dgsoft/QueryBuilder
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
QueryBuilder/app/templates/admin/edit_user.html
DGSoft 86f9117d55 🔒 Disable self-registration and compact admin interface 
Security improvements:
- Removed registration link from login page
- Disabled /auth/register route - redirects with error message
- Removed demo credentials from login page
- Added info message: 'New users are created by administrators'

UI improvements:
- Compacted all admin interface buttons (btn-sm)
- Reduced heading sizes (H2 → H4) for less visual dominance
- Shortened badge texts ('Administrator' → 'Admin', 'Benutzer' → 'User')
- Optimized spacing and reduced margins/paddings
- Cleaner, more professional admin interface

Access control:
- Only administrators can create new users via admin panel
- Self-registration completely disabled for security
- Maintains full admin functionality with improved UX
2025-10-14 21:42:32 +02:00

145 lines
7.3 KiB
HTML
Raw Blame History

{% extends "base.html" %}
{% block title %}Benutzer bearbeiten{% endblock %}
{% block content %}
<div class="container">
<div class="row justify-content-center">
<div class="col-md-6">
<div class="d-flex justify-content-between align-items-center mb-4">
<h4><i class="fas fa-user-edit"></i> Benutzer bearbeiten</h4>
<a href="{{ url_for('admin.users') }}" class="btn btn-outline-secondary btn-sm">
<i class="fas fa-arrow-left"></i> Zurück
</a>
</div>
<div class="card">
<div class="card-header">
<h6>
{{ user.username }}
{% if user.id == current_user.id %}
<span class="badge bg-primary">Sie</span>
{% endif %}
{% if user.is_admin %}
<span class="badge bg-danger">Admin</span>
{% endif %}
</h6>
</div>
<div class="card-body">
<form method="POST">
<div class="mb-3">
<label for="username" class="form-label">
<i class="fas fa-user"></i> Benutzername *
</label>
<input type="text" class="form-control" id="username" name="username"
value="{{ user.username }}" required maxlength="80"
placeholder="z.B. john.doe">
<div class="form-text">Der Benutzername muss eindeutig sein</div>
</div>
<div class="mb-3">
<label for="email" class="form-label">
<i class="fas fa-envelope"></i> E-Mail-Adresse *
</label>
<input type="email" class="form-control" id="email" name="email"
value="{{ user.email }}" required maxlength="120"
placeholder="john.doe@example.com">
<div class="form-text">Die E-Mail-Adresse muss eindeutig sein</div>
</div>
<div class="mb-3">
<label for="password" class="form-label">
<i class="fas fa-lock"></i> Neues Passwort
</label>
<input type="password" class="form-control" id="password" name="password"
minlength="6" placeholder="Leer lassen um Passwort beizubehalten">
<div class="form-text">Nur ausfüllen wenn Sie das Passwort ändern möchten (mindestens 6 Zeichen)</div>
</div>
<div class="mb-4">
<div class="form-check">
<input class="form-check-input" type="checkbox" id="is_admin" name="is_admin"
{% if user.is_admin %}checked{% endif %}
{% if user.id == current_user.id %}disabled{% endif %}>
<label class="form-check-label" for="is_admin">
<i class="fas fa-user-shield text-danger"></i> Administrator-Rechte
</label>
{% if user.id == current_user.id %}
<div class="form-text text-warning">
<i class="fas fa-exclamation-triangle"></i> Sie können Ihre eigenen Admin-Rechte nicht ändern
</div>
{% else %}
<div class="form-text">
Administratoren können andere Benutzer verwalten und haben Vollzugriff
</div>
{% endif %}
</div>
</div>
<div class="d-grid gap-2">
<button type="submit" class="btn btn-primary btn-sm">
<i class="fas fa-save"></i> Änderungen speichern
</button>
<a href="{{ url_for('admin.users') }}" class="btn btn-outline-secondary btn-sm">
<i class="fas fa-times"></i> Abbrechen
</a>
</div>
</form>
</div>
</div>
<!-- Benutzer-Informationen -->
<div class="card mt-3">
<div class="card-header">
<h6><i class="fas fa-info-circle"></i> Benutzer-Info</h6>
</div>
<div class="card-body">
<div class="row small">
<div class="col-sm-4"><strong>ID:</strong></div>
<div class="col-sm-8">{{ user.id }}</div>
</div>
<div class="row small">
<div class="col-sm-4"><strong>Erstellt:</strong></div>
<div class="col-sm-8">{{ user.created_at.strftime('%d.%m.%Y %H:%M') }}</div>
</div>
<div class="row small">
<div class="col-sm-4"><strong>Rolle:</strong></div>
<div class="col-sm-8">
{% if user.is_admin %}
<span class="badge bg-danger">Administrator</span>
{% else %}
<span class="badge bg-secondary">Standard-Benutzer</span>
{% endif %}
</div>
</div>
<div class="row small">
<div class="col-sm-4"><strong>Queries:</strong></div>
<div class="col-sm-8">{{ user.saved_queries|length }}</div>
</div>
</div>
</div>
<!-- Lösch-Option -->
{% if user.id != current_user.id %}
<div class="card mt-3 border-danger">
<div class="card-header bg-danger text-white">
<h6><i class="fas fa-exclamation-triangle"></i> Gefahrenbereich</h6>
</div>
<div class="card-body">
<p class="text-danger small mb-2">
<strong>Achtung:</strong> Das Löschen kann nicht rückgängig gemacht werden.
Alle Queries gehen verloren.
</p>
<form method="POST" action="{{ url_for('admin.delete_user', user_id=user.id) }}"
onsubmit="return confirm('Benutzer {{ user.username }} wirklich löschen?\\n\\nAlle Queries gehen verloren!')">
<button type="submit" class="btn btn-danger btn-sm">
<i class="fas fa-trash"></i> Benutzer löschen
</button>
</form>
</div>
</div>
{% endif %}
</div>
</div>
</div>
{% endblock %}
Reference in New Issue View Git Blame Copy Permalink