From 9930782819b6ee07c24f96269278608f1b74e642 Mon Sep 17 00:00:00 2001
From: Bkolb <bernhard@kolb.cc>
Date: Thu, 2 Apr 2026 20:33:00 +0200
Subject: [PATCH] New User Form

---
 app/flask-postgres/app/app.py                 | 122 ++++++++++++++
 app/flask-postgres/app/templates/profil.html  |   9 +-
 .../app/templates/useradmin_user_new.html     | 149 ++++++++++++++++++
 app/flask-postgres/styles/site.css            |  54 +++++++
 4 files changed, 332 insertions(+), 2 deletions(-)
 create mode 100644 app/flask-postgres/app/templates/useradmin_user_new.html

diff --git a/app/flask-postgres/app/app.py b/app/flask-postgres/app/app.py
index b21c96d..2538a28 100644
--- a/app/flask-postgres/app/app.py
+++ b/app/flask-postgres/app/app.py
@@ -621,4 +621,126 @@ def pwdchange():
         error_message=error_message,
         success_message=success_message,
         **get_current_user()
+    )
+
+@app.route("/useradmin/mandant/new", methods=["GET", "POST"])
+@user_admin_required
+def useradmin_user_new():
+    current_mandant_id = session.get("mandant_id")
+
+    conn = get_connection()
+    cur = conn.cursor()
+
+    cur.execute("""
+        SELECT id, group_name
+        FROM app_group
+        WHERE mandant_id = %s
+        ORDER BY group_name
+    """, (current_mandant_id,))
+    gruppen = fetchall_dict(cur)
+
+    form_error = None
+    form_values = {
+        "email": "",
+        "name": "",
+        "status": "1",
+        "selected_groups": []
+    }
+
+    if request.method == "POST":
+        email = request.form.get("email", "").strip().lower()
+        name = request.form.get("name", "").strip()
+        password = request.form.get("password", "")
+        password2 = request.form.get("password2", "")
+        status = request.form.get("status", "1").strip()
+        selected_groups = request.form.getlist("group_ids")
+
+        form_values = {
+            "email": email,
+            "name": name,
+            "status": status,
+            "selected_groups": selected_groups
+        }
+
+        email_pattern = r"^[^@\s]+@[^@\s]+\.[^@\s]+$"
+
+        if not email:
+            form_error = "E-Mail ist ein Pflichtfeld."
+        elif not re.match(email_pattern, email):
+            form_error = "Bitte eine gültige E-Mail-Adresse eingeben."
+        elif not name:
+            form_error = "Name ist ein Pflichtfeld."
+        elif not password:
+            form_error = "Passwort ist ein Pflichtfeld."
+        elif not password2:
+            form_error = "Bitte Passwort bestätigen."
+        elif password != password2:
+            form_error = "Die beiden Passwörter stimmen nicht überein."
+        elif len(password) < 8:
+            form_error = "Das Passwort muss mindestens 8 Zeichen lang sein."
+        else:
+            cur.execute("""
+                SELECT id
+                FROM app_user
+                WHERE lower(email) = %s
+            """, (email,))
+            existing_user = cur.fetchone()
+
+            if existing_user:
+                form_error = "Ein Benutzer mit dieser E-Mail existiert bereits."
+            else:
+                password_hash = generate_password_hash(password)
+
+                cur.execute("""
+                    INSERT INTO app_user (
+                        email,
+                        name,
+                        mandant_id,
+                        password_hash,
+                        status
+                    )
+                    VALUES (%s, %s, %s, %s, %s)
+                    RETURNING id
+                """, (
+                    email,
+                    name,
+                    current_mandant_id,
+                    password_hash,
+                    int(status or 1)
+                ))
+                new_user_id = cur.fetchone()[0]
+
+                if selected_groups:
+                    cur.execute("""
+                        SELECT id
+                        FROM app_group
+                        WHERE mandant_id = %s
+                          AND id = ANY(%s)
+                    """, (current_mandant_id, selected_groups))
+                    valid_groups = cur.fetchall()
+
+                    for row in valid_groups:
+                        group_id = row[0]
+                        cur.execute("""
+                            INSERT INTO user_group (user_id, group_id, mandant_id)
+                            VALUES (%s, %s, %s)
+                        """, (new_user_id, group_id, current_mandant_id))
+
+                conn.commit()
+                cur.close()
+                conn.close()
+
+                return redirect(url_for("useradmin_mandant"))
+
+    cur.close()
+    conn.close()
+
+    return render_template(
+        "useradmin_user_new.html",
+        page_title="Neuer User",
+        active_page="useradmin",
+        gruppen=gruppen,
+        form_error=form_error,
+        form_values=form_values,
+        **get_current_user()
     )
\ No newline at end of file
diff --git a/app/flask-postgres/app/templates/profil.html b/app/flask-postgres/app/templates/profil.html
index 3eafcc1..6206898 100644
--- a/app/flask-postgres/app/templates/profil.html
+++ b/app/flask-postgres/app/templates/profil.html
@@ -12,16 +12,21 @@
   <tr><th>Mandant E-Mail</th><td>{{ profile.mandant_email or '-' }}</td></tr>
   <tr><th>Mandant Level</th><td>{{ profile.mandant_level }}</td></tr>
 
-  <tr>
+<tr>
   <th>Gruppen im Mandanten</th>
   <td>
     {% if gruppen %}
-      {{ gruppen | join(', ') }}
+      <div class="group-badges">
+        {% for gruppe in gruppen %}
+          <span class="group-badge">{{ gruppe }}</span>
+        {% endfor %}
+      </div>
     {% else %}
       -
     {% endif %}
   </td>
 </tr>
+
 </table>
 
 <div class="admin-actions">
diff --git a/app/flask-postgres/app/templates/useradmin_user_new.html b/app/flask-postgres/app/templates/useradmin_user_new.html
new file mode 100644
index 0000000..138dce5
--- /dev/null
+++ b/app/flask-postgres/app/templates/useradmin_user_new.html
@@ -0,0 +1,149 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+<div class="page-header">
+  <h1>Neuen User anlegen</h1>
+  <p class="intro-text">Benutzer im aktuellen Mandanten anlegen und Gruppen zuweisen.</p>
+</div>
+
+<section class="admin-section">
+  <div class="admin-panel">
+
+    {% if form_error %}
+      <div class="error-box">{{ form_error }}</div>
+    {% endif %}
+
+    <form method="post" id="user-create-form" novalidate class="admin-grid-form">
+
+      <div class="form-row">
+        <label for="email">E-Mail</label>
+        <input
+          type="email"
+          id="email"
+          name="email"
+          value="{{ form_values.email if form_values else '' }}"
+          required>
+      </div>
+
+      <div class="form-row">
+        <label for="name">Name</label>
+        <input
+          type="text"
+          id="name"
+          name="name"
+          value="{{ form_values.name if form_values else '' }}"
+          required>
+      </div>
+
+      <div class="form-row">
+        <label for="password">Passwort</label>
+        <input
+          type="password"
+          id="password"
+          name="password"
+          required>
+      </div>
+
+      <div class="form-row">
+        <label for="password2">Passwort bestätigen</label>
+        <input
+          type="password"
+          id="password2"
+          name="password2"
+          required>
+      </div>
+
+      <div class="form-row">
+        <label for="status">Status</label>
+        <select id="status" name="status">
+          <option value="0" {% if form_values and form_values.status == '0' %}selected{% endif %}>0 - nicht aktiviert</option>
+          <option value="1" {% if not form_values or form_values.status == '1' %}selected{% endif %}>1 - OK</option>
+          <option value="2" {% if form_values and form_values.status == '2' %}selected{% endif %}>2 - locked</option>
+          <option value="3" {% if form_values and form_values.status == '3' %}selected{% endif %}>3 - disabled</option>
+        </select>
+      </div>
+
+      <div class="form-row form-row-full">
+        <label>Gruppen des Mandanten</label>
+        <div class="checkbox-group">
+          {% for gruppe in gruppen %}
+            <label class="checkbox-item">
+              <input
+                type="checkbox"
+                name="group_ids"
+                value="{{ gruppe.id }}"
+                {% if form_values and gruppe.id|string in form_values.selected_groups %}checked{% endif %}>
+              <span>{{ gruppe.group_name }}</span>
+            </label>
+          {% endfor %}
+        </div>
+      </div>
+
+      <div class="form-row form-row-full">
+        <div id="user-create-error" class="error-box" style="display:none;"></div>
+        <div class="admin-actions">
+          <button type="submit" class="btn-primary">User anlegen</button>
+          <a href="/useradmin/mandant" class="btn-secondary">Zurück</a>
+        </div>
+      </div>
+
+    </form>
+  </div>
+</section>
+
+<script>
+  document.addEventListener("DOMContentLoaded", function () {
+    const form = document.getElementById("user-create-form");
+    const errorBox = document.getElementById("user-create-error");
+
+    if (!form) return;
+
+    form.addEventListener("submit", function (event) {
+      const email = document.getElementById("email").value.trim();
+      const name = document.getElementById("name").value.trim();
+      const password = document.getElementById("password").value;
+      const password2 = document.getElementById("password2").value;
+
+      const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+      let errors = [];
+
+      if (!email) {
+        errors.push("E-Mail ist ein Pflichtfeld.");
+      } else if (!emailRegex.test(email)) {
+        errors.push("Bitte eine gültige E-Mail-Adresse eingeben.");
+      }
+
+      if (!name) {
+        errors.push("Name ist ein Pflichtfeld.");
+      }
+
+      if (!password) {
+        errors.push("Passwort ist ein Pflichtfeld.");
+      }
+
+      if (!password2) {
+        errors.push("Bitte Passwort bestätigen.");
+      }
+
+      if (password && password2 && password !== password2) {
+        errors.push("Die beiden Passwörter stimmen nicht überein.");
+      }
+
+      if (password && password.length < 8) {
+        errors.push("Das Passwort muss mindestens 8 Zeichen lang sein.");
+      }
+
+      if (errors.length > 0) {
+        event.preventDefault();
+        errorBox.innerHTML = errors.join("<br>");
+        errorBox.style.display = "block";
+      } else {
+        errorBox.innerHTML = "";
+        errorBox.style.display = "none";
+      }
+    });
+  });
+</script>
+
+{% endblock %}
\ No newline at end of file
diff --git a/app/flask-postgres/styles/site.css b/app/flask-postgres/styles/site.css
index 6f55eec..cea0111 100644
--- a/app/flask-postgres/styles/site.css
+++ b/app/flask-postgres/styles/site.css
@@ -375,4 +375,58 @@ button {
   .top-nav a {
     min-width: auto;
   }
+}
+
+.group-badges {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 8px;
+}
+
+.group-badge {
+  display: inline-flex;
+  align-items: center;
+  padding: 6px 12px;
+  border-radius: 999px;
+  background: #eef4fb;
+  color: #0d2f57;
+  font-weight: 600;
+  font-size: 14px;
+  border: 1px solid #dce3ea;
+}
+/* =========================
+   12. NEW USER
+========================= */
+.checkbox-group {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 10px 16px;
+  padding: 4px 0;
+}
+
+.checkbox-item {
+  display: inline-flex;
+  align-items: center;
+  gap: 8px;
+  padding: 8px 12px;
+  background: #eef4fb;
+  border: 1px solid #dce3ea;
+  border-radius: 10px;
+  color: #0d2f57;
+  font-weight: 600;
+}
+
+.checkbox-item input[type="checkbox"] {
+  margin: 0;
+}
+
+.admin-grid-form select {
+  width: 100%;
+  min-height: 46px;
+  padding: 10px 12px;
+  border: 1px solid #cfd8e3;
+  border-radius: 10px;
+  font-size: 16px;
+  box-sizing: border-box;
+  background: #fff;
 }
\ No newline at end of file