"""Panou admin web /admin. Rute: GET /admin — listeaza conturi in asteptare + active (require_admin) POST /admin/activate — activeaza un cont (require_admin + CSRF, PRG) POST /admin/deactivate — dezactiveaza un cont, nu permite id=1 (require_admin + CSRF, PRG) """ from __future__ import annotations from pathlib import Path from fastapi import APIRouter, Form, Request from fastapi.responses import HTMLResponse, RedirectResponse from fastapi.templating import Jinja2Templates from .. import __version__ from ..accounts import account_is_complete, list_accounts, set_active, set_status, delete_account from ..config import get_settings from ..db import get_connection from ..web.csrf import get_csrf_token, verify_csrf from ..web.session import require_admin router = APIRouter() _TMPL = Jinja2Templates(directory=str(Path(__file__).resolve().parent / "templates")) def _ctx(request: Request, **extra) -> dict: settings = get_settings() return {"rar_env": settings.rar_env, "version": __version__, **extra} def _emails_by_account(conn) -> dict[int, str | None]: """Intoarce primul email per account_id, intr-un singur query (fara N+1).""" rows = conn.execute( "SELECT account_id, email FROM users ORDER BY id" ).fetchall() result: dict[int, str | None] = {} for row in rows: acc_id = int(row["account_id"]) if acc_id not in result: result[acc_id] = row["email"] return result def _render_admin(request: Request, conn, *, error: str | None = None, status_code: int = 200): """Randeaza pagina admin.html cu lista de conturi si optional un mesaj de eroare.""" accounts = list_accounts(conn) emails = _emails_by_account(conn) for acct in accounts: # Computa is_complete INAINTE de a suprascrie accounts.email cu emailul de login al userului acct["is_complete"] = account_is_complete(acct) acct["email"] = emails.get(acct["id"]) # Grupare pe STARE, nu pe `active`: altfel conturile arhivate/blocate (active=0) # ar cadea gresit sub "in asteptare". 'deleted' e deja exclus din list_accounts. pending = [a for a in accounts if a["status"] == "pending" and a["id"] != 1] active = [a for a in accounts if a["status"] == "active" and a["id"] != 1] suspended = [a for a in accounts if a["status"] in ("blocked", "archived") and a["id"] != 1] return _TMPL.TemplateResponse(request, "admin.html", _ctx( request, csrf_token=get_csrf_token(request), pending=pending, active=active, suspended=suspended, error=error, is_authenticated=True, is_admin=True, ), status_code=status_code) @router.get("/admin", response_class=HTMLResponse) async def admin_get(request: Request): """Panou admin: conturi in asteptare + active.""" require_admin(request) conn = get_connection() try: return _render_admin(request, conn) finally: conn.close() def _apply_lifecycle(conn, ids: list[int], action: str) -> None: """Aplica un verb de ciclu de viata pe o lista de conturi. Conturile protejate (id=1) sau inexistente ridica ValueError din helperi -> sarite (nu opresc bulk-ul). `action`: activate | block | archive | delete.""" for aid in ids: try: if action == "activate": # Gate US-002: nu activam conturi fara identitate completa (companie+email+CUI) acct_row = conn.execute( "SELECT id, name, cui, email FROM accounts WHERE id=?", (aid,) ).fetchone() if acct_row and not account_is_complete(acct_row): continue # sarim activarea — contul incomplet ramane pending set_status(conn, aid, "active") elif action == "block": set_status(conn, aid, "blocked") elif action == "archive": set_status(conn, aid, "archived") elif action == "delete": delete_account(conn, aid) except ValueError: continue # cont de sistem / inexistent -> sarit def _lifecycle_route(request: Request, account_id: list[int], csrf_token: str, action: str): """Corp comun pentru rutele de ciclu de viata: auth + CSRF + aplica verbul (bulk) + PRG. Evita 4 handlere copy-paste care difera doar prin verb.""" require_admin(request) verify_csrf(request, csrf_token) conn = get_connection() try: _apply_lifecycle(conn, account_id, action) conn.commit() finally: conn.close() return RedirectResponse("/admin", status_code=303) @router.post("/admin/activate", response_class=HTMLResponse) async def admin_activate(request: Request, account_id: list[int] = Form(...), csrf_token: str = Form(default="")): """Activeaza unul sau mai multe conturi (bulk). PRG 303.""" return _lifecycle_route(request, account_id, csrf_token, "activate") @router.post("/admin/block", response_class=HTMLResponse) async def admin_block(request: Request, account_id: list[int] = Form(...), csrf_token: str = Form(default="")): """Blocheaza (suspendare reversibila) unul sau mai multe conturi. PRG 303.""" return _lifecycle_route(request, account_id, csrf_token, "block") @router.post("/admin/archive", response_class=HTMLResponse) async def admin_archive(request: Request, account_id: list[int] = Form(...), csrf_token: str = Form(default="")): """Arhiveaza (scos din listele active, date read-only) unul sau mai multe conturi. PRG 303.""" return _lifecycle_route(request, account_id, csrf_token, "archive") @router.post("/admin/delete", response_class=HTMLResponse) async def admin_delete(request: Request, account_id: list[int] = Form(...), csrf_token: str = Form(default="")): """Stergere SOFT (tombstone + purjare PII imediata) a unuia sau mai multor conturi. PRG 303.""" return _lifecycle_route(request, account_id, csrf_token, "delete") @router.post("/admin/deactivate", response_class=HTMLResponse) async def admin_deactivate( request: Request, account_id: int = Form(...), csrf_token: str = Form(default=""), ): """Dezactiveaza un cont. Nu permite dezactivarea contului default id=1. PRG: redirect 303.""" require_admin(request) verify_csrf(request, csrf_token) if account_id == 1: conn = get_connection() try: return _render_admin( request, conn, error="Contul default (id=1) nu poate fi dezactivat.", status_code=422, ) finally: conn.close() conn = get_connection() try: try: set_active(conn, account_id, False) except ValueError as exc: return _render_admin(request, conn, error=str(exc), status_code=422) finally: conn.close() return RedirectResponse("/admin", status_code=303)