feat: add admin user management page with CRUD and i18n

- New admin blueprint with CRUD proxy endpoints for users - Admin user management template with search, create, edit, toggle active - Navbar: add admin link for is_admin users (desktop + mobile) - Register admin blueprint in app factory - Add IT/EN translations for all admin UI strings Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-20 11:58:47 +01:00
parent 5cc576cec9
commit 13986f05d7
6 changed files with 873 additions and 0 deletions
@@ -0,0 +1,104 @@
+"""Admin blueprint - user management."""
+from flask import Blueprint, flash, jsonify, redirect, render_template, request, session, url_for
+from flask_babel import gettext as _
+
+from blueprints.auth import login_required
+from services.api_client import api_client
+
+admin_bp = Blueprint("admin", __name__, url_prefix="/admin")
+
+
+def admin_required(f):
+    """Decorator to require admin privileges."""
+    from functools import wraps
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        user = session.get("user", {})
+        if not user.get("is_admin"):
+            flash(_("Accesso non autorizzato"), "error")
+            return redirect(url_for("measure.select_recipe"))
+        return f(*args, **kwargs)
+    return decorated
+
+
+# ============================================================================
+# PAGINE (GET)
+# ============================================================================
+
+@admin_bp.route("/users")
+@login_required
+@admin_required
+def user_list():
+    """User management page."""
+    resp = api_client.get("/api/users")
+
+    if isinstance(resp, dict) and resp.get("error"):
+        flash(_("Errore nel caricamento degli utenti: %(error)s", error=resp.get("detail", "")), "error")
+        users = []
+    elif isinstance(resp, list):
+        users = resp
+    else:
+        users = []
+
+    return render_template("admin/users.html", users=users)
+
+
+# ============================================================================
+# API PROXY AJAX (JSON)
+# ============================================================================
+
+@admin_bp.route("/api/users", methods=["POST"])
+@login_required
+@admin_required
+def api_create_user():
+    """Proxy: Create new user."""
+    data = request.get_json(silent=True) or {}
+    resp = api_client.post("/api/users", data=data)
+
+    if isinstance(resp, dict) and resp.get("error"):
+        return jsonify(resp), resp.get("status_code", 500)
+
+    return jsonify(resp), 201
+
+
+@admin_bp.route("/api/users/<int:user_id>", methods=["PUT"])
+@login_required
+@admin_required
+def api_update_user(user_id: int):
+    """Proxy: Update user."""
+    data = request.get_json(silent=True) or {}
+    resp = api_client.put(f"/api/users/{user_id}", data=data)
+
+    if isinstance(resp, dict) and resp.get("error"):
+        return jsonify(resp), resp.get("status_code", 500)
+
+    return jsonify(resp), 200
+
+
+@admin_bp.route("/api/users/<int:user_id>/password", methods=["PUT"])
+@login_required
+@admin_required
+def api_change_password(user_id: int):
+    """Proxy: Change user password."""
+    data = request.get_json(silent=True) or {}
+    resp = api_client.put(f"/api/users/{user_id}/password", data=data)
+
+    if isinstance(resp, dict) and resp.get("error"):
+        return jsonify(resp), resp.get("status_code", 500)
+
+    return jsonify(resp), 200
+
+
+@admin_bp.route("/api/users/<int:user_id>/toggle-active", methods=["POST"])
+@login_required
+@admin_required
+def api_toggle_active(user_id: int):
+    """Proxy: Toggle user active status."""
+    data = request.get_json(silent=True) or {}
+    active = data.get("active", True)
+    resp = api_client.put(f"/api/users/{user_id}", data={"active": active})
+
+    if isinstance(resp, dict) and resp.get("error"):
+        return jsonify(resp), resp.get("status_code", 500)
+
+    return jsonify(resp), 200