Split up priviledges between site_admin and staff. Only site_admin can delete users in frontend, or change team memberships.

Author: maubreville

exact/exact/administration/templates/administration/user_management.html

@@ -69,7 +69,10 @@ <h4 class="mb-1" id="detail-title"></h4>
           <div class="nav nav-pills mb-3" id="detail-tabs" role="tablist" style="gap:.5rem;">
             <a class="nav-link active" data-toggle="pill" href="#tab-personal" role="tab">Personal</a>
             <a class="nav-link" data-toggle="pill" href="#tab-access" role="tab">Password / Access</a>
+            {% if user.prefs.is_site_admin %}
             <a class="nav-link" data-toggle="pill" href="#tab-teams" role="tab">Teams</a>
+            {% endif %}
+            <a class="nav-link" data-toggle="pill" href="#tab-gui" role="tab">GUI</a>
           </div>
 
           <div class="tab-content">
@@ -148,13 +151,13 @@ <h5 class="mb-1">Edit user</h5>
       <button class="btn btn-outline-danger" id="btn-toggle-active" type="button">Toggle active</button>
       <button class="btn btn-outline-warning" id="btn-toggle-staff" type="button">Toggle staff</button>
 
-      {% if user.prefs.site_admin %}
+      {% if user.prefs.is_site_admin %}
         <button class="btn btn-danger" id="btn-delete-user" type="button">Delete user…</button>
       {% endif %}
     </div>
   </div>
 
-  {% if user.prefs.site_admin %}
+  {% if user.prefs.is_site_admin %}
     <small class="text-muted d-block mt-2">
       Deleting a user is irreversible and may remove memberships and tokens.
     </small>
@@ -199,6 +202,7 @@ <h5>Access tokens</h5>
             </div>
 
             <!-- Teams -->
+            {% if user.prefs.is_site_admin %}
             <div class="tab-pane fade" id="tab-teams" role="tabpanel">
                 <div class="card mb-3">
                 <div class="card-body">
@@ -221,7 +225,16 @@ <h5 class="mb-3">Manage team memberships</h5>
                 </div>
 
             </div>
+            {% endif %}
+            <div class="tab-pane fade" id="tab-gui" role="tabpanel">
+                <div class="card mb-3">
+                <div class="card-body">
+                    <h5 class="mb-3">GUI Mode: 
+                        <select type=select id="f-ui-frontend"><option value=1>Default (bright)</option><option value=2>Lightroom (dark)</option></select></h5>
+                </div>
+                </div>
 
+            </div>
           </div>
         </div>
 
@@ -294,6 +307,7 @@ <h5 class="modal-title" id="deleteUserModalLabel">Delete user</h5>
                               .replace('/1/teams/1/remove/', '/' + userId + '/teams/' + teamId + '/remove/');
   if (name === "teamToggleAdmin") return "{% url 'administration:user_team_toggle_admin_api' user_id=1 team_id=1 %}"
                               .replace('/1/teams/1/toggle-admin/', '/' + userId + '/teams/' + teamId + '/toggle-admin/');
+                            
   return null;
 }
 
@@ -343,10 +357,11 @@ <h5 class="modal-title" id="deleteUserModalLabel">Delete user</h5>
         results.forEach(function(u) {
           var badge = u.is_active ? '' : ' <span class="badge badge-secondary">inactive</span>';
           var staffBadge = u.is_staff ? ' <span class="badge badge-info">staff</span>' : '';
+          var siteadminBadge = u.is_site_admin ? ' <span class="badge badge-success">site admin</span>' : '';
           var item =
             '<button type="button" class="list-group-item list-group-item-action user-row" data-id="' + u.id + '">' +
               '<div class="d-flex justify-content-between">' +
-                '<div><strong>' + (u.display_name || u.username) + '</strong>' + badge + staffBadge + '</div>' +
+                '<div><strong>' + (u.display_name || u.username) + '</strong>' + badge + staffBadge + siteadminBadge +  '</div>' +
               '</div>' +
               '<div class="text-muted" style="font-size: .9em;">' + (u.email || '') + '</div>' +
             '</button>';
@@ -435,6 +450,7 @@ <h5 class="modal-title" id="deleteUserModalLabel">Delete user</h5>
 
         $('#f-date-joined').text(fmt(u.date_joined));
         $('#f-last-login').text(fmt(u.last_login));
+        $('#f-ui-frontend').val(u.prefs.frontend);
 
         $('#random-password-box').hide();
 
@@ -633,6 +649,35 @@ <h5 class="modal-title" id="deleteUserModalLabel">Delete user</h5>
   });
 });
 
+$('#f-ui-frontend').on('change', function() {
+  if (!currentUserId) return;
+
+  var payload = {
+    frontend: $('#f-ui-frontend').val().trim(),
+  };
+
+  $.ajax({
+    url: urlFor("update", currentUserId),
+    method: "POST",
+    contentType: "application/json",
+    data: JSON.stringify(payload),
+    headers: { "X-CSRFToken": csrftoken },
+    success: function() {
+      $.notify("User updated.", "success");
+      loadUserDetail(currentUserId);
+      loadUserList();
+    },
+    error: function(xhr) {
+      var msg = "Update failed.";
+      try {
+        var data = xhr.responseJSON;
+        if (data && data.error) msg = (typeof data.error === "string") ? data.error : JSON.stringify(data.error);
+      } catch(e) {}
+      $.notify(msg, "error");
+    }
+  });
+});
+
 $(document).on('click', '.team-toggle-admin', function() {
   if (!currentUserId) return;
   var teamId = $(this).data('team-id');
@@ -679,7 +724,9 @@ <h5 class="modal-title" id="deleteUserModalLabel">Delete user</h5>
   // Initial load
   $(document).ready(function() {
     loadUserList();
+    {% if user.prefs.is_site_admin %}
     loadTeamsCatalog();
+    {% endif %}
   });
 </script>
 

exact/exact/administration/views.py

@@ -35,6 +35,7 @@
 from django.shortcuts import render, get_object_or_404
 from exact.users.models import Team, TeamMembership
 from .permissions import site_admin_required
+from exact.users.models import UserPreferences
 from django.core.exceptions import ValidationError
 import json
 import secrets
@@ -84,7 +85,7 @@ def product(request, product_id):
     })
 
 
-@site_admin_required
+@staff_member_required
 @require_POST
 def user_update_api(request, user_id: int):
     u = get_object_or_404(User, pk=user_id)
@@ -103,6 +104,12 @@ def user_update_api(request, user_id: int):
         if field in payload:
             setattr(u, field, (payload[field] or "").strip())
 
+    allowed_prefs = ["frontend"]
+    for field in allowed_prefs:
+        if field in payload:
+            setattr(u.prefs, field, (payload[field] or 1))
+            u.prefs.save()
+
     # Basic validation – extend as needed
     if "email" in payload and u.email and "@" not in u.email:
         return JsonResponse({"error": "Invalid email address."}, status=400)
@@ -257,6 +264,11 @@ def user_list_api(request):
 
     data = []
     for u in qs:
+
+        if getattr(u, "prefs", None) is None:
+            # Create preferences object for user, if nonexistant
+            u.prefs, _ = UserPreferences.objects.get_or_create(user=u)
+
         display_name = (f"{u.first_name} {u.last_name}".strip() or u.username)
         data.append({
             "id": u.id,
@@ -265,6 +277,7 @@ def user_list_api(request):
             "email": u.email,
             "is_active": u.is_active,
             "is_staff": u.is_staff,
+            'is_site_admin' : u.prefs.is_site_admin,
         })
 
     return JsonResponse({"results": data})
@@ -328,6 +341,7 @@ def user_detail_api(request, user_id: int):
             "is_active": u.is_active,
             "is_staff": u.is_staff,
             "is_superuser": getattr(u, "is_superuser", False),
+            "prefs": {'frontend': u.prefs.frontend if getattr(u, "prefs", 0) else 0,},
             "date_joined": u.date_joined.isoformat() if getattr(u, "date_joined", None) else None,
             "last_login": u.last_login.isoformat() if getattr(u, "last_login", None) else None,
         },
@@ -350,6 +364,9 @@ def user_toggle_active_api(request, user_id: int):
     if u.id == request.user.id:
         return JsonResponse({"error": "You cannot deactivate your own account."}, status=400)
 
+    if u.prefs.is_site_admin:
+        return JsonResponse({"error": "You cannot deactivate site admin accounts."}, status=400)
+
     u.is_active = not u.is_active
     u.save(update_fields=["is_active"])
     return JsonResponse({"ok": True, "is_active": u.is_active})

exact/exact/base/templates/base/base.html

@@ -98,7 +98,7 @@
 						<a class="dropdown-item" href="{% url 'administration:plugins' %}">Plugins</a>
 						{% endif %}
 						<a class="dropdown-item" href="{% url 'administration:storage' %}">Storage</a>
-						{% if request.user.is_superuser and request.user.prefs.is_site_admin %}
+						{% if request.user.is_staff or request.user.prefs.is_site_admin %}
 						<a class="dropdown-item" href="{% url 'administration:user_management' %}">User Management</a>
 						{% endif %}
 					</div>

exact/exact/users/__init__.py

@@ -0,0 +1 @@
+default_app_config = "exact.users.apps.UsersConfig"

exact/exact/users/apps.py

@@ -4,3 +4,7 @@
 class UsersConfig(AppConfig):
     default_auto_field = 'django.db.models.BigAutoField'
     name = 'exact.users'
+
+    def ready(self):
+        from . import signals
+        

exact/exact/users/signals.py

@@ -0,0 +1,13 @@
+from django.contrib.auth import get_user_model
+from django.db.models.signals import post_save
+from django.dispatch import receiver
+
+from .models import UserPreferences  # your prefs model
+
+User = get_user_model()
+
+@receiver(post_save, sender=User)
+def ensure_user_preferences(sender, instance, created, **kwargs):
+    if created:
+        UserPreferences.objects.get_or_create(user=instance)
+