damir/pgz-sport
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sidebar: +ERP +CRM +Dokumenti, godišnjaci import (18 PDFs), filter helpers

Browse Source 
- pgz nav now includes /erp/full, /crm/v2, /admin/users, /dokumenti
- 4 dokumenti endpoints: list, godišnjaci/list, godišnjak/{godina} PDF, detail
- 18 godišnjaka u pgz_sport.dokumenti (2006-2024) with savez_id=333
- PGŽ filter helpers (window._pgz_filter_priority, togglePGZFilter)
- navItemClick handler for nav items with href
This commit is contained in:
Damir Radulić
2026-05-05 13:08:11 +02:00
parent 9fb512932a
commit 1d02c0897d
970 changed files with 268354 additions and 434 deletions
Download Patch File Download Diff File Expand all files Collapse all files
auth/admin_users.py
+28
View File
@@ -370,6 +370,34 @@ def admin_reset_password(uid: int, request: Request, actor = Depends(require_use
{"email": target["email"]}, ip, ua)
return {"status": "ok", "temporary_password": new_temp}
# ─────────────────────────── 2FA admin (status / force disable) ───────────────────────────
@router.get("/users/{uid}/2fa-status")
def admin_2fa_status(uid: int, actor = Depends(require_user)):
target = db_one("SELECT user_type, klub_id, savez_id FROM pgz_sport.users WHERE id=%s", (uid,))
if not target: raise HTTPException(404, "User not found")
if not _can_manage(actor, target["user_type"], target["klub_id"], target["savez_id"]):
raise HTTPException(403, "Forbidden")
row = db_one("""SELECT enabled, verified_at, created_at, updated_at
FROM pgz_sport.user_2fa WHERE user_id=%s""", (uid,))
return {"enabled": bool(row and row.get("enabled")),
"verified_at": row and row.get("verified_at"),
"created_at": row and row.get("created_at"),
"updated_at": row and row.get("updated_at")}
@router.post("/users/{uid}/2fa-disable")
def admin_2fa_disable(uid: int, request: Request, actor = Depends(require_user)):
target = db_one("SELECT user_type, klub_id, savez_id, email FROM pgz_sport.users WHERE id=%s",
(uid,))
if not target: raise HTTPException(404, "User not found")
if not _can_manage(actor, target["user_type"], target["klub_id"], target["savez_id"]):
raise HTTPException(403, "Forbidden")
db_exec("DELETE FROM pgz_sport.user_2fa WHERE user_id=%s", (uid,))
db_exec("UPDATE pgz_sport.user_sessions SET revoked=true WHERE user_id=%s", (uid,))
ip, ua = _client(request)
audit(actor["id"], "user.2fa.admin_disable", "user", uid,
{"email": target["email"]}, ip, ua)
return {"status": "ok", "id": uid, "two_factor_enabled": False}
# ─────────────────────────── Audit log ───────────────────────────
@router.get("/audit")
def audit_log(user_id: Optional[int] = None,