2025-04-15 10:49:15 -03:00
|
|
|
from flask import Blueprint, render_template, flash, redirect, url_for, request, jsonify
|
2026-02-20 17:19:15 -03:00
|
|
|
from functions.database import Usuario, get_db_session
|
2025-07-01 13:42:56 -03:00
|
|
|
from functions.decorators import require_login
|
2025-04-15 10:49:15 -03:00
|
|
|
from flask_login import login_required, current_user
|
|
|
|
|
from sqlalchemy.orm import joinedload
|
|
|
|
|
import pyotp
|
|
|
|
|
from werkzeug.security import generate_password_hash
|
|
|
|
|
import secrets
|
2025-04-15 14:26:02 -03:00
|
|
|
from functools import wraps
|
|
|
|
|
from sqlalchemy.exc import SQLAlchemyError
|
|
|
|
|
import logging
|
2025-04-15 15:09:03 -03:00
|
|
|
from datetime import datetime
|
2025-04-15 14:26:02 -03:00
|
|
|
|
|
|
|
|
logger = logging.getLogger(__name__)
|
2025-04-15 10:49:15 -03:00
|
|
|
|
|
|
|
|
admin_bp = Blueprint('admin', __name__, url_prefix='/admin')
|
|
|
|
|
|
2025-04-15 14:26:02 -03:00
|
|
|
def admin_required(f):
|
|
|
|
|
@wraps(f)
|
|
|
|
|
def decorated_function(*args, **kwargs):
|
|
|
|
|
if not current_user.is_admin:
|
|
|
|
|
flash('Acesso não autorizado.', 'danger')
|
2025-07-01 13:42:56 -03:00
|
|
|
return redirect(url_for('home.index'))
|
2025-04-15 14:26:02 -03:00
|
|
|
return f(*args, **kwargs)
|
|
|
|
|
return decorated_function
|
|
|
|
|
|
2025-04-15 10:49:15 -03:00
|
|
|
@admin_bp.route('/')
|
|
|
|
|
@login_required
|
2025-04-15 14:26:02 -03:00
|
|
|
@admin_required
|
2025-04-15 10:49:15 -03:00
|
|
|
def dashboard():
|
2025-04-15 14:26:02 -03:00
|
|
|
"""Dashboard principal da área administrativa com lista de usuários"""
|
2026-02-20 17:19:15 -03:00
|
|
|
db = get_db_session()
|
2025-04-15 10:49:15 -03:00
|
|
|
try:
|
2025-04-15 15:09:03 -03:00
|
|
|
now = datetime.now()
|
|
|
|
|
|
2025-04-15 10:49:15 -03:00
|
|
|
# Carregar estatísticas relevantes
|
|
|
|
|
total_users = db.query(Usuario).count()
|
|
|
|
|
active_users = db.query(Usuario).filter(Usuario.is_active == True).count()
|
|
|
|
|
inactive_users = total_users - active_users
|
|
|
|
|
|
2025-04-15 14:26:02 -03:00
|
|
|
# Carregar lista de usuários
|
|
|
|
|
users = db.query(Usuario).options(
|
|
|
|
|
joinedload(Usuario.roles),
|
|
|
|
|
joinedload(Usuario.militante)
|
|
|
|
|
).all()
|
|
|
|
|
|
2025-04-15 10:49:15 -03:00
|
|
|
return render_template(
|
|
|
|
|
'admin/dashboard.html',
|
|
|
|
|
total_users=total_users,
|
|
|
|
|
active_users=active_users,
|
2025-04-15 14:26:02 -03:00
|
|
|
inactive_users=inactive_users,
|
2025-04-15 15:09:03 -03:00
|
|
|
users=users,
|
|
|
|
|
now=now
|
2025-04-15 10:49:15 -03:00
|
|
|
)
|
2025-04-15 14:26:02 -03:00
|
|
|
except SQLAlchemyError as e:
|
|
|
|
|
logger.error(f"Erro ao buscar dados do dashboard: {str(e)}")
|
|
|
|
|
flash('Erro ao carregar dados. Por favor, tente novamente.', 'danger')
|
|
|
|
|
return render_template('admin/dashboard.html',
|
|
|
|
|
total_users=0,
|
|
|
|
|
active_users=0,
|
|
|
|
|
inactive_users=0,
|
|
|
|
|
users=[])
|
2025-04-15 10:49:15 -03:00
|
|
|
finally:
|
|
|
|
|
db.close()
|
|
|
|
|
|
|
|
|
|
@admin_bp.route('/users/<int:user_id>/reset-otp', methods=['POST'])
|
|
|
|
|
@login_required
|
2025-07-01 13:42:56 -03:00
|
|
|
@admin_required
|
2025-04-15 10:49:15 -03:00
|
|
|
def reset_user_otp(user_id):
|
|
|
|
|
"""Reseta o OTP de um usuário"""
|
2026-02-20 17:19:15 -03:00
|
|
|
db = get_db_session()
|
2025-04-15 10:49:15 -03:00
|
|
|
try:
|
|
|
|
|
user = db.query(Usuario).get(user_id)
|
|
|
|
|
if not user:
|
|
|
|
|
flash('Usuário não encontrado.', 'danger')
|
2025-04-15 14:26:02 -03:00
|
|
|
return redirect(url_for('admin.dashboard'))
|
2025-04-15 10:49:15 -03:00
|
|
|
|
|
|
|
|
# Gerar novo segredo OTP
|
|
|
|
|
user.otp_secret = pyotp.random_base32()
|
|
|
|
|
db.commit()
|
|
|
|
|
|
|
|
|
|
flash(f'OTP resetado com sucesso para {user.email}.', 'success')
|
2025-04-15 14:26:02 -03:00
|
|
|
return redirect(url_for('admin.dashboard'))
|
2025-04-15 10:49:15 -03:00
|
|
|
finally:
|
|
|
|
|
db.close()
|
|
|
|
|
|
|
|
|
|
@admin_bp.route('/users/<int:user_id>/reset-password', methods=['POST'])
|
|
|
|
|
@login_required
|
2025-07-01 13:42:56 -03:00
|
|
|
@admin_required
|
2025-04-15 10:49:15 -03:00
|
|
|
def reset_user_password(user_id):
|
|
|
|
|
"""Reseta a senha de um usuário"""
|
2026-02-20 17:19:15 -03:00
|
|
|
db = get_db_session()
|
2025-04-15 10:49:15 -03:00
|
|
|
try:
|
|
|
|
|
user = db.query(Usuario).get(user_id)
|
|
|
|
|
if not user:
|
|
|
|
|
flash('Usuário não encontrado.', 'danger')
|
2025-04-15 14:26:02 -03:00
|
|
|
return redirect(url_for('admin.dashboard'))
|
2025-04-15 10:49:15 -03:00
|
|
|
|
|
|
|
|
# Gerar nova senha aleatória
|
|
|
|
|
new_password = secrets.token_urlsafe(8)
|
|
|
|
|
user.password = generate_password_hash(new_password)
|
|
|
|
|
db.commit()
|
|
|
|
|
|
|
|
|
|
flash(f'Senha resetada com sucesso. Nova senha: {new_password}', 'success')
|
2025-04-15 14:26:02 -03:00
|
|
|
return redirect(url_for('admin.dashboard'))
|
2025-04-15 10:49:15 -03:00
|
|
|
finally:
|
|
|
|
|
db.close()
|
|
|
|
|
|
|
|
|
|
@admin_bp.route('/users/<int:user_id>/toggle-status', methods=['POST'])
|
|
|
|
|
@login_required
|
2025-07-01 13:42:56 -03:00
|
|
|
@admin_required
|
2025-04-15 10:49:15 -03:00
|
|
|
def toggle_user_status(user_id):
|
|
|
|
|
"""Ativa/desativa um usuário"""
|
2026-02-20 17:19:15 -03:00
|
|
|
db = get_db_session()
|
2025-04-15 10:49:15 -03:00
|
|
|
try:
|
|
|
|
|
user = db.query(Usuario).get(user_id)
|
|
|
|
|
if not user:
|
2025-04-15 15:09:03 -03:00
|
|
|
flash('Usuário não encontrado.', 'danger')
|
|
|
|
|
return redirect(url_for('admin.dashboard'))
|
2025-04-15 10:49:15 -03:00
|
|
|
|
|
|
|
|
user.is_active = not user.is_active
|
|
|
|
|
db.commit()
|
|
|
|
|
|
|
|
|
|
status = 'ativado' if user.is_active else 'desativado'
|
2025-04-15 15:09:03 -03:00
|
|
|
flash(f'Usuário {status} com sucesso.', 'success')
|
|
|
|
|
return redirect(url_for('admin.dashboard'))
|
2025-04-15 10:49:15 -03:00
|
|
|
finally:
|
|
|
|
|
db.close()
|
