# Fichier: blueprints/admin.py (VERSION UUID SÉCURISÉE) from flask import Blueprint, render_template, request, redirect, url_for, flash, current_app from flask_login import login_required, current_user import secrets import string import re from datetime import datetime, timedelta from extensions import db, bcrypt, mail, limiter from models import User, Rapport from decorators import role_required from flask_mail import Message from sqlalchemy import func, desc from sqlalchemy.orm import joinedload from models import User, Rapport, AuditLog # ✅ Ajouter AuditLog from datetime import datetime, timedelta, timezone # ✅ Ajouter timezone admin = Blueprint('admin', __name__, url_prefix='/admin', template_folder='../templates') # ======================================================================== # FONCTIONS UTILITAIRES # ======================================================================== def generate_random_password(length=32): chars = string.ascii_letters + string.digits + "!@#$%^&*" password = ''.join(secrets.choice(chars) for _ in range(length)) if not (any(c.isupper() for c in password) and any(c.islower() for c in password) and any(c.isdigit() for c in password) and any(c in "!@#$%^&*" for c in password)): return generate_random_password(length) return password def validate_email_format(email): pattern = r'^[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$' return re.match(pattern, email) is not None def send_new_user_email(user): try: token = user.get_reset_token(expires_sec=86400, secret_key=str(current_app.config['SECRET_KEY'])) msg = Message('Bienvenue sur MCyber Audit - Activation de compte', recipients=[user.email]) reset_url = url_for('auth.reset_password', token=token, _external=True) msg.body = f"""Bonjour, Un compte a été créé pour votre organisation sur la plateforme MCyber Audit. 📋 VOS INFORMATIONS : - Entreprise : {user.company_name or 'Non renseignée'} - Email : {user.email} - Rôle : {user.role.upper()} 🔐 Cliquez sur le lien ci-dessous pour définir votre mot de passe : {reset_url} Ce lien est valide 24 heures. Cordialement, L'équipe MCyber Consulting """ mail.send(msg) return True except Exception as e: current_app.logger.error(f"Erreur envoi email bienvenue: {e}", exc_info=True) return False # ======================================================================== # ROUTES SUPERVISION # ======================================================================== @admin.route("/") @login_required @role_required('admin') def index(): return redirect(url_for('admin.supervision')) @admin.route("/supervision") @login_required @role_required('admin') def supervision(): # ✅ Filtres period_filter = request.args.get('period', 'all') # 7d, 30d, 90d, all score_filter = request.args.get('score', 'all') # 30, 50, 70, all page = request.args.get('page', 1, type=int) per_page = 10 # --- 1. KPIs --- total_users = User.query.filter(User.role != 'admin').count() total_audits = Rapport.query.count() avg_score = 0 if total_audits > 0: scores = [r.score_total for r in Rapport.query.with_entities(Rapport.score_total).all()] if scores: avg_score = round(sum(scores) / len(scores), 1) # ✅ NOUVEAU : Nouveaux clients 30j thirty_days_ago = datetime.now() - timedelta(days=30) new_users_30d = User.query.filter( User.role != 'admin', User.created_at >= thirty_days_ago ).count() # --- 2. GRAPHIQUE (inchangé) --- chart_labels = [] chart_data = [] today = datetime.now() for i in range(5, -1, -1): date_cursor = today - timedelta(days=i*30) month_start = date_cursor.replace(day=1, hour=0, minute=0, second=0, microsecond=0) if month_start.month == 12: month_end = month_start.replace(year=month_start.year + 1, month=1) else: month_end = month_start.replace(month=month_start.month + 1) chart_labels.append(month_start.strftime('%b')) count = Rapport.query.filter( Rapport.date_creation >= month_start, Rapport.date_creation < month_end ).count() chart_data.append(count) # ✅ 3. TOP 3 CLIENTS (au lieu de top 5 users) users = User.query.filter_by(role='user').all() users_stats = [] for u in users: count = Rapport.query.filter_by(user_id=u.id).count() if count > 0: users_stats.append({ 'email': u.email, 'company_name': u.company_name, 'rapports_count': count, 'manager': u.manager }) top_clients = sorted(users_stats, key=lambda x: x['rapports_count'], reverse=True)[:3] # ✅ TOP 3 # --- 4. TOP MANAGERS (inchangé) --- managers = User.query.filter_by(role='manager').options(joinedload(User.clients)).all() managers_stats = [] for m in managers: client_ids = [c.id for c in m.clients] total_audits_managed = 0 if client_ids: total_audits_managed = Rapport.query.filter(Rapport.user_id.in_(client_ids)).count() managers_stats.append({ 'email': m.email, 'company_name': m.company_name, 'clients_count': len(client_ids), 'total_audits_managed': total_audits_managed }) top_managers = sorted(managers_stats, key=lambda x: x['clients_count'], reverse=True)[:5] # ✅ 5. AUDITS CRITIQUES (avec filtres + pagination) query = Rapport.query # Filtre période if period_filter == '7d': cutoff = datetime.now() - timedelta(days=7) query = query.filter(Rapport.date_creation >= cutoff) elif period_filter == '30d': cutoff = datetime.now() - timedelta(days=30) query = query.filter(Rapport.date_creation >= cutoff) elif period_filter == '90d': cutoff = datetime.now() - timedelta(days=90) query = query.filter(Rapport.date_creation >= cutoff) # Filtre score if score_filter == '30': query = query.filter(Rapport.score_total < 30) elif score_filter == '50': query = query.filter(Rapport.score_total < 50) elif score_filter == '70': query = query.filter(Rapport.score_total < 70) else: # all query = query.filter(Rapport.score_total < 50) # Par défaut < 50 # Pagination pagination = query.order_by(Rapport.date_creation.desc()).paginate( page=page, per_page=per_page, error_out=False ) critical_reports = [] for r in pagination.items: author = User.query.get(r.user_id) critical_reports.append({ 'user_id': r.user_id, 'score_total': r.score_total, 'date_creation': r.date_creation, 'company_name': author.company_name if author else 'Inconnu', 'email': author.email if author else 'Inconnu' }) return render_template( 'supervision.html', stats={ 'users': total_users, 'audits': total_audits, 'avg_score': avg_score, 'new_users_30d': new_users_30d # ✅ NOUVEAU }, top_managers=top_managers, top_clients=top_clients, # ✅ Renommé (était top_users) critical_reports=critical_reports, chart_labels=chart_labels, chart_data=chart_data, pagination=pagination, # ✅ NOUVEAU current_period=period_filter, # ✅ NOUVEAU current_score=score_filter # ✅ NOUVEAU ) # ======================================================================== # ROUTES PANEL & GESTION # ======================================================================== @admin.route("/panel") @login_required @role_required('admin') def admin_panel(): try: # 1. Configuration et Paramètres page = request.args.get('page', 1, type=int) sort_by = request.args.get('sort', 'date') # date, name, active, reports filter_status = request.args.get('filter', 'all') # all, active, inactive search = request.args.get('search', '').strip() per_page = 10 # 2. Requête de base (Exclure l'admin connecté) query = User.query.filter(User.id != current_user.id) # 3. Application de la Recherche (Serveur) if search: query = query.filter( (User.email.ilike(f'%{search}%')) | (User.company_name.ilike(f'%{search}%')) ) # 4. Application du Filtre Statut if filter_status == 'active': query = query.filter(User.is_active_account == True) elif filter_status == 'inactive': query = query.filter(User.is_active_account == False) # 5. Application du Tri if sort_by == 'name': query = query.order_by(User.company_name.asc()) elif sort_by == 'active': query = query.order_by(User.is_active_account.desc(), User.company_name.asc()) elif sort_by == 'reports': # Tri par nombre de rapports (nécessite un COUNT) query = query.outerjoin(Rapport).group_by(User.id).order_by(func.count(Rapport.id).desc()) else: # date (défaut) query = query.order_by(User.created_at.desc()) # 6. Pagination pagination = query.paginate(page=page, per_page=per_page, error_out=False) users = pagination.items # 7. Stats Globales (Restent globales, indépendantes de la recherche) total_users = User.query.filter(User.role != 'admin').count() total_audits = Rapport.query.count() avg = 0 if total_users > 0: avg = round(total_audits / total_users, 1) stats = { 'total_users': total_users, 'total_managers': User.query.filter_by(role='manager').count(), 'total_audits': total_audits, 'avg_audits_per_user': avg } recent_activity = Rapport.query.order_by(Rapport.date_creation.desc()).limit(5).all() return render_template( 'admin_panel.html', users=users, stats=stats, recent_activity=recent_activity, now=datetime.now(), pagination=pagination, # On passe les états au template pour garder la mémoire current_sort=sort_by, current_filter=filter_status, current_search=search ) except Exception as e: current_app.logger.error(f"Erreur admin_panel: {e}", exc_info=True) flash("❌ Erreur lors du chargement du panel.", 'danger') return redirect(url_for('main.index')) # MODIFICATION UUID : @admin.route('/user/') @login_required @role_required('admin') def admin_user_detail(user_id): """Vue détaillée d'un utilisateur avec stats, clients (si manager) et rapports paginés""" user = User.query.get_or_404(user_id) if user.id == current_user.id: return redirect(url_for('admin.admin_panel')) # ======================================================================== # STATS GLOBALES # ======================================================================== total_rapports = Rapport.query.filter_by(user_id=user.id).count() # Score moyen avg_score = 0 if total_rapports > 0: scores = [r.score_total for r in Rapport.query.filter_by(user_id=user.id).with_entities(Rapport.score_total).all()] if scores: avg_score = round(sum(scores) / len(scores), 1) # Dernier rapport dernier_rapport = Rapport.query.filter_by(user_id=user.id).order_by(Rapport.date_creation.desc()).first() stats = { 'total_rapports': total_rapports, 'avg_score': avg_score, 'dernier_rapport': dernier_rapport } # ======================================================================== # ✅ NOUVEAU : GESTION ÉQUIPE (TEAM MEMBERS) # ======================================================================== team_members = [] parent_account = None if user.role == 'manager': # Si c'est un sous-compte, on cherche le patron pour l'afficher if user.parent_id: parent_account = User.query.get(user.parent_id) # Si c'est un patron, on cherche ses employés pour les lister else: team_members = User.query.filter_by(parent_id=user.id).all() # ======================================================================== # SI MANAGER : STATS CLIENTS # ======================================================================== clients_data = None clients_stats = None clients_pagination = None if user.role == 'manager': # Pagination clients clients_page = request.args.get('clients_page', 1, type=int) clients_sort = request.args.get('clients_sort', 'name') # name, date, reports per_page_clients = 10 # ✅ CHANGEMENT IMPORTANT : On utilise owner_id # Si on regarde le profil d'un employé, on veut voir les clients de l'entreprise (du patron) target_manager_id = user.owner_id clients_query = User.query.filter_by(manager_id=target_manager_id) # Tri clients if clients_sort == 'name': clients_query = clients_query.order_by(User.company_name.asc()) elif clients_sort == 'reports': clients_query = clients_query.outerjoin(Rapport).group_by(User.id).order_by(func.count(Rapport.id).desc()) else: # date clients_query = clients_query.order_by(User.created_at.desc()) # Pagination clients_pagination = clients_query.paginate(page=clients_page, per_page=per_page_clients, error_out=False) # Préparer données clients avec leurs stats clients_data = [] for client in clients_pagination.items: client_rapports_count = Rapport.query.filter_by(user_id=client.id).count() clients_data.append({ 'user': client, 'rapports_count': client_rapports_count }) # Stats globales clients total_clients = User.query.filter_by(manager_id=target_manager_id).count() clients_actifs = User.query.filter_by(manager_id=target_manager_id, is_active_account=True).count() # Total diagnostics générés par tous les clients client_ids = [c.id for c in User.query.filter_by(manager_id=target_manager_id).all()] total_diags_clients = 0 if client_ids: total_diags_clients = Rapport.query.filter(Rapport.user_id.in_(client_ids)).count() clients_stats = { 'total': total_clients, 'actifs': clients_actifs, 'total_diags': total_diags_clients } # ======================================================================== # RAPPORTS UTILISATEUR (PAGINÉS + TRIÉS + FILTRÉS) # ======================================================================== page = request.args.get('page', 1, type=int) sort_by = request.args.get('sort', 'date') # date, client, score score_filter = request.args.get('score_filter', 'all') # all, critical, medium, good per_page = 10 # Query rapports rapports_query = Rapport.query.filter_by(user_id=user.id) # Filtre score if score_filter == 'critical': rapports_query = rapports_query.filter(Rapport.score_total < 50) elif score_filter == 'medium': rapports_query = rapports_query.filter(Rapport.score_total >= 50, Rapport.score_total < 80) elif score_filter == 'good': rapports_query = rapports_query.filter(Rapport.score_total >= 80) # Tri if sort_by == 'client': rapports_query = rapports_query.order_by(Rapport.nom_client.asc()) elif sort_by == 'score': rapports_query = rapports_query.order_by(Rapport.score_total.asc()) else: # date (défaut) rapports_query = rapports_query.order_by(Rapport.date_creation.desc()) # Pagination pagination = rapports_query.paginate(page=page, per_page=per_page, error_out=False) return render_template( 'admin_user_detail.html', target_user=user, rapports=pagination.items, pagination=pagination, current_sort=sort_by, current_score_filter=score_filter, stats=stats, clients_data=clients_data, clients_stats=clients_stats, clients_pagination=clients_pagination, current_clients_sort=request.args.get('clients_sort', 'name'), now=datetime.now(), # ✅ NOUVEAU : On passe les variables au template team_members=team_members, parent_account=parent_account ) # ======================================================================== # STATS GLOBALES # ======================================================================== total_rapports = Rapport.query.filter_by(user_id=user.id).count() # Score moyen avg_score = 0 if total_rapports > 0: scores = [r.score_total for r in Rapport.query.filter_by(user_id=user.id).with_entities(Rapport.score_total).all()] if scores: avg_score = round(sum(scores) / len(scores), 1) # Dernier rapport dernier_rapport = Rapport.query.filter_by(user_id=user.id).order_by(Rapport.date_creation.desc()).first() stats = { 'total_rapports': total_rapports, 'avg_score': avg_score, 'dernier_rapport': dernier_rapport } # ======================================================================== # SI MANAGER : STATS CLIENTS # ======================================================================== clients_data = None clients_stats = None clients_pagination = None if user.role == 'manager': # Pagination clients clients_page = request.args.get('clients_page', 1, type=int) clients_sort = request.args.get('clients_sort', 'name') # name, date, reports per_page_clients = 10 # Query clients clients_query = User.query.filter_by(manager_id=user.id) # Tri clients if clients_sort == 'name': clients_query = clients_query.order_by(User.company_name.asc()) elif clients_sort == 'reports': clients_query = clients_query.outerjoin(Rapport).group_by(User.id).order_by(func.count(Rapport.id).desc()) else: # date clients_query = clients_query.order_by(User.created_at.desc()) # Pagination clients_pagination = clients_query.paginate(page=clients_page, per_page=per_page_clients, error_out=False) # Préparer données clients avec leurs stats clients_data = [] for client in clients_pagination.items: client_rapports_count = Rapport.query.filter_by(user_id=client.id).count() clients_data.append({ 'user': client, 'rapports_count': client_rapports_count }) # Stats globales clients total_clients = User.query.filter_by(manager_id=user.id).count() clients_actifs = User.query.filter_by(manager_id=user.id, is_active_account=True).count() # Total diagnostics générés par tous les clients client_ids = [c.id for c in User.query.filter_by(manager_id=user.id).all()] total_diags_clients = 0 if client_ids: total_diags_clients = Rapport.query.filter(Rapport.user_id.in_(client_ids)).count() clients_stats = { 'total': total_clients, 'actifs': clients_actifs, 'total_diags': total_diags_clients } # ======================================================================== # RAPPORTS UTILISATEUR (PAGINÉS + TRIÉS + FILTRÉS) # ======================================================================== page = request.args.get('page', 1, type=int) sort_by = request.args.get('sort', 'date') # date, client, score score_filter = request.args.get('score_filter', 'all') # all, critical, medium, good per_page = 10 # Query rapports rapports_query = Rapport.query.filter_by(user_id=user.id) # Filtre score if score_filter == 'critical': rapports_query = rapports_query.filter(Rapport.score_total < 50) elif score_filter == 'medium': rapports_query = rapports_query.filter(Rapport.score_total >= 50, Rapport.score_total < 80) elif score_filter == 'good': rapports_query = rapports_query.filter(Rapport.score_total >= 80) # Tri if sort_by == 'client': rapports_query = rapports_query.order_by(Rapport.nom_client.asc()) elif sort_by == 'score': rapports_query = rapports_query.order_by(Rapport.score_total.asc()) else: # date (défaut) rapports_query = rapports_query.order_by(Rapport.date_creation.desc()) # Pagination pagination = rapports_query.paginate(page=page, per_page=per_page, error_out=False) return render_template( 'admin_user_detail.html', target_user=user, rapports=pagination.items, pagination=pagination, current_sort=sort_by, current_score_filter=score_filter, stats=stats, clients_data=clients_data, clients_stats=clients_stats, clients_pagination=clients_pagination, current_clients_sort=request.args.get('clients_sort', 'name'), now=datetime.now() ) # ======================================================================== # ÉDITION UTILISATEUR # ======================================================================== # MODIFICATION UUID : @admin.route('/user/edit/', methods=['GET', 'POST']) @login_required @role_required('admin') def edit_user(user_id): if user_id == current_user.id: flash("Pour modifier votre profil, allez dans 'Paramètres'.", 'info') return redirect(url_for('auth.account_settings')) user_to_edit = User.query.get_or_404(user_id) if request.method == 'POST': new_email = request.form.get('email').strip().lower() new_role = request.form.get('role') company = request.form.get('company_name') if new_email != user_to_edit.email: if not validate_email_format(new_email): flash("Format d'email invalide.", "danger") return render_template('edit_user.html', user=user_to_edit) existing = User.query.filter_by(email=new_email).first() if existing: flash("Cet email est déjà utilisé par un autre compte.", "danger") return render_template('edit_user.html', user=user_to_edit) old_email = user_to_edit.email user_to_edit.email = new_email user_to_edit.role = new_role user_to_edit.company_name = company if request.form.get('reset_2fa') == 'yes': user_to_edit.two_factor_enabled = False flash(f"⚠️ 2FA désactivée pour {new_email}.", "warning") try: db.session.commit() current_app.logger.info(f"✏️ Admin {current_user.email} a modifié user {user_id} (Ancien: {old_email} -> Nouveau: {new_email}) | IP: {request.remote_addr}") # ✅ LOG ACTIVITÉ from services.logger_service import log_user_updated changes = f"Email: {old_email} → {new_email}, Rôle: {new_role}" log_user_updated(current_user.id, user_id, new_email, changes) flash(f"✅ Utilisateur {new_email} mis à jour.", "success") return redirect(url_for('admin.admin_panel')) except Exception as e: db.session.rollback() current_app.logger.error(f"Erreur édition user {user_id}: {e}", exc_info=True) flash("Erreur lors de la mise à jour.", "danger") return render_template('edit_user.html', user=user_to_edit) # ======================================================================== # ACTIONS UTILISATEUR (TOGGLE) # ======================================================================== # MODIFICATION UUID : @admin.route("/toggle_login/", methods=['POST']) @login_required @role_required('admin') def toggle_login_access(user_id): user = User.query.get_or_404(user_id) if user.role == 'admin' or user.id == current_user.id: flash("❌ Action interdite sur ce compte.", 'danger') return redirect(url_for('admin.admin_panel')) user.is_active_account = not user.is_active_account action = "suspendu" if not user.is_active_account else "réactivé" db.session.commit() current_app.logger.warning(f"🔒 Admin {current_user.email} a {action} le compte {user.email} | IP: {request.remote_addr}") # ✅ LOG ACTIVITÉ from services.logger_service import log_user_activated, log_user_deactivated if user.is_active_account: log_user_activated(current_user.id, user.id, user.email) else: log_user_deactivated(current_user.id, user.id, user.email) flash(f"✅ Compte {action} : {user.email}", 'success') return redirect(request.referrer or url_for('admin.admin_panel')) # MODIFICATION UUID : @admin.route("/toggle_audit/", methods=['POST']) @login_required @role_required('admin') def toggle_audit_access(user_id): user = User.query.get_or_404(user_id) if user.role == 'admin': flash("❌ Action non applicable aux administrateurs.", 'danger') return redirect(url_for('admin.admin_panel')) user.can_audit = not user.can_audit action = "désactivée" if not user.can_audit else "activée" db.session.commit() current_app.logger.info(f"📝 Admin {current_user.email} a {action} la permission d'audit pour {user.email} | IP: {request.remote_addr}") flash(f"✅ Permission d'audit {action} pour {user.email}", 'success') return redirect(request.referrer or url_for('admin.admin_panel')) # Aliases pour compatibilité @admin.route('/toggle_activation/', methods=['POST']) @login_required @role_required('admin') def admin_toggle_activation(user_id): return toggle_login_access(user_id) @admin.route('/toggle_audit_permission/', methods=['POST']) @login_required @role_required('admin') def admin_toggle_audit_permission(user_id): return toggle_audit_access(user_id) # ======================================================================== # MISE À JOUR ENGAGEMENT # ======================================================================== # MODIFICATION UUID : @admin.route('/user//update_engagement', methods=['POST']) @login_required @role_required('admin') def update_user_engagement(user_id): user = User.query.get_or_404(user_id) date_str = request.form.get('engagement_date', '').strip() if date_str: try: user.engagement_end_date = datetime.strptime(date_str, '%Y-%m-%d') db.session.commit() current_app.logger.info(f"📅 Admin {current_user.email} modifie engagement pour {user.email}: {date_str} | IP: {request.remote_addr}") flash(f"✅ Date d'engagement mise à jour pour {user.email}.", 'success') except ValueError: flash("❌ Format de date invalide.", 'danger') else: user.engagement_end_date = None db.session.commit() current_app.logger.info(f"📅 Admin {current_user.email} supprime engagement pour {user.email} | IP: {request.remote_addr}") flash("✅ Date d'engagement supprimée.", 'info') return redirect(url_for('admin.admin_user_detail', user_id=user.id)) # ======================================================================== # RÉASSIGNATION MANAGER # ======================================================================== # MODIFICATION UUID : @admin.route('/user//reassign_manager', methods=['POST']) @login_required @role_required('admin') def reassign_manager(user_id): user = User.query.get_or_404(user_id) if user.role != 'user': flash("❌ Seuls les clients peuvent être réassignés.", 'danger') return redirect(url_for('admin.admin_user_detail', user_id=user_id)) new_manager_id = request.form.get('new_manager_id', '').strip() if not new_manager_id: old_manager_email = user.manager.email if user.manager else "Aucun" user.manager_id = None db.session.commit() current_app.logger.info(f"🔄 Admin {current_user.email} retire le manager de {user.email} (ancien: {old_manager_email}) | IP: {request.remote_addr}") flash(f"✅ {user.email} n'a plus de manager.", 'info') else: try: # CORRECTION UUID : Pas de int() ici, c'est une string new_manager = User.query.get_or_404(new_manager_id) if new_manager.role != 'manager': flash("❌ L'utilisateur sélectionné n'est pas un manager.", 'danger') return redirect(url_for('admin.admin_user_detail', user_id=user_id)) old_manager_email = user.manager.email if user.manager else "Aucun" user.manager_id = new_manager.id db.session.commit() current_app.logger.info(f"🔄 Admin {current_user.email} réassigne {user.email} de {old_manager_email} à {new_manager.email} | IP: {request.remote_addr}") flash(f"✅ {user.email} réassigné au manager {new_manager.email}.", 'success') except Exception: flash("❌ ID de manager invalide.", 'danger') return redirect(url_for('admin.admin_user_detail', user_id=user_id)) # ======================================================================== # CRÉATION UTILISATEUR # ======================================================================== @admin.route("/new_user", methods=['GET', 'POST']) @login_required @role_required('admin') def admin_new_user(): managers = User.query.filter_by(role='manager').all() if request.method == 'POST': email = request.form.get('email', '').strip().lower() role = request.form.get('role', '').strip() company_name = request.form.get('company_name', '').strip() manager_id = request.form.get('manager_id', '').strip() if not email or not role or not company_name: flash("❌ Tous les champs sont requis.", 'danger') return render_template('admin_new_user.html', managers=managers) if not validate_email_format(email): flash("❌ Format d'email invalide.", 'danger') return render_template('admin_new_user.html', managers=managers) if User.query.filter_by(email=email).first(): flash(f"❌ Un compte existe déjà avec l'email {email}.", 'warning') return render_template('admin_new_user.html', managers=managers) if role not in ['user', 'manager']: flash("❌ Rôle invalide.", 'danger') return render_template('admin_new_user.html', managers=managers) if len(company_name) > 150: flash("❌ Nom d'entreprise trop long.", 'danger') return render_template('admin_new_user.html', managers=managers) hashed_pw = bcrypt.generate_password_hash(generate_random_password()).decode('utf-8') new_user = User(email=email, password=hashed_pw, role=role, company_name=company_name, can_audit=True, is_active_account=True) if role == 'user' and manager_id: try: # CORRECTION UUID : On vérifie si le manager existe avec son ID string manager = User.query.get(manager_id) if manager and manager.role == 'manager': new_user.manager_id = manager_id except Exception: pass try: db.session.add(new_user) db.session.commit() current_app.logger.info(f"➕ Admin {current_user.email} crée user {email} (role: {role}) | IP: {request.remote_addr}") # ✅ LOG ACTIVITÉ from services.logger_service import log_user_created log_user_created(current_user.id, new_user.id, email, role) if send_new_user_email(new_user): flash(f'✅ Compte créé pour {company_name}. Email envoyé.', 'success') else: flash(f'⚠️ Compte créé, mais erreur email.', 'warning') return redirect(url_for('admin.admin_panel')) except Exception as e: db.session.rollback() current_app.logger.error(f"Erreur création user: {e}", exc_info=True) flash("❌ Erreur technique.", 'danger') return render_template('admin_new_user.html', managers=managers) # ======================================================================== # SUPPRESSION UTILISATEUR # ======================================================================== # MODIFICATION UUID : @admin.route("/delete_user/", methods=['POST']) @login_required @role_required('admin') def delete_user(user_id): if user_id == current_user.id: flash("❌ Vous ne pouvez pas vous supprimer vous-même.", 'danger') return redirect(url_for('admin.admin_panel')) user = User.query.get_or_404(user_id) if user.role == 'manager': # ✅ NOUVEAU : Vérifier si c'est un patron qui a une équipe team_count = User.query.filter_by(parent_id=user.id).count() if team_count > 0: flash(f"❌ Impossible de supprimer ce manager : il a {team_count} membre(s) dans son équipe. Supprimez-les d'abord.", 'danger') return redirect(url_for('admin.admin_user_detail', user_id=user.id)) # Vérifier clients (ça tu l'avais déjà) clients_count = User.query.filter_by(manager_id=user.id).count() if clients_count > 0: flash(f"❌ Impossible de supprimer ce manager : il gère {clients_count} client(s).", 'danger') return redirect(url_for('admin.admin_user_detail', user_id=user.id)) user_email = user.email user_role = user.role current_app.logger.warning(f"🗑️ Admin {current_user.email} supprime user {user_email} (role: {user_role}) | IP: {request.remote_addr}") try: db.session.delete(user) db.session.commit() # ✅ LOG ACTIVITÉ from services.logger_service import log_user_deleted log_user_deleted(current_user.id, user_email) flash(f'✅ Compte "{user_email}" supprimé.', 'success') except Exception as e: db.session.rollback() current_app.logger.error(f"Erreur suppression user {user_id}: {e}", exc_info=True) flash('❌ Erreur technique lors de la suppression.', 'danger') return redirect(url_for('admin.admin_panel')) # ======================================================================== # GESTION BANDEAU ADMIN # ======================================================================== @admin.route("/announcements") @login_required @role_required('admin') def manage_announcements(): """Page de gestion des bandeaux""" from models import Announcement announcements = Announcement.query.order_by(Announcement.created_at.desc()).all() return render_template('admin_announcements.html', announcements=announcements) @admin.route("/announcements/new", methods=['POST']) @login_required @role_required('admin') def create_announcement(): """Créer un nouveau bandeau""" from models import Announcement message = request.form.get('message', '').strip() target = request.form.get('target', 'all') if not message: flash("❌ Le message ne peut pas être vide.", 'danger') return redirect(url_for('admin.manage_announcements')) if len(message) > 500: flash("❌ Le message ne peut dépasser 500 caractères.", 'danger') return redirect(url_for('admin.manage_announcements')) # Désactiver tous les autres bandeaux Announcement.query.update({'is_active': False}) # Créer le nouveau announcement = Announcement( message=message, target=target, is_active=True ) try: db.session.add(announcement) db.session.commit() current_app.logger.info(f"📢 Admin {current_user.email} crée un bandeau (target: {target}) | IP: {request.remote_addr}") # ✅ LOG ACTIVITÉ from services.logger_service import log_announcement_created log_announcement_created(current_user.id, announcement.id, target) flash("✅ Bandeau créé et activé.", 'success') except Exception as e: db.session.rollback() current_app.logger.error(f"Erreur création bandeau: {e}", exc_info=True) flash("❌ Erreur lors de la création.", 'danger') return redirect(url_for('admin.manage_announcements')) @admin.route("/announcements//toggle", methods=['POST']) @login_required @role_required('admin') def toggle_announcement(announcement_id): """Activer/Désactiver un bandeau""" from models import Announcement announcement = Announcement.query.get_or_404(announcement_id) if not announcement.is_active: # Désactiver tous les autres avant d'activer celui-ci Announcement.query.update({'is_active': False}) announcement.is_active = not announcement.is_active try: db.session.commit() status = "activé" if announcement.is_active else "désactivé" current_app.logger.info(f"📢 Admin {current_user.email} {status} bandeau {announcement_id} | IP: {request.remote_addr}") flash(f"✅ Bandeau {status}.", 'success') except Exception as e: db.session.rollback() current_app.logger.error(f"Erreur toggle bandeau: {e}", exc_info=True) flash("❌ Erreur lors de la modification.", 'danger') return redirect(url_for('admin.manage_announcements')) @admin.route("/announcements//delete", methods=['POST']) @login_required @role_required('admin') def delete_announcement(announcement_id): """Supprimer un bandeau""" from models import Announcement announcement = Announcement.query.get_or_404(announcement_id) try: db.session.delete(announcement) db.session.commit() current_app.logger.info(f"📢 Admin {current_user.email} supprime bandeau {announcement_id} | IP: {request.remote_addr}") flash("✅ Bandeau supprimé.", 'success') except Exception as e: db.session.rollback() current_app.logger.error(f"Erreur suppression bandeau: {e}", exc_info=True) flash("❌ Erreur lors de la suppression.", 'danger') return redirect(url_for('admin.manage_announcements')) # ✅ API (PAS D'INDENTATION, niveau module) @admin.route("/api/active-announcement") def api_active_announcement(): """API pour récupérer le bandeau actif""" from models import Announcement if not current_user.is_authenticated: return {'announcement': None} announcement = Announcement.query.filter_by(is_active=True).first() if not announcement: return {'announcement': None} if announcement.target == 'manager' and current_user.role not in ['manager', 'admin']: return {'announcement': None} if announcement.target == 'user' and current_user.role != 'user': return {'announcement': None} return { 'announcement': { 'id': announcement.id, 'message': announcement.message, 'target': announcement.target } } # ======================================================================== # GESTION DOCUMENTATION # ======================================================================== import os from werkzeug.utils import secure_filename # Configuration uploads UPLOAD_FOLDER = 'static/uploads/documents' ALLOWED_EXTENSIONS = {'pdf'} MAX_FILE_SIZE = 10 * 1024 * 1024 # 10 MB def allowed_file(filename): return '.' in filename and filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS @admin.route("/documents") @login_required @role_required('admin') def manage_documents(): """Page de gestion des documents""" from models import Document documents = Document.query.order_by(Document.created_at.desc()).all() return render_template('admin_documents.html', documents=documents) @admin.route("/documents/upload", methods=['POST']) @login_required @role_required('admin') def upload_document(): """Upload un nouveau document""" from models import Document # Validation fichier if 'file' not in request.files: flash("❌ Aucun fichier sélectionné.", 'danger') return redirect(url_for('admin.manage_documents')) file = request.files['file'] if file.filename == '': flash("❌ Aucun fichier sélectionné.", 'danger') return redirect(url_for('admin.manage_documents')) if not allowed_file(file.filename): flash("❌ Seuls les fichiers PDF sont acceptés.", 'danger') return redirect(url_for('admin.manage_documents')) # Validation taille file.seek(0, os.SEEK_END) file_size = file.tell() file.seek(0) if file_size > MAX_FILE_SIZE: flash("❌ Fichier trop volumineux (max 10 MB).", 'danger') return redirect(url_for('admin.manage_documents')) # Récupération données formulaire title = request.form.get('title', '').strip() category = request.form.get('category', 'guide') if not title: flash("❌ Le titre est requis.", 'danger') return redirect(url_for('admin.manage_documents')) # Création dossier si nécessaire upload_path = os.path.join(current_app.root_path, UPLOAD_FOLDER) os.makedirs(upload_path, exist_ok=True) # Génération nom unique import uuid unique_filename = f"{uuid.uuid4().hex}_{secure_filename(file.filename)}" file_path = os.path.join(upload_path, unique_filename) # Sauvegarde fichier try: file.save(file_path) except Exception as e: current_app.logger.error(f"Erreur sauvegarde fichier: {e}", exc_info=True) flash("❌ Erreur lors de l'upload.", 'danger') return redirect(url_for('admin.manage_documents')) # Création entrée DB document = Document( title=title, category=category, filename=unique_filename, original_filename=secure_filename(file.filename), file_size=file_size, uploaded_by=current_user.id ) try: db.session.add(document) db.session.commit() current_app.logger.info(f"📄 Admin {current_user.email} upload document: {title} | IP: {request.remote_addr}") # ✅ LOG ACTIVITÉ from services.logger_service import log_document_uploaded log_document_uploaded(current_user.id, document.id, title, category) flash(f"✅ Document '{title}' uploadé avec succès.", 'success') except Exception as e: db.session.rollback() # Supprimer le fichier si échec DB try: os.remove(file_path) except: pass current_app.logger.error(f"Erreur création document DB: {e}", exc_info=True) flash("❌ Erreur lors de l'enregistrement.", 'danger') return redirect(url_for('admin.manage_documents')) @admin.route("/documents//delete", methods=['POST']) @login_required @role_required('admin') def delete_document(document_id): """Supprimer un document""" from models import Document document = Document.query.get_or_404(document_id) # Supprimer fichier physique file_path = os.path.join(current_app.root_path, UPLOAD_FOLDER, document.filename) try: if os.path.exists(file_path): os.remove(file_path) except Exception as e: current_app.logger.error(f"Erreur suppression fichier: {e}", exc_info=True) # Supprimer de la DB try: db.session.delete(document) db.session.commit() current_app.logger.info(f"📄 Admin {current_user.email} supprime document: {document.title} | IP: {request.remote_addr}") # ✅ LOG ACTIVITÉ from services.logger_service import log_document_deleted log_document_deleted(current_user.id, document.title) flash(f"✅ Document '{document.title}' supprimé.", 'success') except Exception as e: db.session.rollback() current_app.logger.error(f"Erreur suppression document DB: {e}", exc_info=True) flash("❌ Erreur lors de la suppression.", 'danger') return redirect(url_for('admin.manage_documents')) # ======================================================================== # LOGS SYSTÈME (ACTIVITÉ & ERREURS) # ======================================================================== @admin.route("/logs/activity") @login_required @role_required('admin') def logs_activity(): """Logs d'activité normale (INFO, WARNING)""" # Pagination page = request.args.get('page', 1, type=int) per_page = 50 # Filtres period = request.args.get('period', '7d') # 7d, 30d, 90d, all category = request.args.get('category', 'all') # AUTH, USER, REPORT, ADMIN, all user_filter = request.args.get('user', '') # Construction requête query = AuditLog.query.filter(AuditLog.level.in_(['INFO', 'WARNING'])) # Filtre période if period != 'all': days = int(period.rstrip('d')) cutoff = datetime.now(timezone.utc) - timedelta(days=days) query = query.filter(AuditLog.timestamp >= cutoff) # Filtre catégorie if category != 'all': query = query.filter(AuditLog.category == category.upper()) # Filtre utilisateur if user_filter: query = query.join(User, AuditLog.user_id == User.id, isouter=True)\ .filter(User.email.ilike(f'%{user_filter}%')) # Pagination pagination = query.order_by(AuditLog.timestamp.desc())\ .paginate(page=page, per_page=per_page, error_out=False) logs = pagination.items # Stats rapides total_today = AuditLog.query.filter( AuditLog.level == 'INFO', AuditLog.timestamp >= datetime.now(timezone.utc).replace(hour=0, minute=0, second=0) ).count() return render_template( 'admin_logs_activity.html', logs=logs, pagination=pagination, period=period, category=category, user_filter=user_filter, total_today=total_today ) @admin.route("/logs/errors") @login_required @role_required('admin') def logs_errors(): """Logs d'erreurs et problèmes (ERROR, CRITICAL)""" # Pagination page = request.args.get('page', 1, type=int) per_page = 30 # Filtres period = request.args.get('period', '7d') severity = request.args.get('severity', 'all') # ERROR, CRITICAL, all category = request.args.get('category', 'all') status = request.args.get('status', 'all') # resolved, unresolved, all # Construction requête query = AuditLog.query.filter(AuditLog.level.in_(['ERROR', 'CRITICAL'])) # Filtre période if period != 'all': days = int(period.rstrip('d')) cutoff = datetime.now(timezone.utc) - timedelta(days=days) query = query.filter(AuditLog.timestamp >= cutoff) # Filtre gravité if severity != 'all': query = query.filter(AuditLog.level == severity.upper()) # Filtre catégorie if category != 'all': query = query.filter(AuditLog.category == category.upper()) # Filtre statut if status == 'resolved': query = query.filter(AuditLog.resolved == True) elif status == 'unresolved': query = query.filter(AuditLog.resolved == False) # Pagination pagination = query.order_by(AuditLog.timestamp.desc())\ .paginate(page=page, per_page=per_page, error_out=False) logs = pagination.items # Stats unresolved_critical = AuditLog.query.filter( AuditLog.level == 'CRITICAL', AuditLog.resolved == False ).count() unresolved_errors = AuditLog.query.filter( AuditLog.level == 'ERROR', AuditLog.resolved == False ).count() return render_template( 'admin_logs_errors.html', logs=logs, pagination=pagination, period=period, severity=severity, category=category, status=status, unresolved_critical=unresolved_critical, unresolved_errors=unresolved_errors ) @admin.route("/logs/error//resolve", methods=['POST']) @login_required @role_required('admin') def resolve_error(log_id): """Marquer une erreur comme résolue""" log = AuditLog.query.get_or_404(log_id) if log.level not in ['ERROR', 'CRITICAL']: flash("❌ Seules les erreurs peuvent être marquées comme résolues.", 'danger') return redirect(url_for('admin.logs_errors')) try: log.mark_resolved(current_user.id) current_app.logger.info(f"✅ Erreur {log_id} résolue par {current_user.email}") flash("✅ Erreur marquée comme résolue.", 'success') except Exception as e: current_app.logger.error(f"Erreur résolution log {log_id}: {e}", exc_info=True) flash("❌ Erreur lors de la résolution.", 'danger') return redirect(url_for('admin.logs_errors')) @admin.route("/logs/error//unresolve", methods=['POST']) @login_required @role_required('admin') def unresolve_error(log_id): """Rouvrir une erreur""" log = AuditLog.query.get_or_404(log_id) try: log.resolved = False log.resolved_at = None log.resolved_by = None db.session.commit() current_app.logger.info(f"🔄 Erreur {log_id} rouverte par {current_user.email}") flash("🔄 Erreur rouverte.", 'success') except Exception as e: db.session.rollback() current_app.logger.error(f"Erreur réouverture log {log_id}: {e}", exc_info=True) flash("❌ Erreur lors de la réouverture.", 'danger') return redirect(url_for('admin.logs_errors')) @admin.route("/logs/export/activity") @login_required @role_required('admin') def export_logs_activity(): """Export CSV des logs d'activité""" import csv from io import StringIO from flask import make_response # Récupérer les logs (limiter à 10000) logs = AuditLog.query.filter(AuditLog.level.in_(['INFO', 'WARNING']))\ .order_by(AuditLog.timestamp.desc())\ .limit(10000)\ .all() # Créer CSV si = StringIO() writer = csv.writer(si) # Headers writer.writerow(['Timestamp', 'Level', 'Category', 'Action', 'User', 'IP', 'Message']) # Données for log in logs: writer.writerow([ log.timestamp.strftime('%Y-%m-%d %H:%M:%S'), log.level, log.category, log.action, log.user.email if log.user else 'N/A', log.ip_address or 'N/A', log.message ]) # Créer response output = make_response(si.getvalue()) output.headers["Content-Disposition"] = "attachment; filename=logs_activity.csv" output.headers["Content-type"] = "text/csv" current_app.logger.info(f"📥 Export logs activité par {current_user.email}") return output @admin.route("/logs/export/errors") @login_required @role_required('admin') def export_logs_errors(): """Export CSV des logs d'erreurs""" import csv from io import StringIO from flask import make_response # Récupérer les logs (limiter à 5000) logs = AuditLog.query.filter(AuditLog.level.in_(['ERROR', 'CRITICAL']))\ .order_by(AuditLog.timestamp.desc())\ .limit(5000)\ .all() # Créer CSV si = StringIO() writer = csv.writer(si) # Headers writer.writerow(['Timestamp', 'Level', 'Category', 'Action', 'User', 'IP', 'Message', 'Error Details', 'Resolved']) # Données for log in logs: writer.writerow([ log.timestamp.strftime('%Y-%m-%d %H:%M:%S'), log.level, log.category, log.action, log.user.email if log.user else 'N/A', log.ip_address or 'N/A', log.message, log.error_details or 'N/A', 'Oui' if log.resolved else 'Non' ]) # Créer response output = make_response(si.getvalue()) output.headers["Content-Disposition"] = "attachment; filename=logs_errors.csv" output.headers["Content-type"] = "text/csv" current_app.logger.info(f"📥 Export logs erreurs par {current_user.email}") return output # ======================================================================== # GESTION MULTI-CONNEXION # ======================================================================== @admin.route('/user//update_session_limit', methods=['POST']) @login_required @role_required('admin') def update_session_limit(user_id): """Modifier la limite de connexions simultanées d'un utilisateur""" from models import UserSession user = User.query.get_or_404(user_id) try: new_limit = int(request.form.get('session_limit', 1)) # Validation if new_limit < -1: flash("❌ Limite invalide. Utilisez -1 pour illimité.", 'danger') return redirect(url_for('admin.admin_user_detail', user_id=user_id)) if new_limit == 0: flash("❌ La limite ne peut pas être 0. Utilisez 1 minimum.", 'danger') return redirect(url_for('admin.admin_user_detail', user_id=user_id)) old_limit = user.max_concurrent_sessions user.max_concurrent_sessions = new_limit db.session.commit() # Log from services.logger_service import log_session_limit_changed log_session_limit_changed(current_user.id, user.id, user.email, old_limit, new_limit) current_app.logger.info(f"🔐 Admin {current_user.email} modifie limite connexions pour {user.email}: {old_limit} → {new_limit}") limit_text = "illimitées" if new_limit == -1 else str(new_limit) flash(f"✅ Limite de connexions mise à jour : {limit_text}", 'success') except ValueError: flash("❌ Valeur invalide.", 'danger') except Exception as e: db.session.rollback() current_app.logger.error(f"Erreur update session limit: {e}", exc_info=True) flash("❌ Erreur lors de la modification.", 'danger') return redirect(url_for('admin.admin_user_detail', user_id=user_id)) @admin.route('/user//disconnect_all_sessions', methods=['POST']) @login_required @role_required('admin') def disconnect_all_sessions(user_id): """Forcer la déconnexion de toutes les sessions actives d'un utilisateur""" from models import UserSession user = User.query.get_or_404(user_id) try: # Compter les sessions avant suppression sessions = UserSession.query.filter_by(user_id=user.id).all() sessions_count = len(sessions) if sessions_count == 0: flash("ℹ️ Aucune session active à déconnecter.", 'info') return redirect(url_for('admin.admin_user_detail', user_id=user_id)) # Supprimer toutes les sessions for session in sessions: db.session.delete(session) db.session.commit() # Log from services.logger_service import log_force_disconnect_all log_force_disconnect_all(current_user.id, user.id, user.email, sessions_count) current_app.logger.warning(f"🔌 Admin {current_user.email} déconnecte toutes les sessions ({sessions_count}) de {user.email}") flash(f"✅ {sessions_count} session(s) déconnectée(s) avec succès.", 'success') except Exception as e: db.session.rollback() current_app.logger.error(f"Erreur disconnect all sessions: {e}", exc_info=True) flash("❌ Erreur lors de la déconnexion.", 'danger') return redirect(url_for('admin.admin_user_detail', user_id=user_id)) @admin.route('/api/user//active_sessions') @login_required @role_required('admin') def get_active_sessions(user_id): """API pour récupérer les sessions actives d'un utilisateur""" from models import UserSession from flask import jsonify user = User.query.get_or_404(user_id) # Nettoyer les sessions expirées UserSession.cleanup_expired() sessions = UserSession.query.filter_by(user_id=user.id).order_by(UserSession.last_activity.desc()).all() sessions_data = [] for session in sessions: sessions_data.append({ 'id': session.id, 'device': session.device_info or 'Inconnu', 'ip': session.ip_address or 'N/A', 'location': session.location or 'N/A', 'created_at': session.created_at.strftime('%d/%m/%Y %H:%M'), 'last_activity': session.last_activity.strftime('%d/%m/%Y %H:%M') }) return jsonify({ 'count': len(sessions_data), 'max_limit': user.max_concurrent_sessions, 'sessions': sessions_data })