From e43b089155c26d73d9f4a05d216ea2bdf3b1875f Mon Sep 17 00:00:00 2001
From: andersonid <nobre.it@gmail.com>
Date: Sun, 13 Apr 2025 22:30:05 -0300
Subject: [PATCH 1/9] =?UTF-8?q?fix:=20Corre=C3=A7=C3=B5es=20na=20p=C3=A1gi?=
 =?UTF-8?q?na=20de=20administra=C3=A7=C3=A3o=20e=20suas=20depend=C3=AAncia?=
 =?UTF-8?q?s?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.py                         | 214 ++++++++++++++++++++++++++++-----
 create_admin.py                |   9 ++
 functions/database.py          |   9 +-
 functions/decorators.py        |  54 +++++++--
 templates/base.html            |   7 +-
 templates/dashboard_admin.html | 211 +++++++++++++++++++++++++-------
 6 files changed, 418 insertions(+), 86 deletions(-)

diff --git a/app.py b/app.py
index 531bb7a..8e36537 100644
--- a/app.py
+++ b/app.py
@@ -128,7 +128,30 @@ def create_app():
             if 'user_id' not in session:
                 flash('Por favor, faça login para acessar esta página.', 'warning')
                 return redirect(url_for('login'))
-            return f(*args, **kwargs)
+            
+            from sqlalchemy.orm import Session
+            db = get_db_connection()
+            try:
+                # Carregar o usuário com suas roles e permissões
+                user = db.query(Usuario).options(
+                    joinedload(Usuario.roles).joinedload(Role.permissions),
+                    joinedload(Usuario.militante),
+                    joinedload(Usuario.cr),
+                    joinedload(Usuario.setor),
+                    joinedload(Usuario.celula)
+                ).get(session['user_id'])
+                
+                if not user:
+                    flash('Usuário não encontrado.', 'danger')
+                    return redirect(url_for('login'))
+                
+                # Atualiza timestamp da última atividade
+                user.update_last_activity()
+                db.commit()
+                
+                return f(*args, **kwargs)
+            finally:
+                db.close()
         return decorated_function
 
     # Decorator para verificar se a sessão expirou
@@ -222,6 +245,7 @@ def create_app():
                 session['user_id'] = user.id
                 session['username'] = user.username
                 session['is_admin'] = user.is_admin
+                print(f"Login realizado: user_id={user.id}, username={user.username}, is_admin={user.is_admin}")
                 
                 # Redirecionar para home
                 return redirect(url_for("home"))
@@ -1361,34 +1385,36 @@ def create_app():
     @app.route('/usuarios/<int:user_id>/toggle_status', methods=['POST'])
     @require_login
     def toggle_user_status(user_id):
-        user = db_session.query(Usuario).get_or_404(user_id)
-        
-        # Verificar permissões baseado na hierarquia
-        if not current_user.has_permission('system_config'):
-            if current_user.has_permission('manage_cr_sectors'):
-                # Secretário de CR só pode gerenciar membros do seu CR
-                if user.cr_id != current_user.cr_id:
-                    flash('Você não tem permissão para gerenciar este usuário.', 'danger')
-                    return redirect(url_for('dashboard_admin'))
-            elif current_user.has_permission('manage_sector_cells'):
-                # Secretário de Setor só pode gerenciar membros do seu setor
-                if user.setor_id != current_user.setor_id:
-                    flash('Você não tem permissão para gerenciar este usuário.', 'danger')
-                    return redirect(url_for('dashboard_admin'))
-            elif current_user.has_permission('manage_cell_members'):
-                # Secretário de Célula só pode gerenciar membros da sua célula
-                if user.celula_id != current_user.celula_id:
-                    flash('Você não tem permissão para gerenciar este usuário.', 'danger')
-                    return redirect(url_for('dashboard_admin'))
-            else:
-                # Militante básico não pode gerenciar ninguém
-                flash('Você não tem permissão para gerenciar usuários.', 'danger')
-                return redirect(url_for('dashboard_admin'))
-        
-        user.ativo = not user.ativo
-        db_session.commit()
-        
-        return jsonify({'success': True, 'message': 'Status do usuário alterado com sucesso!'})
+        if not current_user.is_admin:
+            return jsonify({
+                'success': False,
+                'error': 'Você não tem permissão para alterar o status de usuários.'
+            }), 403
+
+        db = get_db_connection()
+        try:
+            usuario = db.query(Usuario).get(user_id)
+            if not usuario:
+                return jsonify({
+                    'success': False,
+                    'error': 'Usuário não encontrado.'
+                }), 404
+
+            usuario.ativo = not usuario.ativo
+            db.commit()
+            
+            return jsonify({
+                'success': True,
+                'message': f'Usuário {"ativado" if usuario.ativo else "desativado"} com sucesso!'
+            })
+        except Exception as e:
+            db.rollback()
+            return jsonify({
+                'success': False,
+                'error': str(e)
+            }), 500
+        finally:
+            db.close()
 
     @app.route('/usuarios/<int:user_id>/alterar_nivel', methods=['POST'])
     @require_login
@@ -1619,6 +1645,136 @@ def create_app():
         finally:
             db.close()
 
+    @app.route('/dashboard_admin')
+    @login_required
+    def dashboard_admin():
+        """Rota para o dashboard administrativo"""
+        if not current_user.is_admin:
+            flash('Você não tem permissão para acessar esta página.', 'danger')
+            return redirect(url_for('home'))
+        
+        db = get_db_connection()
+        try:
+            # Busca usuários
+            usuarios = db.query(Usuario).all()
+            
+            usuarios_data = []
+            for usuario in usuarios:
+                user_data = {
+                    'id': usuario.id,
+                    'username': usuario.username,
+                    'email': usuario.email,
+                    'nome': usuario.username,  # Usar username como fallback
+                    'ativo': usuario.ativo,
+                    'is_admin': usuario.is_admin,
+                    'last_login': usuario.ultimo_login.strftime('%d/%m/%Y %H:%M') if usuario.ultimo_login else 'Nunca',
+                    'nivel': 'Administrador' if usuario.is_admin else 'Usuário'
+                }
+                usuarios_data.append(user_data)
+            
+            return render_template(
+                'dashboard_admin.html',
+                usuarios=usuarios_data
+            )
+        except Exception as e:
+            import traceback
+            print(f"Erro no dashboard_admin: {traceback.format_exc()}")
+            flash('Erro ao carregar dados dos usuários. Por favor, tente novamente.', 'danger')
+            return redirect(url_for('home'))
+        finally:
+            db.close()
+
+    @app.route('/reset_otp/<int:user_id>', methods=['POST'])
+    @login_required
+    def reset_otp(user_id):
+        if not current_user.is_admin:
+            return jsonify({
+                'success': False,
+                'error': 'Você não tem permissão para resetar OTP.'
+            }), 403
+
+        db = get_db_connection()
+        try:
+            usuario = db.query(Usuario).get(user_id)
+            if not usuario:
+                return jsonify({
+                    'success': False,
+                    'error': 'Usuário não encontrado.'
+                }), 404
+
+            usuario.otp_secret = pyotp.random_base32()
+            db.commit()
+            
+            return jsonify({
+                'success': True
+            })
+        except Exception as e:
+            db.rollback()
+            return jsonify({
+                'success': False,
+                'error': str(e)
+            }), 500
+        finally:
+            db.close()
+
+    @app.route('/reset_password/<int:user_id>', methods=['POST'])
+    @login_required
+    def reset_password(user_id):
+        if not current_user.is_admin:
+            return jsonify({
+                'success': False,
+                'error': 'Você não tem permissão para resetar senhas.'
+            }), 403
+
+        db = get_db_connection()
+        try:
+            usuario = db.query(Usuario).get(user_id)
+            if not usuario:
+                return jsonify({
+                    'success': False,
+                    'error': 'Usuário não encontrado.'
+                }), 404
+
+            nova_senha = ''.join(random.choices(string.ascii_letters + string.digits, k=12))
+            usuario.set_password(nova_senha)
+            
+            try:
+                msg = Message(
+                    'Nova Senha - Sistema de Controles',
+                    recipients=[usuario.email]
+                )
+                msg.body = f'''Olá {usuario.nome},
+
+Sua senha foi resetada por um administrador. Sua nova senha é:
+
+{nova_senha}
+
+Por favor, altere esta senha no seu próximo login.
+
+Atenciosamente,
+Sistema de Controles'''
+                
+                mail.send(msg)
+            except Exception as e:
+                print(f"Erro ao enviar email: {str(e)}")
+                return jsonify({
+                    'success': False,
+                    'error': 'Erro ao enviar email com a nova senha.'
+                }), 500
+
+            db.commit()
+            return jsonify({
+                'success': True
+            })
+        except Exception as e:
+            db.rollback()
+            return jsonify({
+                'success': False,
+                'error': str(e)
+            }), 500
+        finally:
+            db.close()
+
     return app
 
 def init_system():
diff --git a/create_admin.py b/create_admin.py
index 9d70e6d..b53fa93 100644
--- a/create_admin.py
+++ b/create_admin.py
@@ -70,6 +70,15 @@ def create_admin_user():
                 admin.set_password("admin123")
                 admin.generate_otp_secret()
                 
+                # Buscar ou criar role de admin
+                admin_role = db.query(Role).filter_by(nome="admin").first()
+                if not admin_role:
+                    admin_role = Role(nome="admin", nivel=0)  # Nível 0 é o mais alto
+                    db.add(admin_role)
+                
+                # Adicionar role ao usuário
+                admin.roles.append(admin_role)
+                
                 # Adicionar e fazer commit
                 db.add(admin)
                 db.commit()
diff --git a/functions/database.py b/functions/database.py
index 54e0d1c..4f09e71 100644
--- a/functions/database.py
+++ b/functions/database.py
@@ -441,6 +441,7 @@ class Usuario(Base, UserMixin):
     username = Column(String(50), unique=True, nullable=False)
     password_hash = Column(String(255), nullable=False)
     email = Column(String(100), unique=True, nullable=False)
+    nome = Column(String(100))  # Nome completo do usuário
     otp_secret = Column(String(32))
     role_id = Column(Integer, ForeignKey('roles.id'))
     setor_id = Column(Integer, ForeignKey('setores.id'))
@@ -464,11 +465,11 @@ class Usuario(Base, UserMixin):
     cr = relationship('ComiteRegional', back_populates='usuarios')
     celula = relationship('Celula', back_populates='usuarios')
 
-    def __init__(self, username, email=None, is_admin=False):
+    def __init__(self, username, email=None, is_admin=False, nome=None):
         self.username = username
         self.email = email
         self.is_admin = is_admin
-        self.email = email
+        self.nome = nome
         self.ativo = True
         self.session_timeout = 30
         self.tipo = "USUARIO"
@@ -549,6 +550,10 @@ class Usuario(Base, UserMixin):
         self.motivo_logout = "Logout manual"
         self.ultima_atividade = None
 
+    def is_admin_user(self):
+        """Verifica se o usuário é admin"""
+        return self.is_admin or any(role.nome == "admin" for role in self.roles)
+
 class PagamentoCelula(Base):
     __tablename__ = 'pagamentos_celula'
     
diff --git a/functions/decorators.py b/functions/decorators.py
index b2ec0dc..1483835 100644
--- a/functions/decorators.py
+++ b/functions/decorators.py
@@ -2,7 +2,7 @@ from functools import wraps
 from flask import session, redirect, url_for, flash
 from flask_login import current_user, login_required
 from sqlalchemy.orm import joinedload
-from .database import get_db_connection, Usuario
+from .database import get_db_connection, Usuario, Role
 from .rbac import Permission
 
 def require_login(f):
@@ -15,9 +15,13 @@ def require_login(f):
         
         db = get_db_connection()
         try:
-            # Carregar o usuário com suas roles
+            # Carregar o usuário com suas roles e permissões
             user = db.query(Usuario).options(
-                joinedload(Usuario.roles)
+                joinedload(Usuario.roles).joinedload(Role.permissions),
+                joinedload(Usuario.militante),
+                joinedload(Usuario.cr),
+                joinedload(Usuario.setor),
+                joinedload(Usuario.celula)
             ).get(current_user.id)
             
             if not user:
@@ -28,7 +32,15 @@ def require_login(f):
             user.update_last_activity()
             db.commit()
             
+            # Substituir o current_user pelo usuário carregado
+            setattr(current_user, '_get_current_object', lambda: user)
+            
+            # Executar a função com o usuário carregado
             return f(*args, **kwargs)
+        except Exception as e:
+            db.rollback()
+            flash('Erro ao carregar dados do usuário.', 'danger')
+            return redirect(url_for('login'))
         finally:
             db.close()
     return decorated_function
@@ -39,14 +51,38 @@ def require_permission(permission_name):
         @wraps(f)
         def decorated_function(*args, **kwargs):
             if not current_user.is_authenticated:
-                flash('Por favor, faça login para acessar esta página.', 'danger')
+                flash('Você precisa estar logado para acessar esta página.', 'error')
                 return redirect(url_for('login'))
             
-            if not current_user.has_permission(permission_name):
-                flash('Você não tem permissão para acessar esta página.', 'danger')
-                return redirect(url_for('home'))
-            
-            return f(*args, **kwargs)
+            db = get_db_connection()
+            try:
+                # Carregar o usuário com suas roles e permissões
+                user = db.query(Usuario).options(
+                    joinedload(Usuario.roles).joinedload(Role.permissions),
+                    joinedload(Usuario.militante),
+                    joinedload(Usuario.cr),
+                    joinedload(Usuario.setor),
+                    joinedload(Usuario.celula)
+                ).get(current_user.id)
+                
+                if not user:
+                    flash('Usuário não encontrado.', 'error')
+                    return redirect(url_for('login'))
+                
+                if not user.has_permission(permission_name):
+                    flash('Você não tem permissão para acessar esta página.', 'error')
+                    return redirect(url_for('index'))
+                
+                # Atualiza timestamp da última atividade
+                user.update_last_activity()
+                db.commit()
+                
+                # Substituir o current_user pelo usuário carregado
+                setattr(current_user, '_get_current_object', lambda: user)
+                
+                return f(*args, **kwargs)
+            finally:
+                db.close()
         return decorated_function
     return decorator
 
diff --git a/templates/base.html b/templates/base.html
index 9327f54..c6f072b 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -10,7 +10,7 @@
     <!-- Bootstrap 5 CSS -->
     <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/css/bootstrap.min.css?v=1" rel="stylesheet">
     <!-- Font Awesome 6 -->
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css?v=1">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css" integrity="sha512-DTOQO9RWCH3ppGqcWaEA1BIZOC6xxalwEsw9c2QQeAIftl+Vegovlnee1c9QX4TctnWMn13TZye+giMm8e2LwA==" crossorigin="anonymous" referrerpolicy="no-referrer" />
     <!-- Componentes CSS -->
     <link rel="stylesheet" href="{{ url_for('static', filename='css/components.css') }}">
     
@@ -599,6 +599,11 @@
                                     <i class="fas fa-user-plus"></i>Novo Usuário
                                 </a>
                             </li>
+                            <li>
+                                <a class="dropdown-item" href="{{ url_for('dashboard_admin') }}">
+                                    <i class="fas fa-cog fa fa-cog fa-solid fa-cog" style="display: inline-block !important; visibility: visible !important;"></i>Administração
+                                </a>
+                            </li>
                             <li><hr class="dropdown-divider"></li>
                             {% endif %}
                             <li>
diff --git a/templates/dashboard_admin.html b/templates/dashboard_admin.html
index d9c539a..170360d 100644
--- a/templates/dashboard_admin.html
+++ b/templates/dashboard_admin.html
@@ -1,63 +1,75 @@
-{% extends 'base.html' %}
+{% extends "base.html" %}
 
 {% block title %}Dashboard Administrativo{% endblock %}
 
 {% block content %}
-<div class="container">
-    <h1 class="mb-4">Dashboard Administrativo</h1>
-    
-    {% with messages = get_flashed_messages(with_categories=true) %}
-        {% if messages %}
-            {% for category, message in messages %}
-                <div class="alert alert-{{ category }}">{{ message }}</div>
-            {% endfor %}
-        {% endif %}
-    {% endwith %}
-    
-    <div class="card mb-4">
-        <div class="card-header">
-            <h5 class="card-title mb-0">Gerenciamento de Usuários</h5>
+<div class="container mt-4">
+    <div class="card">
+        <div class="card-header bg-dark text-white">
+            <h3 class="mb-0"><i class="fas fa-users-cog"></i> Administração de Usuários</h3>
         </div>
         <div class="card-body">
+            <div class="alert alert-info" role="alert">
+                <i class="fas fa-info-circle"></i> Aqui você pode gerenciar todos os usuários do sistema. Use os controles abaixo para ativar/desativar contas ou alterar níveis de acesso.
+            </div>
+            
             <div class="table-responsive">
-                <table class="table table-striped">
-                    <thead>
+                <table class="table table-hover">
+                    <thead class="thead-light">
                         <tr>
-                            <th>ID</th>
                             <th>Usuário</th>
                             <th>Email</th>
-                            <th>Admin</th>
-                            <th>OTP Configurado</th>
+                            <th>Nome</th>
+                            <th>Último Acesso</th>
+                            <th>Status</th>
+                            <th>Nível</th>
                             <th>Ações</th>
                         </tr>
                     </thead>
                     <tbody>
                         {% for usuario in usuarios %}
                         <tr>
-                            <td>{{ usuario.id }}</td>
                             <td>{{ usuario.username }}</td>
                             <td>{{ usuario.email }}</td>
+                            <td>{{ usuario.nome }}</td>
+                            <td>{{ usuario.last_login }}</td>
+                            <td>
+                                <span class="badge {% if usuario.ativo %}badge-success{% else %}badge-danger{% endif %}">
+                                    {{ "Ativo" if usuario.ativo else "Inativo" }}
+                                </span>
+                            </td>
                             <td>
                                 {% if usuario.is_admin %}
-                                    <span class="badge bg-success">Sim</span>
+                                    Administrador
                                 {% else %}
-                                    <span class="badge bg-secondary">Não</span>
+                                    {{ usuario.nivel }}
                                 {% endif %}
                             </td>
                             <td>
-                                {% if usuario.otp_secret %}
-                                    <span class="badge bg-success">Sim</span>
-                                {% else %}
-                                    <span class="badge bg-danger">Não</span>
-                                {% endif %}
-                            </td>
-                            <td>
-                                <form action="{{ url_for('reset_otp', user_id=usuario.id) }}" method="POST" class="d-inline">
-                                    <button type="submit" class="btn btn-warning btn-sm" 
-                                            onclick="return confirm('Tem certeza que deseja resetar o OTP deste usuário?')">
-                                        Resetar OTP
+                                <div class="btn-group" role="group">
+                                    <button class="btn btn-sm btn-outline-primary" 
+                                            onclick="toggleStatus('{{ usuario.id }}')"
+                                            data-toggle="tooltip"
+                                            title="{{ 'Desativar' if usuario.ativo else 'Ativar' }} usuário">
+                                        <i class="fas {% if usuario.ativo %}fa-user-times{% else %}fa-user-check{% endif %}"></i>
                                     </button>
-                                </form>
+                                    
+                                    <button class="btn btn-sm btn-outline-warning"
+                                            onclick="resetarSenha('{{ usuario.id }}')"
+                                            data-toggle="tooltip"
+                                            title="Resetar senha">
+                                        <i class="fas fa-key"></i>
+                                    </button>
+                                    
+                                    {% if not usuario.is_admin %}
+                                    <button class="btn btn-sm btn-outline-info"
+                                            onclick="alterarNivel('{{ usuario.id }}')"
+                                            data-toggle="tooltip"
+                                            title="Alterar nível">
+                                        <i class="fas fa-level-up-alt"></i>
+                                    </button>
+                                    {% endif %}
+                                </div>
                             </td>
                         </tr>
                         {% endfor %}
@@ -66,18 +78,127 @@
             </div>
         </div>
     </div>
-    
-    <div class="card">
-        <div class="card-header">
-            <h5 class="card-title mb-0">Ações Rápidas</h5>
-        </div>
-        <div class="card-body">
-            <div class="d-grid gap-2">
-                <a href="{{ url_for('novo_usuario') }}" class="btn btn-primary">
-                    Criar Novo Usuário
-                </a>
+</div>
+
+<!-- Modal de Feedback -->
+<div class="modal fade" id="feedbackModal" tabindex="-1" role="dialog">
+    <div class="modal-dialog" role="document">
+        <div class="modal-content">
+            <div class="modal-header">
+                <h5 class="modal-title">Aviso</h5>
+                <button type="button" class="close" data-dismiss="modal">
+                    <span>&times;</span>
+                </button>
+            </div>
+            <div class="modal-body">
+                <p id="feedbackMessage"></p>
+            </div>
+            <div class="modal-footer">
+                <button type="button" class="btn btn-secondary" data-dismiss="modal">Fechar</button>
             </div>
         </div>
     </div>
 </div>
+
+{% endblock %}
+
+{% block scripts %}
+<script>
+function showFeedback(message, type = 'info') {
+    const modal = document.getElementById('feedbackModal');
+    const messageElement = document.getElementById('feedbackMessage');
+    messageElement.textContent = message;
+    messageElement.className = `alert alert-${type}`;
+    $(modal).modal('show');
+}
+
+function handleResponse(response) {
+    if (!response.ok) {
+        throw new Error(`HTTP error! status: ${response.status}`);
+    }
+    return response.json();
+}
+
+function toggleStatus(userId) {
+    if (!confirm('Tem certeza que deseja alterar o status deste usuário?')) {
+        return;
+    }
+
+    fetch(`/usuarios/${userId}/toggle_status`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').content
+        }
+    })
+    .then(handleResponse)
+    .then(data => {
+        showFeedback(data.message || 'Status alterado com sucesso!', data.success ? 'success' : 'danger');
+        if (data.success) {
+            setTimeout(() => location.reload(), 1500);
+        }
+    })
+    .catch(error => {
+        console.error('Error:', error);
+        showFeedback('Erro ao alterar status do usuário. Por favor, tente novamente.', 'danger');
+    });
+}
+
+function resetarSenha(userId) {
+    if (!confirm('Tem certeza que deseja resetar a senha deste usuário?')) {
+        return;
+    }
+
+    fetch(`/reset_password/${userId}`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').content
+        }
+    })
+    .then(handleResponse)
+    .then(data => {
+        showFeedback(data.message || 'Senha resetada com sucesso!', data.success ? 'success' : 'danger');
+    })
+    .catch(error => {
+        console.error('Error:', error);
+        showFeedback('Erro ao resetar senha. Por favor, tente novamente.', 'danger');
+    });
+}
+
+function alterarNivel(userId) {
+    const novoNivel = prompt('Digite o novo nível do usuário (1-5):');
+    if (!novoNivel) return;
+
+    if (!/^[1-5]$/.test(novoNivel)) {
+        showFeedback('Por favor, insira um nível válido entre 1 e 5.', 'warning');
+        return;
+    }
+
+    fetch(`/usuarios/${userId}/alterar_nivel`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'X-CSRFToken': document.querySelector('meta[name="csrf-token"]').content
+        },
+        body: JSON.stringify({ nivel: parseInt(novoNivel) })
+    })
+    .then(handleResponse)
+    .then(data => {
+        showFeedback(data.message || 'Nível alterado com sucesso!', data.success ? 'success' : 'danger');
+        if (data.success) {
+            setTimeout(() => location.reload(), 1500);
+        }
+    })
+    .catch(error => {
+        console.error('Error:', error);
+        showFeedback('Erro ao alterar nível. Por favor, tente novamente.', 'danger');
+    });
+}
+
+// Inicializa os tooltips do Bootstrap
+$(function () {
+    $('[data-toggle="tooltip"]').tooltip();
+});
+</script>
 {% endblock %} 
\ No newline at end of file

From 5057802220350a2c4204d559452f1422fd13b9b8 Mon Sep 17 00:00:00 2001
From: andersonid <nobre.it@gmail.com>
Date: Sun, 13 Apr 2025 22:48:27 -0300
Subject: [PATCH 2/9] =?UTF-8?q?tela=20de=20administra=C3=A7=C3=A3o=20em=20?=
 =?UTF-8?q?ajustes?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit


From 92bc21dbd8b7fd9cf6dd3da127700a2e0b896f27 Mon Sep 17 00:00:00 2001
From: andersonid <nobre.it@gmail.com>
Date: Tue, 15 Apr 2025 10:19:59 -0300
Subject: [PATCH 3/9] =?UTF-8?q?Tela=20inicial=20de=20administra=C3=A7?=
 =?UTF-8?q?=C3=A3o=20desenvolvida.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 static/css/components.css      | 15 +++++++++++++++
 templates/dashboard_admin.html | 10 ++--------
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/static/css/components.css b/static/css/components.css
index 31c632a..bcec453 100644
--- a/static/css/components.css
+++ b/static/css/components.css
@@ -20,6 +20,10 @@
     --bs-success-dark: #157347;
     --bs-secondary: #6c757d;
     --bs-secondary-dark: #565e64;
+    
+    /* Variáveis para status */
+    --status-active: #28a745;
+    --status-inactive: #dc3545;
 }
 
 /* Tabelas */
@@ -608,4 +612,15 @@ input.btn-secondary:hover,
     color: #055160;
     background-color: #cff4fc;
     border-color: #b6effb;
+}
+
+/* Status styles */
+.status-active {
+    color: var(--status-active);
+    font-weight: 500;
+}
+
+.status-inactive {
+    color: var(--status-inactive);
+    font-weight: 500;
 } 
\ No newline at end of file
diff --git a/templates/dashboard_admin.html b/templates/dashboard_admin.html
index 170360d..01a549a 100644
--- a/templates/dashboard_admin.html
+++ b/templates/dashboard_admin.html
@@ -4,15 +4,9 @@
 
 {% block content %}
 <div class="container mt-4">
+    <h2 class="mb-4"><i class="fas fa-users-cog"></i> Administração de Usuários</h2>
     <div class="card">
-        <div class="card-header bg-dark text-white">
-            <h3 class="mb-0"><i class="fas fa-users-cog"></i> Administração de Usuários</h3>
-        </div>
         <div class="card-body">
-            <div class="alert alert-info" role="alert">
-                <i class="fas fa-info-circle"></i> Aqui você pode gerenciar todos os usuários do sistema. Use os controles abaixo para ativar/desativar contas ou alterar níveis de acesso.
-            </div>
-            
             <div class="table-responsive">
                 <table class="table table-hover">
                     <thead class="thead-light">
@@ -34,7 +28,7 @@
                             <td>{{ usuario.nome }}</td>
                             <td>{{ usuario.last_login }}</td>
                             <td>
-                                <span class="badge {% if usuario.ativo %}badge-success{% else %}badge-danger{% endif %}">
+                                <span class="badge {% if usuario.ativo %}bg-success{% else %}bg-danger{% endif %}">
                                     {{ "Ativo" if usuario.ativo else "Inativo" }}
                                 </span>
                             </td>

From 53769cf080014a6aff11d40ea90e0e6705f06a44 Mon Sep 17 00:00:00 2001
From: andersonid <nobre.it@gmail.com>
Date: Tue, 15 Apr 2025 10:21:41 -0300
Subject: [PATCH 4/9] =?UTF-8?q?Adicionado=20par=C3=A2metro=20de=20vers?=
 =?UTF-8?q?=C3=A3o=20aleat=C3=B3rio=20no=20CSS=20para=20evitar=20cache?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 templates/base.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/base.html b/templates/base.html
index c6f072b..c938f5b 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -12,7 +12,7 @@
     <!-- Font Awesome 6 -->
     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.1/css/all.min.css" integrity="sha512-DTOQO9RWCH3ppGqcWaEA1BIZOC6xxalwEsw9c2QQeAIftl+Vegovlnee1c9QX4TctnWMn13TZye+giMm8e2LwA==" crossorigin="anonymous" referrerpolicy="no-referrer" />
     <!-- Componentes CSS -->
-    <link rel="stylesheet" href="{{ url_for('static', filename='css/components.css') }}">
+    <link rel="stylesheet" href="{{ url_for('static', filename='css/components.css') }}?v={{ range(1, 10000) | random }}">
     
     <style>
         :root {

From 47f13e7c188b5f72372227991ba491c2dba5c051 Mon Sep 17 00:00:00 2001
From: andersonid <nobre.it@gmail.com>
Date: Tue, 15 Apr 2025 10:49:15 -0300
Subject: [PATCH 5/9] =?UTF-8?q?feat(#11):=20Implementa=20estrutura=20inici?=
 =?UTF-8?q?al=20da=20=C3=A1rea=20administrativa=20-=20Cria=20blueprint=20a?=
 =?UTF-8?q?dministrativo=20com=20rotas=20b=C3=A1sicas=20-=20Implementa=20t?=
 =?UTF-8?q?emplates=20base=20para=20=C3=A1rea=20administrativa=20-=20Adici?=
 =?UTF-8?q?ona=20dashboard=20administrativo=20-=20Implementa=20gerenciamen?=
 =?UTF-8?q?to=20de=20usu=C3=A1rios=20-=20Organiza=20rotas=20em=20pacote=20?=
 =?UTF-8?q?separado?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.py                         |   4 ++
 routes/__init__.py             |   2 +
 routes/admin.py                | 112 +++++++++++++++++++++++++++++++++
 templates/admin/base.html      | 100 +++++++++++++++++++++++++++++
 templates/admin/dashboard.html |  79 +++++++++++++++++++++++
 templates/admin/users.html     | 108 +++++++++++++++++++++++++++++++
 6 files changed, 405 insertions(+)
 create mode 100644 routes/__init__.py
 create mode 100644 routes/admin.py
 create mode 100644 templates/admin/base.html
 create mode 100644 templates/admin/dashboard.html
 create mode 100644 templates/admin/users.html

diff --git a/app.py b/app.py
index 8e36537..47a4d63 100644
--- a/app.py
+++ b/app.py
@@ -51,6 +51,7 @@ from sqlalchemy.sql import func
 from flask_wtf.csrf import CSRFProtect
 import json
 from utils.date_utils import validar_data, converter_data, validar_sequencia_datas, calcular_idade
+from routes.admin import admin_bp  # Importar o blueprint administrativo
 
 load_dotenv()
 
@@ -59,6 +60,9 @@ def create_app():
     app.secret_key = os.getenv('SECRET_KEY', secrets.token_hex(16))
     bootstrap = Bootstrap5(app)
 
+    # Registrar o blueprint administrativo
+    app.register_blueprint(admin_bp)
+
     # Configurar CSRF Protection
     csrf = CSRFProtect()
     csrf.init_app(app)
diff --git a/routes/__init__.py b/routes/__init__.py
new file mode 100644
index 0000000..5d588a4
--- /dev/null
+++ b/routes/__init__.py
@@ -0,0 +1,2 @@
+# Este arquivo está intencionalmente vazio
+# Ele é usado para marcar o diretório como um pacote Python 
\ No newline at end of file
diff --git a/routes/admin.py b/routes/admin.py
new file mode 100644
index 0000000..f8fda8a
--- /dev/null
+++ b/routes/admin.py
@@ -0,0 +1,112 @@
+from flask import Blueprint, render_template, flash, redirect, url_for, request, jsonify
+from functions.database import Usuario, get_db_connection
+from functions.decorators import require_permission, require_role, require_minimum_role
+from flask_login import login_required, current_user
+from sqlalchemy.orm import joinedload
+import pyotp
+from werkzeug.security import generate_password_hash
+import secrets
+
+admin_bp = Blueprint('admin', __name__, url_prefix='/admin')
+
+@admin_bp.route('/')
+@login_required
+@require_role('ADMIN')
+def dashboard():
+    """Dashboard principal da área administrativa"""
+    db = get_db_connection()
+    try:
+        # Carregar estatísticas relevantes
+        total_users = db.query(Usuario).count()
+        active_users = db.query(Usuario).filter(Usuario.is_active == True).count()
+        inactive_users = total_users - active_users
+        
+        return render_template(
+            'admin/dashboard.html',
+            total_users=total_users,
+            active_users=active_users,
+            inactive_users=inactive_users
+        )
+    finally:
+        db.close()
+
+@admin_bp.route('/users')
+@login_required
+@require_role('ADMIN')
+def list_users():
+    """Lista todos os usuários do sistema"""
+    db = get_db_connection()
+    try:
+        users = db.query(Usuario).options(
+            joinedload(Usuario.roles),
+            joinedload(Usuario.militante)
+        ).all()
+        return render_template('admin/users.html', users=users)
+    finally:
+        db.close()
+
+@admin_bp.route('/users/<int:user_id>/reset-otp', methods=['POST'])
+@login_required
+@require_role('ADMIN')
+def reset_user_otp(user_id):
+    """Reseta o OTP de um usuário"""
+    db = get_db_connection()
+    try:
+        user = db.query(Usuario).get(user_id)
+        if not user:
+            flash('Usuário não encontrado.', 'danger')
+            return redirect(url_for('admin.list_users'))
+        
+        # Gerar novo segredo OTP
+        user.otp_secret = pyotp.random_base32()
+        db.commit()
+        
+        flash(f'OTP resetado com sucesso para {user.email}.', 'success')
+        return redirect(url_for('admin.list_users'))
+    finally:
+        db.close()
+
+@admin_bp.route('/users/<int:user_id>/reset-password', methods=['POST'])
+@login_required
+@require_role('ADMIN')
+def reset_user_password(user_id):
+    """Reseta a senha de um usuário"""
+    db = get_db_connection()
+    try:
+        user = db.query(Usuario).get(user_id)
+        if not user:
+            flash('Usuário não encontrado.', 'danger')
+            return redirect(url_for('admin.list_users'))
+        
+        # Gerar nova senha aleatória
+        new_password = secrets.token_urlsafe(8)
+        user.password = generate_password_hash(new_password)
+        db.commit()
+        
+        flash(f'Senha resetada com sucesso. Nova senha: {new_password}', 'success')
+        return redirect(url_for('admin.list_users'))
+    finally:
+        db.close()
+
+@admin_bp.route('/users/<int:user_id>/toggle-status', methods=['POST'])
+@login_required
+@require_role('ADMIN')
+def toggle_user_status(user_id):
+    """Ativa/desativa um usuário"""
+    db = get_db_connection()
+    try:
+        user = db.query(Usuario).get(user_id)
+        if not user:
+            return jsonify({'success': False, 'message': 'Usuário não encontrado.'})
+        
+        user.is_active = not user.is_active
+        db.commit()
+        
+        status = 'ativado' if user.is_active else 'desativado'
+        return jsonify({
+            'success': True,
+            'message': f'Usuário {status} com sucesso.',
+            'new_status': user.is_active
+        })
+    finally:
+        db.close() 
\ No newline at end of file
diff --git a/templates/admin/base.html b/templates/admin/base.html
new file mode 100644
index 0000000..045cf14
--- /dev/null
+++ b/templates/admin/base.html
@@ -0,0 +1,100 @@
+{% extends "base.html" %}
+
+{% block title %}Área Administrativa{% endblock %}
+
+{% block content %}
+<div class="container-fluid">
+    <div class="row">
+        <!-- Sidebar -->
+        <nav id="sidebar" class="col-md-3 col-lg-2 d-md-block bg-light sidebar">
+            <div class="position-sticky pt-3">
+                <ul class="nav flex-column">
+                    <li class="nav-item">
+                        <a class="nav-link {% if request.endpoint == 'admin.dashboard' %}active{% endif %}" 
+                           href="{{ url_for('admin.dashboard') }}">
+                            <i class="fas fa-tachometer-alt me-2"></i>
+                            Dashboard
+                        </a>
+                    </li>
+                    <li class="nav-item">
+                        <a class="nav-link {% if request.endpoint == 'admin.list_users' %}active{% endif %}"
+                           href="{{ url_for('admin.list_users') }}">
+                            <i class="fas fa-users me-2"></i>
+                            Usuários
+                        </a>
+                    </li>
+                    <li class="nav-item">
+                        <a class="nav-link" href="{{ url_for('home') }}">
+                            <i class="fas fa-arrow-left me-2"></i>
+                            Voltar ao Sistema
+                        </a>
+                    </li>
+                </ul>
+            </div>
+        </nav>
+
+        <!-- Main content -->
+        <main class="col-md-9 ms-sm-auto col-lg-10 px-md-4">
+            <div class="d-flex justify-content-between flex-wrap flex-md-nowrap align-items-center pt-3 pb-2 mb-3 border-bottom">
+                <h1 class="h2">{% block admin_title %}{% endblock %}</h1>
+            </div>
+
+            {% with messages = get_flashed_messages(with_categories=true) %}
+                {% if messages %}
+                    {% for category, message in messages %}
+                        <div class="alert alert-{{ category }} alert-dismissible fade show" role="alert">
+                            {{ message }}
+                            <button type="button" class="btn-close" data-bs-dismiss="alert" aria-label="Close"></button>
+                        </div>
+                    {% endfor %}
+                {% endif %}
+            {% endwith %}
+
+            {% block admin_content %}{% endblock %}
+        </main>
+    </div>
+</div>
+{% endblock %}
+
+{% block extra_css %}
+<style>
+.sidebar {
+    position: fixed;
+    top: 0;
+    bottom: 0;
+    left: 0;
+    z-index: 100;
+    padding: 48px 0 0;
+    box-shadow: inset -1px 0 0 rgba(0, 0, 0, .1);
+}
+
+.sidebar .nav-link {
+    font-weight: 500;
+    color: #333;
+}
+
+.sidebar .nav-link.active {
+    color: #2470dc;
+}
+
+.sidebar-heading {
+    font-size: .75rem;
+    text-transform: uppercase;
+}
+
+main {
+    padding-top: 48px;
+}
+
+@media (max-width: 767.98px) {
+    .sidebar {
+        position: static;
+        padding-top: 0;
+    }
+    
+    main {
+        padding-top: 0;
+    }
+}
+</style>
+{% endblock %} 
\ No newline at end of file
diff --git a/templates/admin/dashboard.html b/templates/admin/dashboard.html
new file mode 100644
index 0000000..fa305e4
--- /dev/null
+++ b/templates/admin/dashboard.html
@@ -0,0 +1,79 @@
+{% extends "admin/base.html" %}
+
+{% block admin_title %}Dashboard Administrativo{% endblock %}
+
+{% block admin_content %}
+<div class="row">
+    <!-- Card de Total de Usuários -->
+    <div class="col-xl-3 col-md-6 mb-4">
+        <div class="card border-left-primary shadow h-100 py-2">
+            <div class="card-body">
+                <div class="row no-gutters align-items-center">
+                    <div class="col mr-2">
+                        <div class="text-xs font-weight-bold text-primary text-uppercase mb-1">
+                            Total de Usuários</div>
+                        <div class="h5 mb-0 font-weight-bold text-gray-800">{{ total_users }}</div>
+                    </div>
+                    <div class="col-auto">
+                        <i class="fas fa-users fa-2x text-gray-300"></i>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <!-- Card de Usuários Ativos -->
+    <div class="col-xl-3 col-md-6 mb-4">
+        <div class="card border-left-success shadow h-100 py-2">
+            <div class="card-body">
+                <div class="row no-gutters align-items-center">
+                    <div class="col mr-2">
+                        <div class="text-xs font-weight-bold text-success text-uppercase mb-1">
+                            Usuários Ativos</div>
+                        <div class="h5 mb-0 font-weight-bold text-gray-800">{{ active_users }}</div>
+                    </div>
+                    <div class="col-auto">
+                        <i class="fas fa-user-check fa-2x text-gray-300"></i>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+
+    <!-- Card de Usuários Inativos -->
+    <div class="col-xl-3 col-md-6 mb-4">
+        <div class="card border-left-warning shadow h-100 py-2">
+            <div class="card-body">
+                <div class="row no-gutters align-items-center">
+                    <div class="col mr-2">
+                        <div class="text-xs font-weight-bold text-warning text-uppercase mb-1">
+                            Usuários Inativos</div>
+                        <div class="h5 mb-0 font-weight-bold text-gray-800">{{ inactive_users }}</div>
+                    </div>
+                    <div class="col-auto">
+                        <i class="fas fa-user-times fa-2x text-gray-300"></i>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+
+<!-- Ações Rápidas -->
+<div class="row mt-4">
+    <div class="col-12">
+        <div class="card shadow mb-4">
+            <div class="card-header py-3">
+                <h6 class="m-0 font-weight-bold text-primary">Ações Rápidas</h6>
+            </div>
+            <div class="card-body">
+                <a href="{{ url_for('admin.list_users') }}" class="btn btn-primary me-2">
+                    <i class="fas fa-users me-1"></i>
+                    Gerenciar Usuários
+                </a>
+            </div>
+        </div>
+    </div>
+</div>
+
+{% endblock %} 
\ No newline at end of file
diff --git a/templates/admin/users.html b/templates/admin/users.html
new file mode 100644
index 0000000..c3c6096
--- /dev/null
+++ b/templates/admin/users.html
@@ -0,0 +1,108 @@
+{% extends "admin/base.html" %}
+
+{% block admin_title %}Gerenciamento de Usuários{% endblock %}
+
+{% block admin_content %}
+<div class="card shadow mb-4">
+    <div class="card-header py-3">
+        <h6 class="m-0 font-weight-bold text-primary">Lista de Usuários</h6>
+    </div>
+    <div class="card-body">
+        <div class="table-responsive">
+            <table class="table table-bordered" id="usersTable" width="100%" cellspacing="0">
+                <thead>
+                    <tr>
+                        <th>Email</th>
+                        <th>Nome</th>
+                        <th>Status</th>
+                        <th>Último Login</th>
+                        <th>Ações</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    {% for user in users %}
+                    <tr>
+                        <td>{{ user.email }}</td>
+                        <td>{{ user.militante.nome if user.militante else 'N/A' }}</td>
+                        <td>
+                            <span class="badge {% if user.is_active %}bg-success{% else %}bg-danger{% endif %}">
+                                {{ 'Ativo' if user.is_active else 'Inativo' }}
+                            </span>
+                        </td>
+                        <td>{{ user.ultimo_login.strftime('%d/%m/%Y %H:%M') if user.ultimo_login else 'Nunca' }}</td>
+                        <td>
+                            <div class="btn-group" role="group">
+                                <!-- Botão de Reset OTP -->
+                                <form action="{{ url_for('admin.reset_user_otp', user_id=user.id) }}" method="POST" class="d-inline">
+                                    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+                                    <button type="submit" class="btn btn-warning btn-sm" title="Resetar OTP"
+                                            onclick="return confirm('Tem certeza que deseja resetar o OTP deste usuário?')">
+                                        <i class="fas fa-key"></i>
+                                    </button>
+                                </form>
+
+                                <!-- Botão de Reset Senha -->
+                                <form action="{{ url_for('admin.reset_user_password', user_id=user.id) }}" method="POST" class="d-inline ms-1">
+                                    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+                                    <button type="submit" class="btn btn-danger btn-sm" title="Resetar Senha"
+                                            onclick="return confirm('Tem certeza que deseja resetar a senha deste usuário?')">
+                                        <i class="fas fa-lock"></i>
+                                    </button>
+                                </form>
+
+                                <!-- Botão de Ativar/Desativar -->
+                                <button class="btn btn-primary btn-sm ms-1" title="{{ 'Desativar' if user.is_active else 'Ativar' }} Usuário"
+                                        onclick="toggleUserStatus({{ user.id }})">
+                                    <i class="fas {% if user.is_active %}fa-user-times{% else %}fa-user-check{% endif %}"></i>
+                                </button>
+                            </div>
+                        </td>
+                    </tr>
+                    {% endfor %}
+                </tbody>
+            </table>
+        </div>
+    </div>
+</div>
+{% endblock %}
+
+{% block extra_js %}
+<script>
+function toggleUserStatus(userId) {
+    if (!confirm('Tem certeza que deseja alterar o status deste usuário?')) {
+        return;
+    }
+
+    fetch(`/admin/users/${userId}/toggle-status`, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            'X-CSRFToken': '{{ csrf_token() }}'
+        }
+    })
+    .then(response => response.json())
+    .then(data => {
+        if (data.success) {
+            // Recarregar a página para mostrar as mudanças
+            location.reload();
+        } else {
+            alert(data.message || 'Erro ao alterar status do usuário');
+        }
+    })
+    .catch(error => {
+        console.error('Error:', error);
+        alert('Erro ao alterar status do usuário');
+    });
+}
+
+// Inicializar DataTable
+$(document).ready(function() {
+    $('#usersTable').DataTable({
+        language: {
+            url: '//cdn.datatables.net/plug-ins/1.10.24/i18n/Portuguese-Brasil.json'
+        },
+        order: [[1, 'asc']]
+    });
+});
+</script>
+{% endblock %} 
\ No newline at end of file

From 0f32eae5cf9b13961e3b3a6b75c17ef31e21c7aa Mon Sep 17 00:00:00 2001
From: andersonid <nobre.it@gmail.com>
Date: Tue, 15 Apr 2025 14:26:02 -0300
Subject: [PATCH 6/9] =?UTF-8?q?refactor(#11):=20Integra=20listagem=20de=20?=
 =?UTF-8?q?usu=C3=A1rios=20no=20dashboard?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.py                         | 134 +----------------------------
 pytest.ini                     |   5 ++
 routes/admin.py                |  60 ++++++++-----
 run_tests.sh                   |  17 ++++
 setup.py                       |  18 ++++
 templates/admin/base.html      |   4 +-
 templates/admin/dashboard.html | 152 ++++++++++++++++++++-------------
 templates/admin/users.html     | 108 -----------------------
 templates/base.html            |   2 +-
 tests/conftest.py              |  33 +++++++
 tests/requirements-test.txt    |   4 +
 tests/test_admin_routes.py     | 100 ++++++++++++++++++++++
 12 files changed, 316 insertions(+), 321 deletions(-)
 create mode 100644 pytest.ini
 create mode 100755 run_tests.sh
 create mode 100644 setup.py
 delete mode 100644 templates/admin/users.html
 create mode 100644 tests/conftest.py
 create mode 100644 tests/requirements-test.txt
 create mode 100644 tests/test_admin_routes.py

diff --git a/app.py b/app.py
index 47a4d63..85ac6ab 100644
--- a/app.py
+++ b/app.py
@@ -251,7 +251,9 @@ def create_app():
                 session['is_admin'] = user.is_admin
                 print(f"Login realizado: user_id={user.id}, username={user.username}, is_admin={user.is_admin}")
                 
-                # Redirecionar para home
+                # Redirecionar para admin.dashboard se for admin, senão para home
+                if user.is_admin:
+                    return redirect(url_for("admin.dashboard"))
                 return redirect(url_for("home"))
             finally:
                 db.close()
@@ -1649,136 +1651,6 @@ def create_app():
         finally:
             db.close()
 
-    @app.route('/dashboard_admin')
-    @login_required
-    def dashboard_admin():
-        """Rota para o dashboard administrativo"""
-        if not current_user.is_admin:
-            flash('Você não tem permissão para acessar esta página.', 'danger')
-            return redirect(url_for('home'))
-        
-        db = get_db_connection()
-        try:
-            # Busca usuários
-            usuarios = db.query(Usuario).all()
-            
-            usuarios_data = []
-            for usuario in usuarios:
-                user_data = {
-                    'id': usuario.id,
-                    'username': usuario.username,
-                    'email': usuario.email,
-                    'nome': usuario.username,  # Usar username como fallback
-                    'ativo': usuario.ativo,
-                    'is_admin': usuario.is_admin,
-                    'last_login': usuario.ultimo_login.strftime('%d/%m/%Y %H:%M') if usuario.ultimo_login else 'Nunca',
-                    'nivel': 'Administrador' if usuario.is_admin else 'Usuário'
-                }
-                usuarios_data.append(user_data)
-            
-            return render_template(
-                'dashboard_admin.html',
-                usuarios=usuarios_data
-            )
-        except Exception as e:
-            import traceback
-            print(f"Erro no dashboard_admin: {traceback.format_exc()}")
-            flash('Erro ao carregar dados dos usuários. Por favor, tente novamente.', 'danger')
-            return redirect(url_for('home'))
-        finally:
-            db.close()
-
-    @app.route('/reset_otp/<int:user_id>', methods=['POST'])
-    @login_required
-    def reset_otp(user_id):
-        if not current_user.is_admin:
-            return jsonify({
-                'success': False,
-                'error': 'Você não tem permissão para resetar OTP.'
-            }), 403
-
-        db = get_db_connection()
-        try:
-            usuario = db.query(Usuario).get(user_id)
-            if not usuario:
-                return jsonify({
-                    'success': False,
-                    'error': 'Usuário não encontrado.'
-                }), 404
-
-            usuario.otp_secret = pyotp.random_base32()
-            db.commit()
-            
-            return jsonify({
-                'success': True
-            })
-        except Exception as e:
-            db.rollback()
-            return jsonify({
-                'success': False,
-                'error': str(e)
-            }), 500
-        finally:
-            db.close()
-
-    @app.route('/reset_password/<int:user_id>', methods=['POST'])
-    @login_required
-    def reset_password(user_id):
-        if not current_user.is_admin:
-            return jsonify({
-                'success': False,
-                'error': 'Você não tem permissão para resetar senhas.'
-            }), 403
-
-        db = get_db_connection()
-        try:
-            usuario = db.query(Usuario).get(user_id)
-            if not usuario:
-                return jsonify({
-                    'success': False,
-                    'error': 'Usuário não encontrado.'
-                }), 404
-
-            nova_senha = ''.join(random.choices(string.ascii_letters + string.digits, k=12))
-            usuario.set_password(nova_senha)
-            
-            try:
-                msg = Message(
-                    'Nova Senha - Sistema de Controles',
-                    recipients=[usuario.email]
-                )
-                msg.body = f'''Olá {usuario.nome},
-
-Sua senha foi resetada por um administrador. Sua nova senha é:
-
-{nova_senha}
-
-Por favor, altere esta senha no seu próximo login.
-
-Atenciosamente,
-Sistema de Controles'''
-                
-                mail.send(msg)
-            except Exception as e:
-                print(f"Erro ao enviar email: {str(e)}")
-                return jsonify({
-                    'success': False,
-                    'error': 'Erro ao enviar email com a nova senha.'
-                }), 500
-
-            db.commit()
-            return jsonify({
-                'success': True
-            })
-        except Exception as e:
-            db.rollback()
-            return jsonify({
-                'success': False,
-                'error': str(e)
-            }), 500
-        finally:
-            db.close()
-
     return app
 
 def init_system():
diff --git a/pytest.ini b/pytest.ini
new file mode 100644
index 0000000..69c7848
--- /dev/null
+++ b/pytest.ini
@@ -0,0 +1,5 @@
+[pytest]
+pythonpath = .
+testpaths = tests
+python_files = test_*.py
+addopts = -v --cov=. --cov-report=term-missing 
\ No newline at end of file
diff --git a/routes/admin.py b/routes/admin.py
index f8fda8a..f9631db 100644
--- a/routes/admin.py
+++ b/routes/admin.py
@@ -6,14 +6,28 @@ from sqlalchemy.orm import joinedload
 import pyotp
 from werkzeug.security import generate_password_hash
 import secrets
+from functools import wraps
+from sqlalchemy.exc import SQLAlchemyError
+import logging
+
+logger = logging.getLogger(__name__)
 
 admin_bp = Blueprint('admin', __name__, url_prefix='/admin')
 
+def admin_required(f):
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        if not current_user.is_admin:
+            flash('Acesso não autorizado.', 'danger')
+            return redirect(url_for('main.index'))
+        return f(*args, **kwargs)
+    return decorated_function
+
 @admin_bp.route('/')
 @login_required
-@require_role('ADMIN')
+@admin_required
 def dashboard():
-    """Dashboard principal da área administrativa"""
+    """Dashboard principal da área administrativa com lista de usuários"""
     db = get_db_connection()
     try:
         # Carregar estatísticas relevantes
@@ -21,27 +35,27 @@ def dashboard():
         active_users = db.query(Usuario).filter(Usuario.is_active == True).count()
         inactive_users = total_users - active_users
         
-        return render_template(
-            'admin/dashboard.html',
-            total_users=total_users,
-            active_users=active_users,
-            inactive_users=inactive_users
-        )
-    finally:
-        db.close()
-
-@admin_bp.route('/users')
-@login_required
-@require_role('ADMIN')
-def list_users():
-    """Lista todos os usuários do sistema"""
-    db = get_db_connection()
-    try:
+        # Carregar lista de usuários
         users = db.query(Usuario).options(
             joinedload(Usuario.roles),
             joinedload(Usuario.militante)
         ).all()
-        return render_template('admin/users.html', users=users)
+        
+        return render_template(
+            'admin/dashboard.html',
+            total_users=total_users,
+            active_users=active_users,
+            inactive_users=inactive_users,
+            users=users
+        )
+    except SQLAlchemyError as e:
+        logger.error(f"Erro ao buscar dados do dashboard: {str(e)}")
+        flash('Erro ao carregar dados. Por favor, tente novamente.', 'danger')
+        return render_template('admin/dashboard.html',
+                            total_users=0,
+                            active_users=0,
+                            inactive_users=0,
+                            users=[])
     finally:
         db.close()
 
@@ -55,14 +69,14 @@ def reset_user_otp(user_id):
         user = db.query(Usuario).get(user_id)
         if not user:
             flash('Usuário não encontrado.', 'danger')
-            return redirect(url_for('admin.list_users'))
+            return redirect(url_for('admin.dashboard'))
         
         # Gerar novo segredo OTP
         user.otp_secret = pyotp.random_base32()
         db.commit()
         
         flash(f'OTP resetado com sucesso para {user.email}.', 'success')
-        return redirect(url_for('admin.list_users'))
+        return redirect(url_for('admin.dashboard'))
     finally:
         db.close()
 
@@ -76,7 +90,7 @@ def reset_user_password(user_id):
         user = db.query(Usuario).get(user_id)
         if not user:
             flash('Usuário não encontrado.', 'danger')
-            return redirect(url_for('admin.list_users'))
+            return redirect(url_for('admin.dashboard'))
         
         # Gerar nova senha aleatória
         new_password = secrets.token_urlsafe(8)
@@ -84,7 +98,7 @@ def reset_user_password(user_id):
         db.commit()
         
         flash(f'Senha resetada com sucesso. Nova senha: {new_password}', 'success')
-        return redirect(url_for('admin.list_users'))
+        return redirect(url_for('admin.dashboard'))
     finally:
         db.close()
 
diff --git a/run_tests.sh b/run_tests.sh
new file mode 100755
index 0000000..ec4df49
--- /dev/null
+++ b/run_tests.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+# Criar e ativar ambiente virtual
+python -m venv venv
+source venv/bin/activate
+
+# Instalar dependências de teste
+pip install -r tests/requirements-test.txt
+
+# Instalar o projeto em modo de desenvolvimento
+pip install -e .
+
+# Executar testes
+python -m pytest
+
+# Desativar ambiente virtual
+deactivate 
\ No newline at end of file
diff --git a/setup.py b/setup.py
new file mode 100644
index 0000000..546c895
--- /dev/null
+++ b/setup.py
@@ -0,0 +1,18 @@
+from setuptools import setup, find_packages
+
+setup(
+    name="controles",
+    version="0.1",
+    packages=find_packages(),
+    include_package_data=True,
+    install_requires=[
+        'flask',
+        'flask-login',
+        'flask-sqlalchemy',
+        'flask-wtf',
+        'flask-mail',
+        'python-dotenv',
+        'pyotp',
+        'qrcode',
+    ],
+) 
\ No newline at end of file
diff --git a/templates/admin/base.html b/templates/admin/base.html
index 045cf14..5d4e3d5 100644
--- a/templates/admin/base.html
+++ b/templates/admin/base.html
@@ -97,4 +97,6 @@ main {
     }
 }
 </style>
-{% endblock %} 
\ No newline at end of file
+{% endblock %}
+
+{% block extra_scripts %}{% endblock %} 
\ No newline at end of file
diff --git a/templates/admin/dashboard.html b/templates/admin/dashboard.html
index fa305e4..9931243 100644
--- a/templates/admin/dashboard.html
+++ b/templates/admin/dashboard.html
@@ -1,79 +1,117 @@
 {% extends "admin/base.html" %}
 
-{% block admin_title %}Dashboard Administrativo{% endblock %}
+{% block title %}Dashboard Administrativo{% endblock %}
 
-{% block admin_content %}
-<div class="row">
-    <!-- Card de Total de Usuários -->
-    <div class="col-xl-3 col-md-6 mb-4">
-        <div class="card border-left-primary shadow h-100 py-2">
+{% block content %}
+<div class="row mb-4">
+    <div class="col-md-4">
+        <div class="card">
             <div class="card-body">
-                <div class="row no-gutters align-items-center">
-                    <div class="col mr-2">
-                        <div class="text-xs font-weight-bold text-primary text-uppercase mb-1">
-                            Total de Usuários</div>
-                        <div class="h5 mb-0 font-weight-bold text-gray-800">{{ total_users }}</div>
-                    </div>
-                    <div class="col-auto">
-                        <i class="fas fa-users fa-2x text-gray-300"></i>
-                    </div>
-                </div>
+                <h5 class="card-title">Total de Usuários</h5>
+                <p class="card-text display-4">{{ total_users }}</p>
+                <i class="fas fa-users fa-2x text-primary"></i>
             </div>
         </div>
     </div>
-
-    <!-- Card de Usuários Ativos -->
-    <div class="col-xl-3 col-md-6 mb-4">
-        <div class="card border-left-success shadow h-100 py-2">
+    <div class="col-md-4">
+        <div class="card">
             <div class="card-body">
-                <div class="row no-gutters align-items-center">
-                    <div class="col mr-2">
-                        <div class="text-xs font-weight-bold text-success text-uppercase mb-1">
-                            Usuários Ativos</div>
-                        <div class="h5 mb-0 font-weight-bold text-gray-800">{{ active_users }}</div>
-                    </div>
-                    <div class="col-auto">
-                        <i class="fas fa-user-check fa-2x text-gray-300"></i>
-                    </div>
-                </div>
+                <h5 class="card-title">Usuários Ativos</h5>
+                <p class="card-text display-4">{{ active_users }}</p>
+                <i class="fas fa-user-check fa-2x text-success"></i>
             </div>
         </div>
     </div>
-
-    <!-- Card de Usuários Inativos -->
-    <div class="col-xl-3 col-md-6 mb-4">
-        <div class="card border-left-warning shadow h-100 py-2">
+    <div class="col-md-4">
+        <div class="card">
             <div class="card-body">
-                <div class="row no-gutters align-items-center">
-                    <div class="col mr-2">
-                        <div class="text-xs font-weight-bold text-warning text-uppercase mb-1">
-                            Usuários Inativos</div>
-                        <div class="h5 mb-0 font-weight-bold text-gray-800">{{ inactive_users }}</div>
-                    </div>
-                    <div class="col-auto">
-                        <i class="fas fa-user-times fa-2x text-gray-300"></i>
-                    </div>
-                </div>
+                <h5 class="card-title">Usuários Inativos</h5>
+                <p class="card-text display-4">{{ inactive_users }}</p>
+                <i class="fas fa-user-times fa-2x text-danger"></i>
             </div>
         </div>
     </div>
 </div>
 
-<!-- Ações Rápidas -->
-<div class="row mt-4">
-    <div class="col-12">
-        <div class="card shadow mb-4">
-            <div class="card-header py-3">
-                <h6 class="m-0 font-weight-bold text-primary">Ações Rápidas</h6>
-            </div>
-            <div class="card-body">
-                <a href="{{ url_for('admin.list_users') }}" class="btn btn-primary me-2">
-                    <i class="fas fa-users me-1"></i>
-                    Gerenciar Usuários
-                </a>
-            </div>
+<div class="card">
+    <div class="card-header">
+        <h5 class="mb-0">Gerenciamento de Usuários</h5>
+    </div>
+    <div class="card-body">
+        <div class="table-responsive">
+            <table id="users-table" class="table table-striped">
+                <thead>
+                    <tr>
+                        <th>Email</th>
+                        <th>Nome</th>
+                        <th>Status</th>
+                        <th>Último Login</th>
+                        <th>Ações</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    {% for user in users %}
+                    <tr>
+                        <td>{{ user.email }}</td>
+                        <td>{{ user.name }}</td>
+                        <td>
+                            <span class="badge {% if user.is_active %}bg-success{% else %}bg-danger{% endif %}">
+                                {{ "Ativo" if user.is_active else "Inativo" }}
+                            </span>
+                        </td>
+                        <td>{{ user.last_login.strftime('%d/%m/%Y %H:%M') if user.last_login else 'Nunca' }}</td>
+                        <td>
+                            <form action="{{ url_for('admin.reset_user_otp', user_id=user.id) }}" method="post" class="d-inline">
+                                <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+                                <button type="submit" class="btn btn-warning btn-sm" onclick="return confirm('Confirma o reset do OTP deste usuário?')">
+                                    <i class="fas fa-key"></i> Reset OTP
+                                </button>
+                            </form>
+                            <form action="{{ url_for('admin.reset_user_password', user_id=user.id) }}" method="post" class="d-inline">
+                                <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+                                <button type="submit" class="btn btn-info btn-sm" onclick="return confirm('Confirma o reset da senha deste usuário?')">
+                                    <i class="fas fa-lock"></i> Reset Senha
+                                </button>
+                            </form>
+                            <button onclick="toggleUserStatus({{ user.id }})" class="btn btn-{% if user.is_active %}danger{% else %}success{% endif %} btn-sm">
+                                <i class="fas fa-{% if user.is_active %}user-times{% else %}user-check{% endif %}"></i>
+                                {{ "Desativar" if user.is_active else "Ativar" }}
+                            </button>
+                        </td>
+                    </tr>
+                    {% endfor %}
+                </tbody>
+            </table>
         </div>
     </div>
 </div>
+{% endblock %}
 
+{% block extra_js %}
+<script>
+function toggleUserStatus(userId) {
+    if (confirm('Deseja alterar o status deste usuário?')) {
+        fetch(`/admin/users/${userId}/toggle-status`, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'X-CSRFToken': '{{ csrf_token() }}'
+            }
+        }).then(response => {
+            if (response.ok) {
+                window.location.reload();
+            }
+        });
+    }
+}
+
+$(document).ready(function() {
+    $('#users-table').DataTable({
+        language: {
+            url: '//cdn.datatables.net/plug-ins/1.13.7/i18n/pt-BR.json'
+        },
+        order: [[1, 'asc']]
+    });
+});
+</script>
 {% endblock %} 
\ No newline at end of file
diff --git a/templates/admin/users.html b/templates/admin/users.html
deleted file mode 100644
index c3c6096..0000000
--- a/templates/admin/users.html
+++ /dev/null
@@ -1,108 +0,0 @@
-{% extends "admin/base.html" %}
-
-{% block admin_title %}Gerenciamento de Usuários{% endblock %}
-
-{% block admin_content %}
-<div class="card shadow mb-4">
-    <div class="card-header py-3">
-        <h6 class="m-0 font-weight-bold text-primary">Lista de Usuários</h6>
-    </div>
-    <div class="card-body">
-        <div class="table-responsive">
-            <table class="table table-bordered" id="usersTable" width="100%" cellspacing="0">
-                <thead>
-                    <tr>
-                        <th>Email</th>
-                        <th>Nome</th>
-                        <th>Status</th>
-                        <th>Último Login</th>
-                        <th>Ações</th>
-                    </tr>
-                </thead>
-                <tbody>
-                    {% for user in users %}
-                    <tr>
-                        <td>{{ user.email }}</td>
-                        <td>{{ user.militante.nome if user.militante else 'N/A' }}</td>
-                        <td>
-                            <span class="badge {% if user.is_active %}bg-success{% else %}bg-danger{% endif %}">
-                                {{ 'Ativo' if user.is_active else 'Inativo' }}
-                            </span>
-                        </td>
-                        <td>{{ user.ultimo_login.strftime('%d/%m/%Y %H:%M') if user.ultimo_login else 'Nunca' }}</td>
-                        <td>
-                            <div class="btn-group" role="group">
-                                <!-- Botão de Reset OTP -->
-                                <form action="{{ url_for('admin.reset_user_otp', user_id=user.id) }}" method="POST" class="d-inline">
-                                    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
-                                    <button type="submit" class="btn btn-warning btn-sm" title="Resetar OTP"
-                                            onclick="return confirm('Tem certeza que deseja resetar o OTP deste usuário?')">
-                                        <i class="fas fa-key"></i>
-                                    </button>
-                                </form>
-
-                                <!-- Botão de Reset Senha -->
-                                <form action="{{ url_for('admin.reset_user_password', user_id=user.id) }}" method="POST" class="d-inline ms-1">
-                                    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
-                                    <button type="submit" class="btn btn-danger btn-sm" title="Resetar Senha"
-                                            onclick="return confirm('Tem certeza que deseja resetar a senha deste usuário?')">
-                                        <i class="fas fa-lock"></i>
-                                    </button>
-                                </form>
-
-                                <!-- Botão de Ativar/Desativar -->
-                                <button class="btn btn-primary btn-sm ms-1" title="{{ 'Desativar' if user.is_active else 'Ativar' }} Usuário"
-                                        onclick="toggleUserStatus({{ user.id }})">
-                                    <i class="fas {% if user.is_active %}fa-user-times{% else %}fa-user-check{% endif %}"></i>
-                                </button>
-                            </div>
-                        </td>
-                    </tr>
-                    {% endfor %}
-                </tbody>
-            </table>
-        </div>
-    </div>
-</div>
-{% endblock %}
-
-{% block extra_js %}
-<script>
-function toggleUserStatus(userId) {
-    if (!confirm('Tem certeza que deseja alterar o status deste usuário?')) {
-        return;
-    }
-
-    fetch(`/admin/users/${userId}/toggle-status`, {
-        method: 'POST',
-        headers: {
-            'Content-Type': 'application/json',
-            'X-CSRFToken': '{{ csrf_token() }}'
-        }
-    })
-    .then(response => response.json())
-    .then(data => {
-        if (data.success) {
-            // Recarregar a página para mostrar as mudanças
-            location.reload();
-        } else {
-            alert(data.message || 'Erro ao alterar status do usuário');
-        }
-    })
-    .catch(error => {
-        console.error('Error:', error);
-        alert('Erro ao alterar status do usuário');
-    });
-}
-
-// Inicializar DataTable
-$(document).ready(function() {
-    $('#usersTable').DataTable({
-        language: {
-            url: '//cdn.datatables.net/plug-ins/1.10.24/i18n/Portuguese-Brasil.json'
-        },
-        order: [[1, 'asc']]
-    });
-});
-</script>
-{% endblock %} 
\ No newline at end of file
diff --git a/templates/base.html b/templates/base.html
index c938f5b..778505d 100644
--- a/templates/base.html
+++ b/templates/base.html
@@ -600,7 +600,7 @@
                                 </a>
                             </li>
                             <li>
-                                <a class="dropdown-item" href="{{ url_for('dashboard_admin') }}">
+                                <a class="dropdown-item" href="{{ url_for('admin.dashboard') }}">
                                     <i class="fas fa-cog fa fa-cog fa-solid fa-cog" style="display: inline-block !important; visibility: visible !important;"></i>Administração
                                 </a>
                             </li>
diff --git a/tests/conftest.py b/tests/conftest.py
new file mode 100644
index 0000000..ffbd6c3
--- /dev/null
+++ b/tests/conftest.py
@@ -0,0 +1,33 @@
+import pytest
+from app import create_app
+from functions.database import init_database, get_db_connection
+
+@pytest.fixture
+def app():
+    """Cria uma instância do app para testes"""
+    app = create_app()
+    app.config['TESTING'] = True
+    app.config['WTF_CSRF_ENABLED'] = False
+    
+    # Inicializar banco de dados de teste
+    init_database()
+    
+    yield app
+    
+    # Limpar banco após os testes
+    db = get_db_connection()
+    try:
+        db.execute('DROP TABLE IF EXISTS usuarios CASCADE')
+        db.commit()
+    finally:
+        db.close()
+
+@pytest.fixture
+def client(app):
+    """Cria um cliente de teste"""
+    return app.test_client()
+
+@pytest.fixture
+def runner(app):
+    """Cria um runner de CLI para testes"""
+    return app.test_cli_runner() 
\ No newline at end of file
diff --git a/tests/requirements-test.txt b/tests/requirements-test.txt
new file mode 100644
index 0000000..af2c56c
--- /dev/null
+++ b/tests/requirements-test.txt
@@ -0,0 +1,4 @@
+pytest==7.4.3
+pytest-cov==4.1.0
+pytest-flask==1.3.0
+coverage==7.3.2 
\ No newline at end of file
diff --git a/tests/test_admin_routes.py b/tests/test_admin_routes.py
new file mode 100644
index 0000000..5e897aa
--- /dev/null
+++ b/tests/test_admin_routes.py
@@ -0,0 +1,100 @@
+import pytest
+from flask import url_for
+from functions.database import Usuario, get_db_connection
+from werkzeug.security import generate_password_hash
+import json
+
+@pytest.fixture
+def admin_user(client):
+    """Fixture que cria um usuário admin para testes"""
+    db = get_db_connection()
+    try:
+        admin = Usuario(
+            username='admin_test',
+            email='admin@test.com',
+            password_hash=generate_password_hash('admin123'),
+            is_admin=True,
+            is_active=True
+        )
+        db.add(admin)
+        db.commit()
+        return admin
+    finally:
+        db.close()
+
+@pytest.fixture
+def auth_admin_client(client, admin_user):
+    """Fixture que retorna um cliente autenticado como admin"""
+    client.post('/login', data={
+        'email': 'admin@test.com',
+        'password': 'admin123'
+    })
+    return client
+
+def test_dashboard_access_sem_login(client):
+    """Testa acesso ao dashboard sem login"""
+    response = client.get('/admin/')
+    assert response.status_code == 302
+    assert '/login' in response.headers['Location']
+
+def test_dashboard_access_com_login(auth_admin_client):
+    """Testa acesso ao dashboard com login de admin"""
+    response = auth_admin_client.get('/admin/')
+    assert response.status_code == 200
+    assert b'Dashboard Administrativo' in response.data
+
+def test_lista_usuarios(auth_admin_client):
+    """Testa listagem de usuários"""
+    response = auth_admin_client.get('/admin/users')
+    assert response.status_code == 200
+    assert b'Lista de' in response.data
+    assert b'admin_test' in response.data
+
+def test_reset_otp(auth_admin_client, admin_user):
+    """Testa reset de OTP"""
+    response = auth_admin_client.post(f'/admin/users/{admin_user.id}/reset-otp')
+    assert response.status_code == 302
+    assert 'success' in response.headers['Location']
+
+def test_reset_password(auth_admin_client, admin_user):
+    """Testa reset de senha"""
+    response = auth_admin_client.post(f'/admin/users/{admin_user.id}/reset-password')
+    assert response.status_code == 302
+    assert 'success' in response.headers['Location']
+
+def test_toggle_status(auth_admin_client, admin_user):
+    """Testa alteração de status do usuário"""
+    response = auth_admin_client.post(
+        f'/admin/users/{admin_user.id}/toggle-status',
+        headers={'Content-Type': 'application/json'}
+    )
+    data = json.loads(response.data)
+    assert response.status_code == 200
+    assert data['success'] is True
+
+def test_acesso_nao_admin(client):
+    """Testa acesso de usuário não admin"""
+    db = get_db_connection()
+    try:
+        # Criar usuário normal
+        user = Usuario(
+            username='normal_user',
+            email='user@test.com',
+            password_hash=generate_password_hash('user123'),
+            is_admin=False,
+            is_active=True
+        )
+        db.add(user)
+        db.commit()
+
+        # Login
+        client.post('/login', data={
+            'email': 'user@test.com',
+            'password': 'user123'
+        })
+
+        # Tentar acessar área admin
+        response = client.get('/admin/')
+        assert response.status_code == 403
+    finally:
+        db.close() 
\ No newline at end of file

From 8255f1d93312032609639f044011b9e2e68323d2 Mon Sep 17 00:00:00 2001
From: andersonid <nobre.it@gmail.com>
Date: Tue, 15 Apr 2025 15:09:03 -0300
Subject: [PATCH 7/9] =?UTF-8?q?feat(#11):=20Adiciona=20m=C3=B3dulo=20creat?=
 =?UTF-8?q?e=5Ftest=5Fusers?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 app.py                         |   4 +-
 create_test_users.py           |  56 ++++++++
 routes/admin.py                |  16 ++-
 templates/admin/dashboard.html | 250 ++++++++++++++++++++++++---------
 4 files changed, 246 insertions(+), 80 deletions(-)
 create mode 100644 create_test_users.py

diff --git a/app.py b/app.py
index 85ac6ab..64bc675 100644
--- a/app.py
+++ b/app.py
@@ -251,9 +251,7 @@ def create_app():
                 session['is_admin'] = user.is_admin
                 print(f"Login realizado: user_id={user.id}, username={user.username}, is_admin={user.is_admin}")
                 
-                # Redirecionar para admin.dashboard se for admin, senão para home
-                if user.is_admin:
-                    return redirect(url_for("admin.dashboard"))
+                # Redirecionar para home
                 return redirect(url_for("home"))
             finally:
                 db.close()
diff --git a/create_test_users.py b/create_test_users.py
new file mode 100644
index 0000000..5774f8c
--- /dev/null
+++ b/create_test_users.py
@@ -0,0 +1,56 @@
+from functions.database import get_db_connection, Usuario, Role
+from werkzeug.security import generate_password_hash
+
+def create_test_users():
+    """Cria usuários de teste"""
+    db = get_db_connection()
+    try:
+        # Lista de usuários de teste
+        test_users = [
+            {
+                'username': 'aligner',
+                'email': 'aligner@test.com',
+                'password': 'Test123!@#',
+                'is_admin': False
+            },
+            {
+                'username': 'tester',
+                'email': 'tester@test.com', 
+                'password': 'Test123!@#',
+                'is_admin': False
+            },
+            {
+                'username': 'deployer',
+                'email': 'deployer@test.com',
+                'password': 'Test123!@#',
+                'is_admin': False
+            }
+        ]
+
+        # Criar cada usuário
+        for user_data in test_users:
+            user = db.query(Usuario).filter_by(username=user_data['username']).first()
+            
+            if not user:
+                user = Usuario(
+                    username=user_data['username'],
+                    email=user_data['email'],
+                    is_admin=user_data['is_admin']
+                )
+                user.set_password(user_data['password'])
+                db.add(user)
+                print(f"Usuário {user_data['username']} criado")
+            else:
+                print(f"Usuário {user_data['username']} já existe")
+
+        db.commit()
+        print("Usuários de teste criados com sucesso")
+
+    except Exception as e:
+        print(f"Erro ao criar usuários de teste: {str(e)}")
+        db.rollback()
+    finally:
+        db.close()
+
+if __name__ == "__main__":
+    create_test_users() 
\ No newline at end of file
diff --git a/routes/admin.py b/routes/admin.py
index f9631db..232e307 100644
--- a/routes/admin.py
+++ b/routes/admin.py
@@ -9,6 +9,7 @@ import secrets
 from functools import wraps
 from sqlalchemy.exc import SQLAlchemyError
 import logging
+from datetime import datetime
 
 logger = logging.getLogger(__name__)
 
@@ -30,6 +31,8 @@ def dashboard():
     """Dashboard principal da área administrativa com lista de usuários"""
     db = get_db_connection()
     try:
+        now = datetime.now()
+        
         # Carregar estatísticas relevantes
         total_users = db.query(Usuario).count()
         active_users = db.query(Usuario).filter(Usuario.is_active == True).count()
@@ -46,7 +49,8 @@ def dashboard():
             total_users=total_users,
             active_users=active_users,
             inactive_users=inactive_users,
-            users=users
+            users=users,
+            now=now
         )
     except SQLAlchemyError as e:
         logger.error(f"Erro ao buscar dados do dashboard: {str(e)}")
@@ -111,16 +115,14 @@ def toggle_user_status(user_id):
     try:
         user = db.query(Usuario).get(user_id)
         if not user:
-            return jsonify({'success': False, 'message': 'Usuário não encontrado.'})
+            flash('Usuário não encontrado.', 'danger')
+            return redirect(url_for('admin.dashboard'))
         
         user.is_active = not user.is_active
         db.commit()
         
         status = 'ativado' if user.is_active else 'desativado'
-        return jsonify({
-            'success': True,
-            'message': f'Usuário {status} com sucesso.',
-            'new_status': user.is_active
-        })
+        flash(f'Usuário {status} com sucesso.', 'success')
+        return redirect(url_for('admin.dashboard'))
     finally:
         db.close() 
\ No newline at end of file
diff --git a/templates/admin/dashboard.html b/templates/admin/dashboard.html
index 9931243..1ce3ae5 100644
--- a/templates/admin/dashboard.html
+++ b/templates/admin/dashboard.html
@@ -2,115 +2,225 @@
 
 {% block title %}Dashboard Administrativo{% endblock %}
 
+{% block extra_css %}
+<style>
+.card {
+    border: none;
+    border-radius: 12px;
+    box-shadow: 0 4px 12px rgba(0,0,0,0.05);
+    transition: all 0.3s ease;
+    overflow: hidden;
+}
+
+.card:hover {
+    transform: translateY(-5px);
+    box-shadow: 0 8px 24px rgba(0,0,0,0.1);
+}
+
+.bg-primary {
+    background: linear-gradient(135deg, #0d6efd, #0a58ca) !important;
+}
+
+.bg-success {
+    background: linear-gradient(135deg, #198754, #146c43) !important;
+}
+
+.bg-danger {
+    background: linear-gradient(135deg, #dc3545, #b02a37) !important;
+}
+
+.card .opacity-50 {
+    opacity: 0.2 !important;
+    transition: all 0.3s ease;
+}
+
+.card:hover .opacity-50 {
+    opacity: 0.3 !important;
+    transform: scale(1.1);
+}
+
+.card-title {
+    font-size: 0.9rem;
+    font-weight: 600;
+    margin-bottom: 1rem;
+    text-transform: uppercase;
+    color: rgba(255,255,255,0.8);
+}
+
+.display-4 {
+    font-size: 2.5rem;
+    font-weight: 600;
+    margin: 0.5rem 0;
+}
+
+.btn-group {
+    gap: 0.25rem;
+}
+
+/* Estilo da lista de usuários */
+.card.lista-usuarios {
+    border-radius: 0;
+    box-shadow: none;
+    transition: none;
+    border: 1px solid #dee2e6;
+}
+
+.card.lista-usuarios:hover {
+    transform: none;
+    box-shadow: none;
+}
+
+.card.lista-usuarios .card-header {
+    background: linear-gradient(to right, var(--secondary-dark), var(--secondary-color));
+    color: white;
+    border: none;
+    padding: 1rem 1.5rem;
+}
+
+.card.lista-usuarios .card-header h5 {
+    margin: 0;
+    font-size: 1.1rem;
+    font-weight: 500;
+}
+
+.card.lista-usuarios .table {
+    margin-bottom: 0;
+}
+
+.card.lista-usuarios .table th {
+    border-top: none;
+    font-weight: 600;
+    padding: 1rem;
+    background-color: #f8f9fa;
+}
+
+.card.lista-usuarios .table td {
+    padding: 1rem;
+    vertical-align: middle;
+}
+
+.card.lista-usuarios .badge {
+    padding: 0.5em 0.8em;
+    font-weight: 500;
+}
+
+.btn-group .btn {
+    padding: 0.375rem 0.75rem;
+    font-size: 0.875rem;
+}
+</style>
+{% endblock %}
+
 {% block content %}
+<h2 class="mb-4">
+    <i class="fas fa-users-cog"></i> 
+    Administração de Usuários
+</h2>
+
 <div class="row mb-4">
     <div class="col-md-4">
-        <div class="card">
+        <div class="card bg-primary text-white">
             <div class="card-body">
-                <h5 class="card-title">Total de Usuários</h5>
-                <p class="card-text display-4">{{ total_users }}</p>
-                <i class="fas fa-users fa-2x text-primary"></i>
+                <h5 class="card-title text-uppercase">Total de Usuários</h5>
+                <div class="d-flex justify-content-between align-items-center">
+                    <h2 class="display-4 mb-0">{{ total_users }}</h2>
+                    <i class="fas fa-users fa-3x opacity-50"></i>
+                </div>
             </div>
         </div>
     </div>
     <div class="col-md-4">
-        <div class="card">
+        <div class="card bg-success text-white">
             <div class="card-body">
-                <h5 class="card-title">Usuários Ativos</h5>
-                <p class="card-text display-4">{{ active_users }}</p>
-                <i class="fas fa-user-check fa-2x text-success"></i>
+                <h5 class="card-title text-uppercase">Usuários Ativos</h5>
+                <div class="d-flex justify-content-between align-items-center">
+                    <h2 class="display-4 mb-0">{{ active_users }}</h2>
+                    <i class="fas fa-user-check fa-3x opacity-50"></i>
+                </div>
             </div>
         </div>
     </div>
     <div class="col-md-4">
-        <div class="card">
+        <div class="card bg-danger text-white">
             <div class="card-body">
-                <h5 class="card-title">Usuários Inativos</h5>
-                <p class="card-text display-4">{{ inactive_users }}</p>
-                <i class="fas fa-user-times fa-2x text-danger"></i>
+                <h5 class="card-title text-uppercase">Usuários Inativos</h5>
+                <div class="d-flex justify-content-between align-items-center">
+                    <h2 class="display-4 mb-0">{{ inactive_users }}</h2>
+                    <i class="fas fa-user-times fa-3x opacity-50"></i>
+                </div>
             </div>
         </div>
     </div>
 </div>
 
-<div class="card">
-    <div class="card-header">
-        <h5 class="mb-0">Gerenciamento de Usuários</h5>
+<div class="card lista-usuarios">
+    <div class="card-header d-flex justify-content-between align-items-center">
+        <h5 class="mb-0">
+            <i class="fas fa-users me-2"></i>
+            Lista de Usuários
+        </h5>
     </div>
-    <div class="card-body">
-        <div class="table-responsive">
-            <table id="users-table" class="table table-striped">
-                <thead>
-                    <tr>
-                        <th>Email</th>
-                        <th>Nome</th>
-                        <th>Status</th>
-                        <th>Último Login</th>
-                        <th>Ações</th>
-                    </tr>
-                </thead>
-                <tbody>
-                    {% for user in users %}
-                    <tr>
-                        <td>{{ user.email }}</td>
-                        <td>{{ user.name }}</td>
-                        <td>
-                            <span class="badge {% if user.is_active %}bg-success{% else %}bg-danger{% endif %}">
-                                {{ "Ativo" if user.is_active else "Inativo" }}
-                            </span>
-                        </td>
-                        <td>{{ user.last_login.strftime('%d/%m/%Y %H:%M') if user.last_login else 'Nunca' }}</td>
-                        <td>
+    <div class="card-body p-0">
+        <table id="users-table" class="table table-striped table-hover">
+            <thead>
+                <tr>
+                    <th>Nome</th>
+                    <th>Email</th>
+                    <th>Status</th>
+                    <th>Último Login</th>
+                    <th>Ações</th>
+                </tr>
+            </thead>
+            <tbody>
+                {% for user in users %}
+                <tr>
+                    <td>{{ user.name }}</td>
+                    <td>{{ user.email }}</td>
+                    <td>
+                        <span class="badge {% if user.is_active %}bg-success{% else %}bg-danger{% endif %}">
+                            {{ "Ativo" if user.is_active else "Inativo" }}
+                        </span>
+                    </td>
+                    <td>{{ user.last_login.strftime('%d/%m/%Y %H:%M') if user.last_login else 'Nunca' }}</td>
+                    <td>
+                        <div class="btn-group">
                             <form action="{{ url_for('admin.reset_user_otp', user_id=user.id) }}" method="post" class="d-inline">
                                 <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
-                                <button type="submit" class="btn btn-warning btn-sm" onclick="return confirm('Confirma o reset do OTP deste usuário?')">
-                                    <i class="fas fa-key"></i> Reset OTP
+                                <button type="submit" class="btn btn-warning btn-sm" title="Reset OTP" onclick="return confirm('Confirma o reset do OTP deste usuário?')">
+                                    <i class="fas fa-key"></i>
                                 </button>
                             </form>
                             <form action="{{ url_for('admin.reset_user_password', user_id=user.id) }}" method="post" class="d-inline">
                                 <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
-                                <button type="submit" class="btn btn-info btn-sm" onclick="return confirm('Confirma o reset da senha deste usuário?')">
-                                    <i class="fas fa-lock"></i> Reset Senha
+                                <button type="submit" class="btn btn-info btn-sm" title="Reset Senha" onclick="return confirm('Confirma o reset da senha deste usuário?')">
+                                    <i class="fas fa-lock"></i>
                                 </button>
                             </form>
-                            <button onclick="toggleUserStatus({{ user.id }})" class="btn btn-{% if user.is_active %}danger{% else %}success{% endif %} btn-sm">
-                                <i class="fas fa-{% if user.is_active %}user-times{% else %}user-check{% endif %}"></i>
-                                {{ "Desativar" if user.is_active else "Ativar" }}
-                            </button>
-                        </td>
-                    </tr>
-                    {% endfor %}
-                </tbody>
-            </table>
-        </div>
+                            <form action="{{ url_for('admin.toggle_user_status', user_id=user.id) }}" method="post" class="d-inline">
+                                <input type="hidden" name="csrf_token" value="{{ csrf_token() }}">
+                                <button type="submit" class="btn btn-{{ 'danger' if user.is_active else 'success' }} btn-sm" title="{{ 'Desativar' if user.is_active else 'Ativar' }} Usuário">
+                                    <i class="fas fa-{{ 'user-times' if user.is_active else 'user-check' }}"></i>
+                                </button>
+                            </form>
+                        </div>
+                    </td>
+                </tr>
+                {% endfor %}
+            </tbody>
+        </table>
     </div>
 </div>
 {% endblock %}
 
 {% block extra_js %}
 <script>
-function toggleUserStatus(userId) {
-    if (confirm('Deseja alterar o status deste usuário?')) {
-        fetch(`/admin/users/${userId}/toggle-status`, {
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                'X-CSRFToken': '{{ csrf_token() }}'
-            }
-        }).then(response => {
-            if (response.ok) {
-                window.location.reload();
-            }
-        });
-    }
-}
-
 $(document).ready(function() {
     $('#users-table').DataTable({
         language: {
             url: '//cdn.datatables.net/plug-ins/1.13.7/i18n/pt-BR.json'
         },
-        order: [[1, 'asc']]
+        order: [[0, 'asc']],
+        pageLength: 25
     });
 });
 </script>

From e6057cd5661efb0297b907d634204a8b8f9e7972 Mon Sep 17 00:00:00 2001
From: andersonid <nobre.it@gmail.com>
Date: Tue, 15 Apr 2025 15:10:21 -0300
Subject: [PATCH 8/9] =?UTF-8?q?fix(#11):=20Corrige=20inicializa=C3=A7?=
 =?UTF-8?q?=C3=A3o=20do=20sistema=20para=20n=C3=A3o=20recriar=20usu=C3=A1r?=
 =?UTF-8?q?ios=20a=20cada=20execu=C3=A7=C3=A3o?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Makefile |  5 ++++-
 app.py   | 19 ++++++++++---------
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/Makefile b/Makefile
index a9a5333..9292d78 100644
--- a/Makefile
+++ b/Makefile
@@ -11,10 +11,13 @@ init-db: clean
 seed: init-db
 	python seed.py
 
+init:
+	python app.py --init
+
 run:
 	python app.py
 
-run-with-seed: seed run
+run-with-seed: seed init run
 
 reset-admin: clean
 	python create_admin.py
diff --git a/app.py b/app.py
index 64bc675..e50bb1f 100644
--- a/app.py
+++ b/app.py
@@ -52,6 +52,7 @@ from flask_wtf.csrf import CSRFProtect
 import json
 from utils.date_utils import validar_data, converter_data, validar_sequencia_datas, calcular_idade
 from routes.admin import admin_bp  # Importar o blueprint administrativo
+import sys
 
 load_dotenv()
 
@@ -1713,18 +1714,18 @@ def init_system():
 def main():
     # Criar a aplicação
     app = create_app()
-    
-    # Inicializar o sistema
-    init_system()
-    
     return app
 
 # Criar a aplicação usando a função main
 app = main()
 
 if __name__ == '__main__':
-    app.run(
-        host='0.0.0.0',
-        port=5000,
-        debug=os.getenv('FLASK_ENV') == 'development'
-    )
+    # Verificar se é para inicializar o sistema
+    if '--init' in sys.argv:
+        init_system()
+    else:
+        app.run(
+            host='0.0.0.0',
+            port=5000,
+            debug=os.getenv('FLASK_ENV') == 'development'
+        )

From 2da8dec63fcbcb4069bbc94fee6a6fde9e4b9db3 Mon Sep 17 00:00:00 2001
From: andersonid <nobre.it@gmail.com>
Date: Fri, 25 Apr 2025 18:29:59 -0300
Subject: [PATCH 9/9] =?UTF-8?q?Primeira=20parte=20da=20tela=20de=20adminis?=
 =?UTF-8?q?tra=C3=A7=C3=A3o=20de=20usu=C3=A1rios=20do=20sistema.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit