Update access control for Scholengroep ICT management and adjust visibility of management buttons
All checks were successful
Build & Push / Build & Push image (push) Successful in 38s
All checks were successful
Build & Push / Build & Push image (push) Successful in 38s
This commit is contained in:
@@ -265,11 +265,11 @@ def remove_user_from_school(school_id, user_id):
|
||||
return jsonify({'deleted': True})
|
||||
|
||||
|
||||
# ── Scholengroep ICT beheer (superadmin) ──────────────────────────────────────
|
||||
# ── Scholengroep ICT beheer ───────────────────────────────────────────────────
|
||||
|
||||
@admin_bp.route('/scholengroep-ict', methods=['GET'])
|
||||
@login_required
|
||||
@superadmin_required
|
||||
@scholengroep_ict_required # scholengroep_ict mag de lijst lezen; superadmin ook
|
||||
def list_scholengroep_ict():
|
||||
users = User.query.filter_by(role='scholengroep_ict', is_active=True)\
|
||||
.order_by(User.last_name).all()
|
||||
|
||||
@@ -128,12 +128,13 @@
|
||||
<div class="stat-card"><div class="stat-value" id="st-teachers">-</div><div class="stat-label">Leerkrachten</div></div>
|
||||
</div>
|
||||
|
||||
<!-- Scholengroep ICT accounts — alleen superadmin -->
|
||||
{% if is_superadmin %}
|
||||
<!-- Scholengroep ICT accounts — iedereen ziet lijst, enkel superadmin kan beheren -->
|
||||
<div class="section">
|
||||
<div class="section-header">
|
||||
<h2>👥 Scholengroep ICT medewerkers</h2>
|
||||
<button class="btn btn-primary btn-sm">+ Toevoegen</button>
|
||||
{% if is_superadmin %}
|
||||
<button class="btn btn-primary btn-sm" id="btnAddSgIct">+ Toevoegen</button>
|
||||
{% endif %}
|
||||
</div>
|
||||
<p class="section-hint">
|
||||
Scholengroep ICT medewerkers kunnen alle scholen en gebruikers beheren,
|
||||
@@ -144,7 +145,6 @@
|
||||
<tbody id="sgIctTable"><tr class="empty-row"><td colspan="4">Laden...</td></tr></tbody>
|
||||
</table>
|
||||
</div>
|
||||
{% endif %}
|
||||
|
||||
|
||||
<!-- Schooljaren — globaal -->
|
||||
@@ -363,8 +363,7 @@ document.addEventListener('DOMContentLoaded', async () => {
|
||||
document.getElementById('btnSaveJaar') && bind('btnSaveJaar', 'click', addJaar);
|
||||
document.getElementById('btnCancelUser') && bind('btnCancelUser', 'click', closeModal);
|
||||
document.getElementById('btnSaveUser') && bind('btnSaveUser', 'click', addUser);
|
||||
const tasks = [loadStats(), loadSchoolsTable(), loadSchoolsGrid()];
|
||||
if (IS_SUPERADMIN) tasks.push(loadSgIct());
|
||||
const tasks = [loadStats(), loadSchoolsTable(), loadSchoolsGrid(), loadSgIct()];
|
||||
await Promise.all(tasks);
|
||||
await loadJaren();
|
||||
await loadAuditLog();
|
||||
@@ -396,7 +395,7 @@ async function loadSgIct() {
|
||||
<td>${u.full_name}</td>
|
||||
<td style="color:var(--gray-500);font-size:.82rem;">${u.email}</td>
|
||||
<td style="color:var(--gray-500);font-size:.8rem;">${u.last_login ? new Date(u.last_login).toLocaleDateString('nl-BE') : 'Nog niet ingelogd'}</td>
|
||||
<td><button class="btn btn-danger btn-sm" data-action="removeSgIct" data-id="${u.id}" data-name="${u.full_name.replace(/'/g,''')}">Verwijderen</button></td>
|
||||
<td>${IS_SUPERADMIN ? `<button class="btn btn-danger btn-sm" data-action="removeSgIct" data-id="${u.id}" data-name="${u.full_name.replace(/'/g,''')}">Verwijderen</button>` : ''}</td>
|
||||
</tr>`).join('');
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user