_hash, status
+            SELECT id, email, name, mandant_id, password_hash, status
             FROM app_user
             WHERE lower(email) = %s
         """, (email,))
@@ -269,7 +270,7 @@ def login():
         if not row:
             error_message = "Benutzer nicht gefunden."
         else:
-            user_id, user_email, user_name, password_hash, status = row
+            user_id, user_email, user_name, mandant_id, password_hash, status = row
 
             if status == 0:
                 error_message = "Benutzer ist noch nicht aktiviert."
@@ -283,6 +284,7 @@ def login():
                 session["user_id"] = user_id
                 session["user_email"] = user_email
                 session["user_name"] = user_name
+                session["mandant_id"] = mandant_id
 
                 cur.execute("""
                     UPDATE app_user
@@ -504,6 +506,44 @@ def admin_mandanten():
         **get_current_user()
     )
 
+@app.route("/useradmin/mandant")
+@user_admin_required
+def useradmin_mandant():
+    current_mandant_id = session.get("mandant_id")
+
+    conn = get_connection()
+    cur = conn.cursor()
+
+    cur.execute("""
+        SELECT
+            u.id,
+            u.email,
+            u.name,
+            u.mandant_id,
+            u.last_login,
+            u.status,
+            m.name AS mandant_name,
+            m.kontakt_email AS mandant_email,
+            m.level AS mandant_level
+        FROM app_user u
+        JOIN mandant m ON m.id = u.mandant_id
+        WHERE u.mandant_id = %s
+        ORDER BY u.name, u.email
+    """, (current_mandant_id,))
+
+    users = fetchall_dict(cur)
+
+    cur.close()
+    conn.close()
+
+    return render_template(
+        "useradmin_mandant.html",
+        page_title="Useradministration",
+        active_page="useradmin",
+        users=users,
+        **get_current_user()
+    )
+
 @app.errorhandler(403)
 def forbidden(_error):
     return render_template(

app/flask-postgres/app/security.py

@@ -63,8 +63,10 @@ def get_current_user():
         "user_id": session.get("user_id"),
         "user_name": session.get("user_name"),
         "user_email": session.get("user_email"),
+        "mandant_id": session.get("mandant_id"),
         "is_logged_in": bool(session.get("user_id")),
         "is_admin": user_is_admin() if session.get("user_id") else False,
+        "is_user_admin": user_is_user_admin() if session.get("user_id") else False,
     }
 
 
@@ -76,4 +78,42 @@ def admin_required(view_func):
         if not user_is_admin():
             abort(403)
         return view_func(*args, **kwargs)
+    return wrapper
+
+def user_is_user_admin():
+    user_id = session.get("user_id")
+    current_mandant_id = session.get("mandant_id")
+
+    if not user_id or not current_mandant_id:
+        return False
+
+    conn = get_connection()
+    cur = conn.cursor()
+
+    cur.execute("""
+        SELECT 1
+        FROM user_group ug
+        JOIN app_group g ON g.id = ug.group_id
+        WHERE ug.user_id = %s
+          AND ug.mandant_id = %s
+          AND g.mandant_id = %s
+          AND g.group_name = 'Useradministration'
+        LIMIT 1
+    """, (user_id, current_mandant_id, current_mandant_id))
+
+    result = cur.fetchone()
+
+    cur.close()
+    conn.close()
+
+    return result is not None
+
+def user_admin_required(view_func):
+    @wraps(view_func)
+    def wrapper(*args, **kwargs):
+        if not session.get("user_id"):
+            return redirect(url_for("login", next=request.path))
+        if not user_is_user_admin():
+            abort(403)
+        return view_func(*args, **kwargs)
     return wrapper

app/flask-postgres/app/templates/base.html

@@ -31,6 +31,10 @@
               {% if is_admin %}
                 <a href="/admin/mandanten">Admin</a>
               {% endif %}
+              {% if is_user_admin %}
+                <a href="/useradmin/mandant">Useradministration</a>
+              {% endif %}
+
               <a href="/logout">Logout</a>
             </div>
           </div>

app/flask-postgres/app/templates/useradmin_mandant.html

@@ -0,0 +1,47 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+<div class="page-header">
+  <h1>Useradministration</h1>
+  <p class="intro-text">Benutzer des aktuellen Mandanten.</p>
+</div>
+
+<section class="admin-section">
+  <div class="admin-panel">
+    <div class="admin-panel-header">
+      <h2>Benutzerübersicht</h2>
+    </div>
+
+    <div class="table-wrap">
+      <table class="mandanten-table">
+        <thead>
+          <tr>
+            <th>ID</th>
+            <th>Name</th>
+            <th>E-Mail</th>
+            <th>Status</th>
+            <th>Letzter Login</th>
+            <th>Mandant</th>
+            <th>Level</th>
+          </tr>
+        </thead>
+        <tbody>
+          {% for user in users %}
+          <tr>
+            <td class="col-id">{{ user.id }}</td>
+            <td>{{ user.name }}</td>
+            <td>{{ user.email }}</td>
+            <td>{{ user.status }}</td>
+            <td>{{ user.last_login or "-" }}</td>
+            <td>{{ user.mandant_name }}</td>
+            <td>{{ user.mandant_level }}</td>
+          </tr>
+          {% endfor %}
+        </tbody>
+      </table>
+    </div>
+  </div>
+</section>
+
+{% endblock %}