feat(web): self-service cheie/creds + admin web + email signup (PRD 3.3b)
US-007: rute web proprii /cont/roteste-cheie + /cont/rar-creds scoped pe sesiune (C13), sectiune "Contul meu" cu cheie afisata o data. US-010: rol admin (users.is_admin) + require_admin->403 + CLI set-admin + bootstrap primul cont=admin (count_admins in BEGIN IMMEDIATE, anti-race). US-011: panou /admin (activare/dezactivare conturi, CSRF + PRG), link admin + logout pe dashboard. US-012: app/email.py notify_signup best-effort degradat fara SMTP + config smtp_*. Fix: migrare defensiva users.is_admin/email_verified in _migrate. VERIFY x2 context curat (PASS) + /code-review high. 393 teste pass. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -20,6 +20,10 @@ class LoginRequired(Exception):
|
||||
"""Ridica pentru a redirectiona la /login (prinsa de exception_handler in main.py)."""
|
||||
|
||||
|
||||
class AdminRequired(Exception):
|
||||
"""Ridica cand contul sesiunii nu are rol admin (prinsa de exception_handler in main.py)."""
|
||||
|
||||
|
||||
def current_account(request: Request) -> int | None:
|
||||
"""account_id din sesiune sau None daca nu e logat."""
|
||||
val = request.session.get("account_id")
|
||||
@@ -63,6 +67,26 @@ def require_login(request: Request) -> int:
|
||||
return aid
|
||||
|
||||
|
||||
def require_admin(request: Request) -> int:
|
||||
"""Verifica ca userul logat are rol admin pe contul sesiunii.
|
||||
|
||||
Intai cheama require_login (nelogat -> LoginRequired -> /login redirect).
|
||||
Daca e logat dar nu e admin -> ridica AdminRequired.
|
||||
Intoarce account_id la succes.
|
||||
"""
|
||||
account_id = require_login(request)
|
||||
from ..db import get_connection
|
||||
from ..users import is_account_admin
|
||||
conn = get_connection()
|
||||
try:
|
||||
admin = is_account_admin(conn, account_id)
|
||||
finally:
|
||||
conn.close()
|
||||
if not admin:
|
||||
raise AdminRequired()
|
||||
return account_id
|
||||
|
||||
|
||||
def set_session(request: Request, account_id: int, user_id: int) -> None:
|
||||
"""Seteaza sesiunea dupa login. Curata mai intai (C3 anti-fixare sesiune)."""
|
||||
request.session.clear()
|
||||
|
||||
Reference in New Issue
Block a user