poprawki i zmiany ux

2026-03-26 09:30:39 +01:00
parent fd0f645251
commit 138059945e
28 changed files with 1000 additions and 225 deletions
--- a/backend/app/services/auth.py
+++ b/backend/app/services/auth.py
@@ -55,9 +55,9 @@ class AuthService:
            self._login_legacy_user(username, password)
        else:
            if not user.is_active:
-                raise ValueError("Konto jest nieaktywne")
+                raise ValueError("Account is inactive")
            if not check_password_hash(user.password_hash, password):
-                raise ValueError("Niepoprawny login lub haslo")
+                raise ValueError("Invalid username or password")
            self._set_session(user.username, user.display_name, user.role)

        return self.status()
@@ -84,7 +84,7 @@ class AuthService:
        if not self.enabled:
            return
        if session.get(SESSION_ROLE_KEY) != "admin":
-            raise PermissionError("Brak uprawnien administratora")
+            raise PermissionError("Administrator permissions are required")

    def configure_app(self, app) -> None:
        max_age = int(self.settings.auth["session_max_age_seconds"])
@@ -101,7 +101,7 @@ class AuthService:
        clean_password = self._validate_password(password)
        resolved_display_name = (display_name or normalized_username).strip()
        if not resolved_display_name:
-            raise ValueError("Display name nie moze byc pusty")
+            raise ValueError("Display name cannot be empty")
        return self.user_repository.upsert_user(
            username=normalized_username,
            password_hash=generate_password_hash(clean_password),
@@ -118,16 +118,33 @@ class AuthService:
            generate_password_hash(clean_password),
        )
        if user is None:
-            raise ValueError(f"Uzytkownik '{normalized_username}' nie istnieje")
+            raise ValueError(f"User '{normalized_username}' does not exist")
        return user

+    def update_role(self, *, username: str, role: str) -> AuthUser:
+        normalized_username = self._normalize_username(username)
+        normalized_role = self._normalize_role(role)
+        user = self.user_repository.get_by_username(normalized_username)
+        if user is None:
+            raise ValueError(f"User '{normalized_username}' does not exist")
+        if user.role == normalized_role:
+            return user
+        if user.role == 'admin' and normalized_role != 'admin' and self.user_repository.count_admin_users() <= 1:
+            raise ValueError('At least one active admin user must remain')
+        updated = self.user_repository.update_role(normalized_username, normalized_role)
+        if updated is None:
+            raise ValueError(f"User '{normalized_username}' does not exist")
+        if session.get(SESSION_USER_KEY) == updated.username:
+            session[SESSION_ROLE_KEY] = updated.role
+        return updated
+
    def _login_legacy_user(self, username: str, password: str) -> None:
        expected_username = self.settings.auth["username"]
        expected_password = self.settings.auth["password"]
        expected_password_hash = self.settings.auth.get("password_hash")

        if username != expected_username:
-            raise ValueError("Niepoprawny login lub haslo")
+            raise ValueError("Invalid username or password")

        if expected_password_hash:
            password_ok = check_password_hash(expected_password_hash, password)
@@ -135,7 +152,7 @@ class AuthService:
            password_ok = password == expected_password

        if not password_ok:
-            raise ValueError("Niepoprawny login lub haslo")
+            raise ValueError("Invalid username or password")

        self._set_session(
            expected_username,
@@ -153,19 +170,19 @@ class AuthService:
    def _normalize_username(self, username: str) -> str:
        normalized = (username or "").strip()
        if not normalized:
-            raise ValueError("Username nie moze byc pusty")
+            raise ValueError("Username cannot be empty")
        return normalized

    def _normalize_role(self, role: str) -> str:
        normalized = (role or "").strip().lower()
        if normalized not in VALID_ROLES:
-            raise ValueError("Rola musi byc jedna z: admin, user")
+            raise ValueError("Role must be one of: admin, user")
        return normalized

    def _validate_password(self, password: str) -> str:
        clean_password = password or ""
        if len(clean_password) < 8:
-            raise ValueError("Haslo musi miec co najmniej 8 znakow")
+            raise ValueError("Password must be at least 8 characters long")
        return clean_password