sgr5/leerdoelen_tracker
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Activity

Update access control for Scholengroep ICT management and adjust visibility of management buttons
All checks were successful
Build & Push / Build & Push image (push) Successful in 38s
Details

Browse Source
This commit is contained in:
Sam Geyskens
2026-03-03 10:23:33 +01:00
parent 85778855ca
commit 28c05edb0b
2 changed files with 8 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
backend/routes/admin.py
View File

@@ -265,11 +265,11 @@ def remove_user_from_school(school_id, user_id):
return jsonify({'deleted': True}) return jsonify({'deleted': True})
# ── Scholengroep ICT beheer (superadmin) ────────────────────────────────────── # ── Scholengroep ICT beheer ───────────────────────────────────────────────────
@admin_bp.route('/scholengroep-ict', methods=['GET']) @admin_bp.route('/scholengroep-ict', methods=['GET'])
@login_required @login_required
@superadmin_required @scholengroep_ict_required # scholengroep_ict mag de lijst lezen; superadmin ook
def list_scholengroep_ict(): def list_scholengroep_ict():
users = User.query.filter_by(role='scholengroep_ict', is_active=True)\ users = User.query.filter_by(role='scholengroep_ict', is_active=True)\
.order_by(User.last_name).all() .order_by(User.last_name).all()

13
backend/templates/scholengroep_ict.html
View File

@@ -128,12 +128,13 @@
<div class="stat-card"><div class="stat-value" id="st-teachers">-</div><div class="stat-label">Leerkrachten</div></div> <div class="stat-card"><div class="stat-value" id="st-teachers">-</div><div class="stat-label">Leerkrachten</div></div>
</div> </div>
<!-- Scholengroep ICT accounts — alleen superadmin --> <!-- Scholengroep ICT accounts — iedereen ziet lijst, enkel superadmin kan beheren -->
{% if is_superadmin %}
<div class="section"> <div class="section">
<div class="section-header"> <div class="section-header">
<h2>👥 Scholengroep ICT medewerkers</h2> <h2>👥 Scholengroep ICT medewerkers</h2>
<button class="btn btn-primary btn-sm">+ Toevoegen</button> {% if is_superadmin %}
<button class="btn btn-primary btn-sm" id="btnAddSgIct">+ Toevoegen</button>
{% endif %}
</div> </div>
<p class="section-hint"> <p class="section-hint">
Scholengroep ICT medewerkers kunnen alle scholen en gebruikers beheren, Scholengroep ICT medewerkers kunnen alle scholen en gebruikers beheren,
@@ -144,7 +145,6 @@
<tbody id="sgIctTable"><tr class="empty-row"><td colspan="4">Laden...</td></tr></tbody> <tbody id="sgIctTable"><tr class="empty-row"><td colspan="4">Laden...</td></tr></tbody>
</table> </table>
</div> </div>
{% endif %}
<!-- Schooljaren — globaal --> <!-- Schooljaren — globaal -->
@@ -363,8 +363,7 @@ document.addEventListener('DOMContentLoaded', async () => {
document.getElementById('btnSaveJaar') && bind('btnSaveJaar', 'click', addJaar); document.getElementById('btnSaveJaar') && bind('btnSaveJaar', 'click', addJaar);
document.getElementById('btnCancelUser') && bind('btnCancelUser', 'click', closeModal); document.getElementById('btnCancelUser') && bind('btnCancelUser', 'click', closeModal);
document.getElementById('btnSaveUser') && bind('btnSaveUser', 'click', addUser); document.getElementById('btnSaveUser') && bind('btnSaveUser', 'click', addUser);
const tasks = [loadStats(), loadSchoolsTable(), loadSchoolsGrid()]; const tasks = [loadStats(), loadSchoolsTable(), loadSchoolsGrid(), loadSgIct()];
if (IS_SUPERADMIN) tasks.push(loadSgIct());
await Promise.all(tasks); await Promise.all(tasks);
await loadJaren(); await loadJaren();
await loadAuditLog(); await loadAuditLog();
@@ -396,7 +395,7 @@ async function loadSgIct() {
<td>${u.full_name}</td> <td>${u.full_name}</td>
<td style="color:var(--gray-500);font-size:.82rem;">${u.email}</td> <td style="color:var(--gray-500);font-size:.82rem;">${u.email}</td>
<td style="color:var(--gray-500);font-size:.8rem;">${u.last_login ? new Date(u.last_login).toLocaleDateString('nl-BE') : 'Nog niet ingelogd'}</td> <td style="color:var(--gray-500);font-size:.8rem;">${u.last_login ? new Date(u.last_login).toLocaleDateString('nl-BE') : 'Nog niet ingelogd'}</td>
<td><button class="btn btn-danger btn-sm" data-action="removeSgIct" data-id="${u.id}" data-name="${u.full_name.replace(/'/g,'&#39;')}">Verwijderen</button></td> <td>${IS_SUPERADMIN ? `<button class="btn btn-danger btn-sm" data-action="removeSgIct" data-id="${u.id}" data-name="${u.full_name.replace(/'/g,'&#39;')}">Verwijderen</button>` : ''}</td>
</tr>`).join(''); </tr>`).join('');
} }