feat: add role-based access control with database-backed users

2026-06-04 00:10:16 -06:00 · 2026-03-10 10:29:42 -06:00
parent b2e7eeb570
commit 4f0a7df22a
3 changed files with 196 additions and 12 deletions
@@ -10,7 +10,12 @@
    <div class="container py-4">
        <div class="d-flex justify-content-between align-items-center mb-4">
            <h1 class="h3 mb-0">Guestbook Admin</h1>
-            <span class="text-muted">{{ total }} total entries</span>
+            <div class="d-flex align-items-center gap-3">
+                <span class="text-muted">{{ total }} total entries</span>
+                {% if current_role == 'superadmin' %}
+                <a href="{{ url_for('admin_users') }}" class="btn btn-outline-secondary btn-sm">Manage Users</a>
+                {% endif %}
+            </div>
        </div>

        <div class="table-responsive">
@@ -38,10 +43,12 @@
                        <td>{{ 'Yes' if g[6] else 'No' }}</td>
                        <td class="text-nowrap">{{ g[7] }}</td>
                        <td>
+                            {% if current_role != 'viewer' %}
                            <form method="POST" action="{{ url_for('admin_delete', entry_id=g[0]) }}?page={{ page }}"
                                  onsubmit="return confirm('Delete entry for {{ g[1] }} {{ g[2] }}?')">
                                <button type="submit" class="btn btn-danger btn-sm">Delete</button>
                            </form>
+                            {% endif %}
                        </td>
                    </tr>
                    {% else %}