REMOVE LDAP

routes/admin.py

@@ -0,0 +1,120 @@
+from flask import Blueprint, render_template, request, redirect, url_for, flash
+from flask_login import login_required, current_user
+from models import User, db
+from utils import admin_required
+
+admin_bp = Blueprint('admin', __name__, url_prefix='/admin')
+
+ALLOWED_ROLES = {'viewer', 'editor', 'admin'}
+
+
+@admin_bp.route('/users')
+@login_required
+@admin_required
+def user_list():
+    users = User.query.order_by(User.username).all()
+    return render_template('user_management.html', users=users)
+
+
+@admin_bp.route('/users/create', methods=['POST'])
+@login_required
+@admin_required
+def create_user():
+    username = request.form.get('username', '').strip()
+    name = request.form.get('name', '').strip()
+    password = request.form.get('password', '')
+    role = request.form.get('role', 'viewer')
+
+    errors = []
+
+    if not username:
+        errors.append('請輸入帳號')
+    if not name:
+        errors.append('請輸入姓名')
+    if not password:
+        errors.append('請輸入密碼')
+    if password and len(password) < 6:
+        errors.append('密碼長度至少需 6 碼')
+    if role not in ALLOWED_ROLES:
+        errors.append('角色設定不正確')
+    if username and User.query.filter_by(username=username).first():
+        errors.append('帳號已存在，請改用其他帳號')
+
+    if errors:
+        for message in errors:
+            flash(message, 'danger')
+        return redirect(url_for('admin.user_list'))
+
+    new_user = User(username=username, name=name, role=role)
+    new_user.set_password(password)
+    db.session.add(new_user)
+    db.session.commit()
+
+    flash(f"已建立帳號 {username}", 'success')
+    return redirect(url_for('admin.user_list'))
+
+
+@admin_bp.route('/users/update/<int:user_id>', methods=['POST'])
+@login_required
+@admin_required
+def update_user(user_id):
+    user = User.query.get_or_404(user_id)
+
+    name = request.form.get('name', '').strip()
+    role = request.form.get('role', 'viewer')
+    password = request.form.get('password', '').strip()
+
+    if not name:
+        flash('請輸入姓名', 'danger')
+        return redirect(url_for('admin.user_list'))
+
+    if role not in ALLOWED_ROLES:
+        flash('角色設定不正確', 'danger')
+        return redirect(url_for('admin.user_list'))
+
+    if password and len(password) < 6:
+        flash('密碼長度至少需 6 碼', 'danger')
+        return redirect(url_for('admin.user_list'))
+
+    if user.id == current_user.id and user.role == 'admin' and role != 'admin':
+        flash('無法變更自己的管理員權限', 'danger')
+        return redirect(url_for('admin.user_list'))
+
+    if user.role == 'admin' and role != 'admin':
+        admin_count = User.query.filter_by(role='admin').count()
+        if admin_count <= 1:
+            flash('系統至少需要一位管理員，無法變更該帳號的管理員權限', 'danger')
+            return redirect(url_for('admin.user_list'))
+
+    user.name = name
+    user.role = role
+    if password:
+        user.set_password(password)
+
+    db.session.commit()
+
+    flash(f"已更新帳號 {user.username}", 'success')
+    return redirect(url_for('admin.user_list'))
+
+
+@admin_bp.route('/users/delete/<int:user_id>', methods=['POST'])
+@login_required
+@admin_required
+def delete_user(user_id):
+    if user_id == current_user.id:
+        flash('無法刪除自己的帳號', 'danger')
+        return redirect(url_for('admin.user_list'))
+
+    user = User.query.get_or_404(user_id)
+
+    if user.role == 'admin':
+        admin_count = User.query.filter_by(role='admin').count()
+        if admin_count <= 1:
+            flash('系統至少需要一位管理員，無法刪除該帳號', 'danger')
+            return redirect(url_for('admin.user_list'))
+
+    db.session.delete(user)
+    db.session.commit()
+
+    flash(f"已刪除帳號 {user.username}", 'success')
+    return redirect(url_for('admin.user_list'))