final tweaks.

2025-12-04 10:55:23 -08:00
parent f915e33dab
commit c3e943f135
3 changed files with 13 additions and 5 deletions
--- a/admin.py
+++ b/admin.py
@@ -126,11 +126,13 @@ def register_admin_routes(app):
            
            # Update user in Firestore
            user_ref = db.collection("users").document(target_uid)
-            user_ref.update({
+            # Only update fields that can be changed, excluding is_admin
+            update_data = {
                "enabled": data.get("enabled", False),
-                "is_admin": data.get("is_admin", False),
                "case_email": data.get("case_email", "")
-            })
+            }
+            # Never allow changing is_admin field during updates - admin status can only be set during creation
+            user_ref.update(update_data)
            
            return jsonify({"success": True})
            
--- a/templates/admin_user_edit.html
+++ b/templates/admin_user_edit.html
@@ -26,11 +26,15 @@
    <div>
      <label for="is_admin" class="block text-sm font-medium text-slate-700">Admin</label>
      <div class="mt-1 flex items-center">
-        <input type="checkbox" id="is_admin" name="is_admin" 
+        <input type="checkbox" id="is_admin" name="is_admin"
               {% if user.is_admin %}checked{% endif %}
+               {% if not user.is_admin %}disabled{% endif %}
               class="h-4 w-4 text-blue-600 focus:ring-blue-500 border-slate-300 rounded">
        <label for="is_admin" class="ml-2 block text-sm text-slate-700">Check to make this user an admin</label>
      </div>
+      {% if not user.is_admin %}
+      <p class="mt-1 text-sm text-slate-500">Admin status can only be set during user creation.</p>
+      {% endif %}
    </div>
    
    <div>
@@ -62,7 +66,6 @@ document.getElementById('userForm').addEventListener('submit', function(e) {
  const userData = {
    uid: '{{ user.uid }}',
    enabled: formData.get('enabled') === 'on',
-    is_admin: formData.get('is_admin') === 'on',
    case_email: formData.get('case_email')
  };
  
--- a/templates/login.html
+++ b/templates/login.html
@@ -4,6 +4,9 @@
 <div class="flex  justify-center  py-8">
  <div class="w-full max-w-md p-8 space-y-6 bg-white rounded-xl shadow-lg">
    <h1 class="text-2xl font-bold text-center text-gray-800">Secure Access</h1>
+    <div class="bg-blue-50 border border-blue-200 text-blue-700 px-4 py-3 rounded-lg mb-4">
+      <p>If you don't have a user account, or need to reset your password, send an email to <a href="mailto:office@rothbardlawgroup.com" class="underline">office@rothbardlawgroup.com</a>.</p>
+    </div>
    <form id="login-form" class="space-y-4">
    <div>
      <label class="block text-sm font-medium text-gray-700 mb-1">Email Address</label>