user Admin im Mandant

2026-04-02 19:59:46 +02:00 · 2026-04-02 19:59:46 +02:00 · 6c8609b281
commit 6c8609b281
parent adfcf8e58e
4 changed files with 133 additions and 2 deletions
--- a/app/flask-postgres/app/app.py
+++ b/app/flask-postgres/app/app.py
@ -24,6 +24,7 @@ from security import (
    admin_required,
    get_current_user,
    get_current_user_mandant_level,
+    user_admin_required,
 )
 from logging_config import setup_logging

@ -260,7 +261,7 @@ def login():
        cur = conn.cursor()

        cur.execute("""
-            SELECT id, email, name, password_hash, status
+            SELECT id, email, name, mandant_id, password_hash, status
            FROM app_user
            WHERE lower(email) = %s
        """, (email,))
@ -269,7 +270,7 @@ def login():
        if not row:
            error_message = "Benutzer nicht gefunden."
        else:
-            user_id, user_email, user_name, password_hash, status = row
+            user_id, user_email, user_name, mandant_id, password_hash, status = row

            if status == 0:
                error_message = "Benutzer ist noch nicht aktiviert."
@ -283,6 +284,7 @@ def login():
                session["user_id"] = user_id
                session["user_email"] = user_email
                session["user_name"] = user_name
+                session["mandant_id"] = mandant_id

                cur.execute("""
                    UPDATE app_user
@ -504,6 +506,44 @@ def admin_mandanten():
        **get_current_user()
    )

+@app.route("/useradmin/mandant")
+@user_admin_required
+def useradmin_mandant():
+    current_mandant_id = session.get("mandant_id")
+
+    conn = get_connection()
+    cur = conn.cursor()
+
+    cur.execute("""
+        SELECT
+            u.id,
+            u.email,
+            u.name,
+            u.mandant_id,
+            u.last_login,
+            u.status,
+            m.name AS mandant_name,
+            m.kontakt_email AS mandant_email,
+            m.level AS mandant_level
+        FROM app_user u
+        JOIN mandant m ON m.id = u.mandant_id
+        WHERE u.mandant_id = %s
+        ORDER BY u.name, u.email
+    """, (current_mandant_id,))
+
+    users = fetchall_dict(cur)
+
+    cur.close()
+    conn.close()
+
+    return render_template(
+        "useradmin_mandant.html",
+        page_title="Useradministration",
+        active_page="useradmin",
+        users=users,
+        **get_current_user()
+    )
+
@app.errorhandler(403)
 def forbidden(_error):
    return render_template(
--- a/app/flask-postgres/app/security.py
+++ b/app/flask-postgres/app/security.py
@ -63,8 +63,10 @@ def get_current_user():
        "user_id": session.get("user_id"),
        "user_name": session.get("user_name"),
        "user_email": session.get("user_email"),
+        "mandant_id": session.get("mandant_id"),
        "is_logged_in": bool(session.get("user_id")),
        "is_admin": user_is_admin() if session.get("user_id") else False,
+        "is_user_admin": user_is_user_admin() if session.get("user_id") else False,
    }


@ -76,4 +78,42 @@ def admin_required(view_func):
        if not user_is_admin():
            abort(403)
        return view_func(*args, **kwargs)
+    return wrapper
+
+def user_is_user_admin():
+    user_id = session.get("user_id")
+    current_mandant_id = session.get("mandant_id")
+
+    if not user_id or not current_mandant_id:
+        return False
+
+    conn = get_connection()
+    cur = conn.cursor()
+
+    cur.execute("""
+        SELECT 1
+        FROM user_group ug
+        JOIN app_group g ON g.id = ug.group_id
+        WHERE ug.user_id = %s
+          AND ug.mandant_id = %s
+          AND g.mandant_id = %s
+          AND g.group_name = 'Useradministration'
+        LIMIT 1
+    """, (user_id, current_mandant_id, current_mandant_id))
+
+    result = cur.fetchone()
+
+    cur.close()
+    conn.close()
+
+    return result is not None
+
+def user_admin_required(view_func):
+    @wraps(view_func)
+    def wrapper(*args, **kwargs):
+        if not session.get("user_id"):
+            return redirect(url_for("login", next=request.path))
+        if not user_is_user_admin():
+            abort(403)
+        return view_func(*args, **kwargs)
    return wrapper
--- a/app/flask-postgres/app/templates/base.html
+++ b/app/flask-postgres/app/templates/base.html
@ -31,6 +31,10 @@
              {% if is_admin %}
                <a href="/admin/mandanten">Admin</a>
              {% endif %}
+              {% if is_user_admin %}
+                <a href="/useradmin/mandant">Useradministration</a>
+              {% endif %}
+
              <a href="/logout">Logout</a>
            </div>
          </div>
--- a/app/flask-postgres/app/templates/useradmin_mandant.html
+++ b/app/flask-postgres/app/templates/useradmin_mandant.html
@ -0,0 +1,47 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+<div class="page-header">
+  <h1>Useradministration</h1>
+  <p class="intro-text">Benutzer des aktuellen Mandanten.</p>
+</div>
+
+<section class="admin-section">
+  <div class="admin-panel">
+    <div class="admin-panel-header">
+      <h2>Benutzerübersicht</h2>
+    </div>
+
+    <div class="table-wrap">
+      <table class="mandanten-table">
+        <thead>
+          <tr>
+            <th>ID</th>
+            <th>Name</th>
+            <th>E-Mail</th>
+            <th>Status</th>
+            <th>Letzter Login</th>
+            <th>Mandant</th>
+            <th>Level</th>
+          </tr>
+        </thead>
+        <tbody>
+          {% for user in users %}
+          <tr>
+            <td class="col-id">{{ user.id }}</td>
+            <td>{{ user.name }}</td>
+            <td>{{ user.email }}</td>
+            <td>{{ user.status }}</td>
+            <td>{{ user.last_login or "-" }}</td>
+            <td>{{ user.mandant_name }}</td>
+            <td>{{ user.mandant_level }}</td>
+          </tr>
+          {% endfor %}
+        </tbody>
+      </table>
+    </div>
+  </div>
+</section>
+
+{% endblock %}