dgsoft/QueryBuilder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒 Disable self-registration and compact admin interface

Browse Source 
Security improvements:
- Removed registration link from login page
- Disabled /auth/register route - redirects with error message
- Removed demo credentials from login page
- Added info message: 'New users are created by administrators'

UI improvements:
- Compacted all admin interface buttons (btn-sm)
- Reduced heading sizes (H2 → H4) for less visual dominance
- Shortened badge texts ('Administrator' → 'Admin', 'Benutzer' → 'User')
- Optimized spacing and reduced margins/paddings
- Cleaner, more professional admin interface

Access control:
- Only administrators can create new users via admin panel
- Self-registration completely disabled for security
- Maintains full admin functionality with improved UX
This commit is contained in:
DGSoft 2025-10-14 21:42:32 +02:00
parent f176560c02
commit 86f9117d55
10 changed files with 75 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
app/__pycache__/__init__.cpython-313.pyc
View File

Binary file not shown.

BIN
app/__pycache__/models.cpython-313.pyc
View File

Binary file not shown.

BIN
app/routes/__pycache__/api.cpython-313.pyc
View File

Binary file not shown.

BIN
app/routes/__pycache__/auth.cpython-313.pyc
View File

Binary file not shown.

25
app/routes/auth.py
View File

@ -24,31 +24,10 @@ def login():
@auth_bp.route('/register', methods=['GET', 'POST']) @auth_bp.route('/register', methods=['GET', 'POST'])
def register(): def register():
if request.method == 'POST': # Registrierung deaktiviert - nur Administratoren können Benutzer erstellen
username = request.form['username'] flash('Registrierung ist deaktiviert. Wenden Sie sich an einen Administrator.', 'error')
email = request.form['email']
password = request.form['password']
# Prüfe ob Benutzer bereits existiert
if User.query.filter_by(username=username).first():
flash('Benutzername bereits vergeben')
return render_template('auth/register.html')
if User.query.filter_by(email=email).first():
flash('E-Mail bereits vergeben')
return render_template('auth/register.html')
# Erstelle neuen Benutzer
user = User(username=username, email=email)
user.set_password(password)
db.session.add(user)
db.session.commit()
flash('Registrierung erfolgreich')
return redirect(url_for('auth.login')) return redirect(url_for('auth.login'))
return render_template('auth/register.html')
@auth_bp.route('/logout') @auth_bp.route('/logout')
@login_required @login_required
def logout(): def logout():

21
app/templates/admin/create_user.html
View File

@ -7,8 +7,8 @@
<div class="row justify-content-center"> <div class="row justify-content-center">
<div class="col-md-6"> <div class="col-md-6">
<div class="d-flex justify-content-between align-items-center mb-4"> <div class="d-flex justify-content-between align-items-center mb-4">
<h2><i class="fas fa-user-plus"></i> Neuen Benutzer erstellen</h2> <h4><i class="fas fa-user-plus"></i> Neuen Benutzer erstellen</h4>
<a href="{{ url_for('admin.users') }}" class="btn btn-outline-secondary"> <a href="{{ url_for('admin.users') }}" class="btn btn-outline-secondary btn-sm">
<i class="fas fa-arrow-left"></i> Zurück <i class="fas fa-arrow-left"></i> Zurück
</a> </a>
</div> </div>
@ -56,10 +56,10 @@
</div> </div>
<div class="d-grid gap-2"> <div class="d-grid gap-2">
<button type="submit" class="btn btn-success"> <button type="submit" class="btn btn-success btn-sm">
<i class="fas fa-user-plus"></i> Benutzer erstellen <i class="fas fa-user-plus"></i> Benutzer erstellen
</button> </button>
<a href="{{ url_for('admin.users') }}" class="btn btn-outline-secondary"> <a href="{{ url_for('admin.users') }}" class="btn btn-outline-secondary btn-sm">
<i class="fas fa-times"></i> Abbrechen <i class="fas fa-times"></i> Abbrechen
</a> </a>
</div> </div>
@ -68,17 +68,16 @@
</div> </div>
<!-- Hinweise --> <!-- Hinweise -->
<div class="card mt-4"> <div class="card mt-3">
<div class="card-header"> <div class="card-header">
<h6><i class="fas fa-info-circle"></i> Wichtige Hinweise</h6> <h6><i class="fas fa-info-circle"></i> Hinweise</h6>
</div> </div>
<div class="card-body"> <div class="card-body">
<ul class="mb-0"> <ul class="mb-0 small">
<li>Alle mit * markierten Felder sind Pflichtfelder</li> <li>Alle mit * markierten Felder sind Pflichtfelder</li>
<li>Der Benutzername und die E-Mail-Adresse müssen eindeutig sein</li> <li>Benutzername und E-Mail müssen eindeutig sein</li>
<li>Das Passwort sollte sicher gewählt werden</li> <li>Passwort sollte sicher gewählt werden (mind. 6 Zeichen)</li>
<li>Administrator-Rechte gewähren Vollzugriff auf alle Funktionen</li> <li>Admin-Rechte gewähren Vollzugriff auf alle Funktionen</li>
<li>Neue Benutzer können sich sofort mit ihren Anmeldedaten einloggen</li>
</ul> </ul>
</div> </div>
</div> </div>

42
app/templates/admin/dashboard.html
View File

@ -7,9 +7,9 @@
<div class="row"> <div class="row">
<div class="col-12"> <div class="col-12">
<div class="d-flex justify-content-between align-items-center mb-4"> <div class="d-flex justify-content-between align-items-center mb-4">
<h2><i class="fas fa-users-cog"></i> Admin Dashboard</h2> <h4><i class="fas fa-users-cog"></i> Admin Dashboard</h4>
<a href="{{ url_for('main.dashboard') }}" class="btn btn-outline-secondary"> <a href="{{ url_for('main.dashboard') }}" class="btn btn-outline-secondary btn-sm">
<i class="fas fa-arrow-left"></i> Zurück zum Dashboard <i class="fas fa-arrow-left"></i> Zurück
</a> </a>
</div> </div>
@ -74,26 +74,18 @@
<div class="col-12"> <div class="col-12">
<div class="card"> <div class="card">
<div class="card-header"> <div class="card-header">
<h5><i class="fas fa-tachometer-alt"></i> Schnellzugriff</h5> <h6><i class="fas fa-tachometer-alt"></i> Schnellzugriff</h6>
</div> </div>
<div class="card-body"> <div class="card-body">
<div class="row"> <div class="row">
<div class="col-md-6 mb-3"> <div class="col-md-6 mb-2">
<a href="{{ url_for('admin.users') }}" class="btn btn-outline-primary btn-lg w-100"> <a href="{{ url_for('admin.users') }}" class="btn btn-outline-primary btn-sm w-100">
<i class="fas fa-users"></i> <i class="fas fa-users me-1"></i> Benutzerverwaltung
<div class="mt-2">
<strong>Benutzerverwaltung</strong>
<br><small class="text-muted">Benutzer anzeigen, bearbeiten und erstellen</small>
</div>
</a> </a>
</div> </div>
<div class="col-md-6 mb-3"> <div class="col-md-6 mb-2">
<a href="{{ url_for('admin.create_user') }}" class="btn btn-outline-success btn-lg w-100"> <a href="{{ url_for('admin.create_user') }}" class="btn btn-outline-success btn-sm w-100">
<i class="fas fa-user-plus"></i> <i class="fas fa-user-plus me-1"></i> Neuen Benutzer erstellen
<div class="mt-2">
<strong>Neuen Benutzer erstellen</strong>
<br><small class="text-muted">Schnell einen neuen Benutzer hinzufügen</small>
</div>
</a> </a>
</div> </div>
</div> </div>
@ -107,7 +99,7 @@
<div class="col-12"> <div class="col-12">
<div class="card"> <div class="card">
<div class="card-header"> <div class="card-header">
<h5><i class="fas fa-clock"></i> Letzte Benutzer</h5> <h6><i class="fas fa-clock"></i> Letzte Benutzer</h6>
</div> </div>
<div class="card-body"> <div class="card-body">
{% if users %} {% if users %}
@ -152,15 +144,15 @@
</table> </table>
</div> </div>
<div class="text-center mt-3"> <div class="text-center mt-3">
<a href="{{ url_for('admin.users') }}" class="btn btn-primary"> <a href="{{ url_for('admin.users') }}" class="btn btn-primary btn-sm">
Alle Benutzer anzeigen <i class="fas fa-arrow-right"></i> Alle Benutzer <i class="fas fa-arrow-right"></i>
</a> </a>
</div> </div>
{% else %} {% else %}
<div class="text-center text-muted py-4"> <div class="text-center text-muted py-3">
<i class="fas fa-users fa-3x mb-3"></i> <i class="fas fa-users fa-2x mb-2"></i>
<h5>Keine Benutzer gefunden</h5> <h6>Keine Benutzer gefunden</h6>
<p>Erstellen Sie den ersten Benutzer über den Button oben.</p> <p class="small">Erstellen Sie den ersten Benutzer über den Button oben.</p>
</div> </div>
{% endif %} {% endif %}
</div> </div>

46
app/templates/admin/edit_user.html
View File

@ -7,23 +7,23 @@
<div class="row justify-content-center"> <div class="row justify-content-center">
<div class="col-md-6"> <div class="col-md-6">
<div class="d-flex justify-content-between align-items-center mb-4"> <div class="d-flex justify-content-between align-items-center mb-4">
<h2><i class="fas fa-user-edit"></i> Benutzer bearbeiten</h2> <h4><i class="fas fa-user-edit"></i> Benutzer bearbeiten</h4>
<a href="{{ url_for('admin.users') }}" class="btn btn-outline-secondary"> <a href="{{ url_for('admin.users') }}" class="btn btn-outline-secondary btn-sm">
<i class="fas fa-arrow-left"></i> Zurück <i class="fas fa-arrow-left"></i> Zurück
</a> </a>
</div> </div>
<div class="card"> <div class="card">
<div class="card-header"> <div class="card-header">
<h5> <h6>
{{ user.username }} {{ user.username }}
{% if user.id == current_user.id %} {% if user.id == current_user.id %}
<span class="badge bg-primary">Sie</span> <span class="badge bg-primary">Sie</span>
{% endif %} {% endif %}
{% if user.is_admin %} {% if user.is_admin %}
<span class="badge bg-danger">Administrator</span> <span class="badge bg-danger">Admin</span>
{% endif %} {% endif %}
</h5> </h6>
</div> </div>
<div class="card-body"> <div class="card-body">
<form method="POST"> <form method="POST">
@ -77,10 +77,10 @@
</div> </div>
<div class="d-grid gap-2"> <div class="d-grid gap-2">
<button type="submit" class="btn btn-primary"> <button type="submit" class="btn btn-primary btn-sm">
<i class="fas fa-save"></i> Änderungen speichern <i class="fas fa-save"></i> Änderungen speichern
</button> </button>
<a href="{{ url_for('admin.users') }}" class="btn btn-outline-secondary"> <a href="{{ url_for('admin.users') }}" class="btn btn-outline-secondary btn-sm">
<i class="fas fa-times"></i> Abbrechen <i class="fas fa-times"></i> Abbrechen
</a> </a>
</div> </div>
@ -89,20 +89,20 @@
</div> </div>
<!-- Benutzer-Informationen --> <!-- Benutzer-Informationen -->
<div class="card mt-4"> <div class="card mt-3">
<div class="card-header"> <div class="card-header">
<h6><i class="fas fa-info-circle"></i> Benutzer-Informationen</h6> <h6><i class="fas fa-info-circle"></i> Benutzer-Info</h6>
</div> </div>
<div class="card-body"> <div class="card-body">
<div class="row"> <div class="row small">
<div class="col-sm-4"><strong>Benutzer-ID:</strong></div> <div class="col-sm-4"><strong>ID:</strong></div>
<div class="col-sm-8">{{ user.id }}</div> <div class="col-sm-8">{{ user.id }}</div>
</div> </div>
<div class="row"> <div class="row small">
<div class="col-sm-4"><strong>Erstellt am:</strong></div> <div class="col-sm-4"><strong>Erstellt:</strong></div>
<div class="col-sm-8">{{ user.created_at.strftime('%d.%m.%Y %H:%M:%S') }}</div> <div class="col-sm-8">{{ user.created_at.strftime('%d.%m.%Y %H:%M') }}</div>
</div> </div>
<div class="row"> <div class="row small">
<div class="col-sm-4"><strong>Rolle:</strong></div> <div class="col-sm-4"><strong>Rolle:</strong></div>
<div class="col-sm-8"> <div class="col-sm-8">
{% if user.is_admin %} {% if user.is_admin %}
@ -112,8 +112,8 @@
{% endif %} {% endif %}
</div> </div>
</div> </div>
<div class="row"> <div class="row small">
<div class="col-sm-4"><strong>Anzahl Queries:</strong></div> <div class="col-sm-4"><strong>Queries:</strong></div>
<div class="col-sm-8">{{ user.saved_queries|length }}</div> <div class="col-sm-8">{{ user.saved_queries|length }}</div>
</div> </div>
</div> </div>
@ -121,18 +121,18 @@
<!-- Lösch-Option --> <!-- Lösch-Option -->
{% if user.id != current_user.id %} {% if user.id != current_user.id %}
<div class="card mt-4 border-danger"> <div class="card mt-3 border-danger">
<div class="card-header bg-danger text-white"> <div class="card-header bg-danger text-white">
<h6><i class="fas fa-exclamation-triangle"></i> Gefahrenbereich</h6> <h6><i class="fas fa-exclamation-triangle"></i> Gefahrenbereich</h6>
</div> </div>
<div class="card-body"> <div class="card-body">
<p class="text-danger"> <p class="text-danger small mb-2">
<strong>Achtung:</strong> Das Löschen eines Benutzers kann nicht rückgängig gemacht werden. <strong>Achtung:</strong> Das Löschen kann nicht rückgängig gemacht werden.
Alle gespeicherten Queries dieses Benutzers gehen verloren. Alle Queries gehen verloren.
</p> </p>
<form method="POST" action="{{ url_for('admin.delete_user', user_id=user.id) }}" <form method="POST" action="{{ url_for('admin.delete_user', user_id=user.id) }}"
onsubmit="return confirm('Benutzer {{ user.username }} wirklich unwiderruflich löschen?\\n\\nAlle gespeicherten Queries gehen verloren!')"> onsubmit="return confirm('Benutzer {{ user.username }} wirklich löschen?\\n\\nAlle Queries gehen verloren!')">
<button type="submit" class="btn btn-danger"> <button type="submit" class="btn btn-danger btn-sm">
<i class="fas fa-trash"></i> Benutzer löschen <i class="fas fa-trash"></i> Benutzer löschen
</button> </button>
</form> </form>

34
app/templates/admin/users.html
View File

@ -7,13 +7,13 @@
<div class="row"> <div class="row">
<div class="col-12"> <div class="col-12">
<div class="d-flex justify-content-between align-items-center mb-4"> <div class="d-flex justify-content-between align-items-center mb-4">
<h2><i class="fas fa-users"></i> Benutzerverwaltung</h2> <h4><i class="fas fa-users"></i> Benutzerverwaltung</h4>
<div> <div>
<a href="{{ url_for('admin.create_user') }}" class="btn btn-success"> <a href="{{ url_for('admin.create_user') }}" class="btn btn-success btn-sm">
<i class="fas fa-user-plus"></i> Neuen Benutzer erstellen <i class="fas fa-user-plus"></i> Erstellen
</a> </a>
<a href="{{ url_for('admin.admin_dashboard') }}" class="btn btn-outline-secondary"> <a href="{{ url_for('admin.admin_dashboard') }}" class="btn btn-outline-secondary btn-sm">
<i class="fas fa-arrow-left"></i> Admin Dashboard <i class="fas fa-arrow-left"></i> Zurück
</a> </a>
</div> </div>
</div> </div>
@ -47,17 +47,17 @@
<td> <td>
<div class="d-flex align-items-center"> <div class="d-flex align-items-center">
{% if user.is_admin %} {% if user.is_admin %}
<span class="badge bg-danger me-2"> <span class="badge bg-danger me-1">
<i class="fas fa-user-shield"></i> Administrator <i class="fas fa-user-shield"></i> Admin
</span> </span>
{% else %} {% else %}
<span class="badge bg-secondary me-2"> <span class="badge bg-secondary me-1">
<i class="fas fa-user"></i> Benutzer <i class="fas fa-user"></i> User
</span> </span>
{% endif %} {% endif %}
{% if user.id != current_user.id %} {% if user.id != current_user.id %}
<button class="btn btn-xs btn-outline-info" <button class="btn btn-xs btn-outline-info btn-sm"
onclick="toggleAdmin({{ user.id }})" onclick="toggleAdmin({{ user.id }})"
title="Rolle wechseln"> title="Rolle wechseln">
<i class="fas fa-exchange-alt"></i> <i class="fas fa-exchange-alt"></i>
@ -69,14 +69,14 @@
<td> <td>
<div class="btn-group btn-group-sm"> <div class="btn-group btn-group-sm">
<a href="{{ url_for('admin.edit_user', user_id=user.id) }}" <a href="{{ url_for('admin.edit_user', user_id=user.id) }}"
class="btn btn-outline-primary" title="Bearbeiten"> class="btn btn-outline-primary btn-sm" title="Bearbeiten">
<i class="fas fa-edit"></i> <i class="fas fa-edit"></i>
</a> </a>
{% if user.id != current_user.id %} {% if user.id != current_user.id %}
<form method="POST" action="{{ url_for('admin.delete_user', user_id=user.id) }}" <form method="POST" action="{{ url_for('admin.delete_user', user_id=user.id) }}"
class="d-inline" onsubmit="return confirm('Benutzer {{ user.username }} wirklich löschen?')"> class="d-inline" onsubmit="return confirm('Benutzer {{ user.username }} wirklich löschen?')">
<button type="submit" class="btn btn-outline-danger" title="Löschen"> <button type="submit" class="btn btn-outline-danger btn-sm" title="Löschen">
<i class="fas fa-trash"></i> <i class="fas fa-trash"></i>
</button> </button>
</form> </form>
@ -92,11 +92,11 @@
</div> </div>
{% else %} {% else %}
<div class="card"> <div class="card">
<div class="card-body text-center py-5"> <div class="card-body text-center py-4">
<i class="fas fa-users fa-3x text-muted mb-3"></i> <i class="fas fa-users fa-2x text-muted mb-2"></i>
<h4>Keine Benutzer gefunden</h4> <h6>Keine Benutzer gefunden</h6>
<p class="text-muted">Erstellen Sie den ersten Benutzer.</p> <p class="text-muted small">Erstellen Sie den ersten Benutzer.</p>
<a href="{{ url_for('admin.create_user') }}" class="btn btn-success"> <a href="{{ url_for('admin.create_user') }}" class="btn btn-success btn-sm">
<i class="fas fa-user-plus"></i> Ersten Benutzer erstellen <i class="fas fa-user-plus"></i> Ersten Benutzer erstellen
</a> </a>
</div> </div>

14
app/templates/auth/login.html
View File

@ -30,17 +30,13 @@
</div> </div>
</form> </form>
</div> </div>
<div class="card-footer text-center">
<a href="{{ url_for('auth.register') }}" class="text-decoration-none">
Noch kein Konto? Hier registrieren
</a>
</div>
</div> </div>
<div class="mt-3 p-3 bg-light rounded"> <div class="mt-3 p-2 bg-info text-white rounded">
<h6>Demo-Zugang:</h6> <p class="small mb-0">
<p class="small mb-1"><strong>Benutzername:</strong> admin</p> <i class="fas fa-info-circle"></i>
<p class="small mb-0"><strong>Passwort:</strong> admin123</p> Neue Benutzer werden von Administratoren erstellt.
</p>
</div> </div>
</div> </div>
</div> </div>