RonnyG/QueryBuilder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒 Disable self-registration and compact admin interface

Browse Source 
Security improvements:
- Removed registration link from login page
- Disabled /auth/register route - redirects with error message
- Removed demo credentials from login page
- Added info message: 'New users are created by administrators'

UI improvements:
- Compacted all admin interface buttons (btn-sm)
- Reduced heading sizes (H2 → H4) for less visual dominance
- Shortened badge texts ('Administrator' → 'Admin', 'Benutzer' → 'User')
- Optimized spacing and reduced margins/paddings
- Cleaner, more professional admin interface

Access control:
- Only administrators can create new users via admin panel
- Self-registration completely disabled for security
- Maintains full admin functionality with improved UX
This commit is contained in:
DGSoft
2025-10-14 21:42:32 +02:00
parent f176560c02
commit 86f9117d55
10 changed files with 75 additions and 109 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
app/templates/admin/edit_user.html
View File

@@ -7,23 +7,23 @@
<div class="row justify-content-center">
<div class="col-md-6">
<div class="d-flex justify-content-between align-items-center mb-4">
<h2><i class="fas fa-user-edit"></i> Benutzer bearbeiten</h2>
<a href="{{ url_for('admin.users') }}" class="btn btn-outline-secondary">
<h4><i class="fas fa-user-edit"></i> Benutzer bearbeiten</h4>
<a href="{{ url_for('admin.users') }}" class="btn btn-outline-secondary btn-sm">
<i class="fas fa-arrow-left"></i> Zurück
</a>
</div>
<div class="card">
<div class="card-header">
<h5>
<h6>
{{ user.username }}
{% if user.id == current_user.id %}
<span class="badge bg-primary">Sie</span>
{% endif %}
{% if user.is_admin %}
<span class="badge bg-danger">Administrator</span>
<span class="badge bg-danger">Admin</span>
{% endif %}
</h5>
</h6>
</div>
<div class="card-body">
<form method="POST">
@@ -77,10 +77,10 @@
</div>
<div class="d-grid gap-2">
<button type="submit" class="btn btn-primary">
<button type="submit" class="btn btn-primary btn-sm">
<i class="fas fa-save"></i> Änderungen speichern
</button>
<a href="{{ url_for('admin.users') }}" class="btn btn-outline-secondary">
<a href="{{ url_for('admin.users') }}" class="btn btn-outline-secondary btn-sm">
<i class="fas fa-times"></i> Abbrechen
</a>
</div>
@@ -89,20 +89,20 @@
</div>
<!-- Benutzer-Informationen -->
<div class="card mt-4">
<div class="card mt-3">
<div class="card-header">
<h6><i class="fas fa-info-circle"></i> Benutzer-Informationen</h6>
<h6><i class="fas fa-info-circle"></i> Benutzer-Info</h6>
</div>
<div class="card-body">
<div class="row">
<div class="col-sm-4"><strong>Benutzer-ID:</strong></div>
<div class="row small">
<div class="col-sm-4"><strong>ID:</strong></div>
<div class="col-sm-8">{{ user.id }}</div>
</div>
<div class="row">
<div class="col-sm-4"><strong>Erstellt am:</strong></div>
<div class="col-sm-8">{{ user.created_at.strftime('%d.%m.%Y %H:%M:%S') }}</div>
<div class="row small">
<div class="col-sm-4"><strong>Erstellt:</strong></div>
<div class="col-sm-8">{{ user.created_at.strftime('%d.%m.%Y %H:%M') }}</div>
</div>
<div class="row">
<div class="row small">
<div class="col-sm-4"><strong>Rolle:</strong></div>
<div class="col-sm-8">
{% if user.is_admin %}
@@ -112,8 +112,8 @@
{% endif %}
</div>
</div>
<div class="row">
<div class="col-sm-4"><strong>Anzahl Queries:</strong></div>
<div class="row small">
<div class="col-sm-4"><strong>Queries:</strong></div>
<div class="col-sm-8">{{ user.saved_queries|length }}</div>
</div>
</div>
@@ -121,18 +121,18 @@
<!-- Lösch-Option -->
{% if user.id != current_user.id %}
<div class="card mt-4 border-danger">
<div class="card mt-3 border-danger">
<div class="card-header bg-danger text-white">
<h6><i class="fas fa-exclamation-triangle"></i> Gefahrenbereich</h6>
</div>
<div class="card-body">
<p class="text-danger">
<strong>Achtung:</strong> Das Löschen eines Benutzers kann nicht rückgängig gemacht werden.
Alle gespeicherten Queries dieses Benutzers gehen verloren.
<p class="text-danger small mb-2">
<strong>Achtung:</strong> Das Löschen kann nicht rückgängig gemacht werden.
Alle Queries gehen verloren.
</p>
<form method="POST" action="{{ url_for('admin.delete_user', user_id=user.id) }}"
onsubmit="return confirm('Benutzer {{ user.username }} wirklich unwiderruflich löschen?\\n\\nAlle gespeicherten Queries gehen verloren!')">
<button type="submit" class="btn btn-danger">
onsubmit="return confirm('Benutzer {{ user.username }} wirklich löschen?\\n\\nAlle Queries gehen verloren!')">
<button type="submit" class="btn btn-danger btn-sm">
<i class="fas fa-trash"></i> Benutzer löschen
</button>
</form>