v0.12.0 - Add modular system architecture with user-based module access

- Add Modules and UserModules database tables - Create home page with module selection grid - Implement per-user module assignment in user management - Add route guards for module access control - Refactor navigation: login -> home -> modules, admin console via button - Add Font Awesome icons
2026-01-26 11:35:29 -06:00
parent cbd7e535e6
commit 21671d6bee
17 changed files with 365 additions and 47 deletions
--- a/blueprints/users.py
+++ b/blueprints/users.py
@@ -17,7 +17,10 @@ def manage_users():
        # Admins can only see staff
        users = query_db("SELECT * FROM Users WHERE role = 'staff' ORDER BY full_name")
    
-    return render_template('manage_users.html', users=users)
+    # Get all active modules
+    modules = query_db('SELECT * FROM Modules WHERE is_active = 1 ORDER BY display_order')
+    
+    return render_template('manage_users.html', users=users, modules=modules)


@users_bp.route('/settings/users/add', methods=['POST'])
@@ -191,4 +194,44 @@ def delete_user(user_id):
        execute_db('UPDATE Users SET is_active = 0 WHERE user_id = ?', [user_id])
        return jsonify({'success': True, 'message': 'User deleted successfully'})
    except Exception as e:
-        return jsonify({'success': False, 'message': f'Error deleting user: {str(e)}'})
+        return jsonify({'success': False, 'message': f'Error deleting user: {str(e)}'})
+
+
+@users_bp.route('/settings/users/<int:user_id>/modules', methods=['GET'])
+@role_required('owner', 'admin')
+def get_user_modules(user_id):
+    """Get modules assigned to a user"""
+    modules = query_db('''
+        SELECT module_id FROM UserModules WHERE user_id = ?
+    ''', [user_id])
+    
+    module_ids = [m['module_id'] for m in modules]
+    return jsonify({'success': True, 'module_ids': module_ids})
+
+
+@users_bp.route('/settings/users/<int:user_id>/modules', methods=['POST'])
+@role_required('owner', 'admin')
+def update_user_modules(user_id):
+    """Update modules assigned to a user"""
+    data = request.get_json()
+    module_ids = data.get('module_ids', [])
+    
+    # Verify user exists
+    user = query_db('SELECT user_id FROM Users WHERE user_id = ?', [user_id], one=True)
+    if not user:
+        return jsonify({'success': False, 'message': 'User not found'})
+    
+    try:
+        # Remove all current assignments
+        execute_db('DELETE FROM UserModules WHERE user_id = ?', [user_id])
+        
+        # Add new assignments
+        for module_id in module_ids:
+            execute_db('''
+                INSERT INTO UserModules (user_id, module_id, granted_by)
+                VALUES (?, ?, ?)
+            ''', [user_id, module_id, session['user_id']])
+        
+        return jsonify({'success': True, 'message': 'Modules updated'})
+    except Exception as e:
+        return jsonify({'success': False, 'message': str(e)})