from flask import Blueprint, render_template, request, redirect, url_for, flash, current_app, abort from flask_login import login_required, current_user from flask_mail import Message from services.email_service import ( send_pending_account_email as send_pending_email, send_team_invitation_email as send_team_email, send_account_suspended_email, send_account_reactivated_email, send_audit_blocked_email, send_audit_unblocked_email, send_action_confirmation_to_distributor, send_distributor_action_to_admin, send_admin_pending_validation_notification ) from datetime import datetime, timezone, timedelta from sqlalchemy import func from models import User, Rapport, AuditLog from extensions import db, bcrypt, mail, limiter from decorators import role_required # ✅ Import centralisé des fonctions utilitaires from utils import ( validate_email_format, escape_like_pattern, generate_random_password ) distributor = Blueprint('distributor', __name__, url_prefix='/distributor', template_folder='../templates') def send_pending_account_email(user, distributor_name): """Envoie l'email de compte en attente via le service centralisé""" return send_pending_email(user, distributor_name) def send_team_invitation_email(user): """Envoie l'email d'invitation via le service centralisé""" try: token = user.get_reset_token(expires_sec=86400, secret_key=str(current_app.config['SECRET_KEY'])) reset_url = url_for('auth.reset_password', token=token, _external=True) inviter_name = current_user.company_name or current_user.email return send_team_email(user, reset_url, inviter_name) except Exception as e: current_app.logger.error(f"Erreur envoi email team distributeur à {user.email}: {e}", exc_info=True) return False # ======================================================================== # DASHBOARD PRINCIPAL # ======================================================================== @distributor.route('/dashboard') @login_required @role_required(['distributor', 'admin']) def distributor_dashboard(): """Dashboard principal du Distributeur""" # Paramètres de pagination, tri et recherche page = request.args.get('page', 1, type=int) sort_by = request.args.get('sort', 'date') search = request.args.get('search', '').strip() filter_type = request.args.get('filter', 'all') per_page = 10 # Utiliser owner_id pour inclure les comptes créés par l'équipe owner_id = current_user.owner_id # Récupérer tous les IDs de l'équipe (patron + membres) team_ids = [u.id for u in User.query.filter( (User.id == owner_id) | (User.parent_id == owner_id) ).all()] # Requête de base query = User.query.filter(User.distributor_id.in_(team_ids)) # Filtre par statut/rôle if filter_type == 'active': query = query.filter(User.is_active_account == True, User.pending_validation == False) elif filter_type == 'pending': query = query.filter(User.pending_validation == True) elif filter_type == 'inactive': query = query.filter(User.is_active_account == False, User.pending_validation == False) elif filter_type == 'manager': query = query.filter(User.role == 'manager') elif filter_type == 'user': query = query.filter(User.role == 'user') # Filtre recherche - ✅ SÉCURISÉ if search: search_escaped = escape_like_pattern(search) query = query.filter( (User.company_name.ilike(f'%{search_escaped}%', escape='\\')) | (User.email.ilike(f'%{search_escaped}%', escape='\\')) ) # Tri if sort_by == 'name': query = query.order_by(User.company_name.asc()) elif sort_by == 'role': query = query.order_by(User.role.desc(), User.company_name.asc()) elif sort_by == 'engagement': # Tri par fin d'engagement (les plus proches en premier, NULL à la fin) query = query.order_by( User.engagement_end_date.is_(None), User.engagement_end_date.asc() ) else: # date (défaut) query = query.order_by(User.created_at.desc()) # Pagination pagination = query.paginate(page=page, per_page=per_page, error_out=False) # ✅ OPTIMISÉ : Pré-charger les stats en quelques requêtes account_ids = [a.id for a in pagination.items] manager_ids = [a.id for a in pagination.items if a.role == 'manager'] # Requête 1 : Compter les rapports directs par compte report_counts = {} if account_ids: counts = db.session.query( Rapport.user_id, func.count(Rapport.id) ).filter(Rapport.user_id.in_(account_ids))\ .group_by(Rapport.user_id)\ .all() report_counts = {user_id: count for user_id, count in counts} # Requête 2 : Pour les managers, compter leurs clients et membres d'équipe clients_counts = {} clients_diags = {} team_members_counts = {} team_members_diags = {} if manager_ids: # Nombre de clients par manager client_counts_query = db.session.query( User.manager_id, func.count(User.id) ).filter(User.manager_id.in_(manager_ids))\ .group_by(User.manager_id)\ .all() clients_counts = {manager_id: count for manager_id, count in client_counts_query} # Rapports des clients groupés par manager client_reports = db.session.query( User.manager_id, func.count(Rapport.id) ).join(Rapport, Rapport.user_id == User.id)\ .filter(User.manager_id.in_(manager_ids))\ .group_by(User.manager_id)\ .all() clients_diags = {manager_id: count for manager_id, count in client_reports} # ✅ Nombre de membres d'équipe par manager team_counts_query = db.session.query( User.parent_id, func.count(User.id) ).filter(User.parent_id.in_(manager_ids))\ .group_by(User.parent_id)\ .all() team_members_counts = {parent_id: count for parent_id, count in team_counts_query} # ✅ Rapports des membres d'équipe groupés par patron team_reports = db.session.query( User.parent_id, func.count(Rapport.id) ).join(Rapport, Rapport.user_id == User.id)\ .filter(User.parent_id.in_(manager_ids))\ .group_by(User.parent_id)\ .all() team_members_diags = {parent_id: count for parent_id, count in team_reports} # Construction des données (0 requête dans la boucle !) accounts = [] for account in pagination.items: if account.role == 'manager': account.clients_count = clients_counts.get(account.id, 0) account.team_members_count = team_members_counts.get(account.id, 0) account.total_diags = ( report_counts.get(account.id, 0) + clients_diags.get(account.id, 0) + team_members_diags.get(account.id, 0) ) else: account.total_diags = report_counts.get(account.id, 0) account.clients_count = 0 account.team_members_count = 0 accounts.append(account) # Stats globales (tous les comptes, pas seulement la page courante) all_accounts = User.query.filter(User.distributor_id.in_(team_ids)).all() all_account_ids = [a.id for a in all_accounts] total_accounts = len(all_accounts) pending_accounts = sum(1 for a in all_accounts if a.pending_validation) active_accounts = sum(1 for a in all_accounts if a.is_active_account and not a.pending_validation) managers_count = sum(1 for a in all_accounts if a.role == 'manager') users_count = sum(1 for a in all_accounts if a.role == 'user') # Stats diagnostics total_diags = 0 diags_last_30_days = 0 if all_account_ids: # 1. Diagnostics directs des comptes direct_diags = db.session.query(func.count(Rapport.id))\ .filter(Rapport.user_id.in_(all_account_ids))\ .scalar() or 0 # 2. Diagnostics des clients des managers manager_account_ids = [a.id for a in all_accounts if a.role == 'manager'] clients_diags_total = 0 team_diags_total = 0 if manager_account_ids: client_ids = [u.id for u in User.query.filter(User.manager_id.in_(manager_account_ids)).all()] if client_ids: clients_diags_total = db.session.query(func.count(Rapport.id))\ .filter(Rapport.user_id.in_(client_ids))\ .scalar() or 0 # 3. Diagnostics des membres d'équipe des managers team_member_ids = [u.id for u in User.query.filter(User.parent_id.in_(manager_account_ids)).all()] if team_member_ids: team_diags_total = db.session.query(func.count(Rapport.id))\ .filter(Rapport.user_id.in_(team_member_ids))\ .scalar() or 0 total_diags = direct_diags + clients_diags_total + team_diags_total # Tendance 30 derniers jours thirty_days_ago = datetime.now() - timedelta(days=30) diags_30d_direct = db.session.query(func.count(Rapport.id))\ .filter( Rapport.user_id.in_(all_account_ids), Rapport.date_creation >= thirty_days_ago ).scalar() or 0 diags_30d_clients = 0 diags_30d_team = 0 if manager_account_ids: client_ids = [u.id for u in User.query.filter(User.manager_id.in_(manager_account_ids)).all()] if client_ids: diags_30d_clients = db.session.query(func.count(Rapport.id))\ .filter( Rapport.user_id.in_(client_ids), Rapport.date_creation >= thirty_days_ago ).scalar() or 0 team_member_ids = [u.id for u in User.query.filter(User.parent_id.in_(manager_account_ids)).all()] if team_member_ids: diags_30d_team = db.session.query(func.count(Rapport.id))\ .filter( Rapport.user_id.in_(team_member_ids), Rapport.date_creation >= thirty_days_ago ).scalar() or 0 diags_last_30_days = diags_30d_direct + diags_30d_clients + diags_30d_team # ✅ Stats DNS from models import DnsReport total_dns = 0 if all_account_ids: total_dns = db.session.query(func.count(DnsReport.id))\ .filter(DnsReport.user_id.in_(all_account_ids))\ .scalar() or 0 # DNS des clients des managers if manager_account_ids: client_ids = [u.id for u in User.query.filter(User.manager_id.in_(manager_account_ids)).all()] if client_ids: total_dns += db.session.query(func.count(DnsReport.id))\ .filter(DnsReport.user_id.in_(client_ids))\ .scalar() or 0 stats = { 'total': total_accounts, 'pending': pending_accounts, 'active': active_accounts, 'managers': managers_count, 'users': users_count, 'total_diags': total_diags, 'total_dns': total_dns, 'diags_trend': diags_last_30_days } return render_template('distributor_dashboard.html', accounts=accounts, stats=stats, pagination=pagination, current_sort=sort_by, current_search=search, current_filter=filter_type, now=datetime.now()) # ======================================================================== # CRÉATION DE COMPTES # ======================================================================== @distributor.route('/new_account', methods=['GET', 'POST']) @login_required @role_required(['distributor', 'admin']) @limiter.limit("50 per hour") def new_account(): """Créer un nouveau compte (Manager ou User)""" if request.method == 'POST': email = request.form.get('email', '').strip().lower() company_name = request.form.get('company_name', '').strip() role = request.form.get('role', '').strip() subscription_plan = request.form.get('subscription_plan', 'start').strip() # Validations if not email or not company_name or not role: flash("❌ Tous les champs sont requis.", 'danger') return render_template('distributor_new_account.html') if not validate_email_format(email): flash("❌ Format d'email invalide.", 'danger') return render_template('distributor_new_account.html') if User.query.filter_by(email=email).first(): flash(f"❌ L'email {email} est déjà utilisé.", 'warning') return render_template('distributor_new_account.html') if role not in ['manager', 'user']: flash("❌ Rôle invalide. Choisissez Manager ou Utilisateur.", 'danger') return render_template('distributor_new_account.html') if subscription_plan not in ['start', 'premium', 'business']: subscription_plan = 'start' if len(company_name) > 150: flash("❌ Nom d'entreprise trop long (150 caractères max).", 'danger') return render_template('distributor_new_account.html') # Création du compte temp_password = generate_random_password(32) hashed_password = bcrypt.generate_password_hash(temp_password).decode('utf-8') new_user = User( email=email, password=hashed_password, role=role, company_name=company_name, subscription_plan=subscription_plan, distributor_id=current_user.owner_id, # ✅ Lié au OWNER du distributeur is_active_account=False, pending_validation=True, can_audit=True ) # ✅ Date d'engagement (optionnel) engagement_date = request.form.get('engagement_date', '').strip() if engagement_date: try: new_user.engagement_end_date = datetime.strptime(engagement_date, '%Y-%m-%d') except ValueError: pass try: db.session.add(new_user) db.session.commit() current_app.logger.info( f"➕ Distributeur {current_user.email} crée compte {email} " f"(role: {role}, plan: {subscription_plan}) - EN ATTENTE | IP: {request.remote_addr}" ) # Email au nouveau compte send_pending_account_email(new_user, current_user.company_name or current_user.email) # ✅ NOTIFIER L'ADMIN qu'un compte attend validation admin = User.query.filter_by(role='admin').first() if admin: send_admin_pending_validation_notification(admin.email, new_user, current_user) flash(f"✅ Compte créé pour {company_name}. En attente de validation par l'administrateur.", 'success') return redirect(url_for('distributor.distributor_dashboard')) except Exception as e: db.session.rollback() current_app.logger.error(f"Erreur création compte par distributeur: {e}", exc_info=True) flash("❌ Erreur technique lors de la création.", 'danger') return render_template('distributor_new_account.html') # ======================================================================== # GESTION D'ÉQUIPE # ======================================================================== @distributor.route('/team') @login_required @role_required(['distributor', 'admin']) def manage_team(): """Affiche la liste des membres de l'équipe""" # 🚨 SÉCURITÉ : Seul le patron (celui qui n'a pas de parent) gère l'équipe if current_user.parent_id: flash("❌ Seul le titulaire principal du compte peut gérer l'équipe.", "warning") return redirect(url_for('distributor.distributor_dashboard')) # On récupère les membres rattachés à ce distributeur members = User.query.filter_by(parent_id=current_user.id, role='distributor').all() return render_template('distributor_team.html', members=members) @distributor.route('/team/add', methods=['POST']) @login_required @role_required(['distributor', 'admin']) @limiter.limit("20 per hour") def add_team_member(): """Ajouter un collaborateur distributeur""" # 🚨 SÉCURITÉ if current_user.parent_id: flash("Action non autorisée.", 'danger') return redirect(url_for('distributor.distributor_dashboard')) email = request.form.get('email', '').strip().lower() nom = request.form.get('name', '').strip() if not email: flash("L'email est requis.", 'danger') return redirect(url_for('distributor.manage_team')) if not validate_email_format(email): flash("Format d'email invalide.", 'danger') return redirect(url_for('distributor.manage_team')) if User.query.filter_by(email=email).first(): flash("Cet email est déjà utilisé.", 'danger') return redirect(url_for('distributor.manage_team')) # Génération password temp temp_password = generate_random_password(24) hashed_pw = bcrypt.generate_password_hash(temp_password).decode('utf-8') # Création du membre new_member = User( email=email, password=hashed_pw, role='distributor', # ✅ Rôle distributeur parent_id=current_user.id, # ✅ Lien parent company_name=nom or email.split('@')[0], is_active_account=True, max_concurrent_sessions=1 ) try: db.session.add(new_member) db.session.commit() # Envoi invitation if send_team_invitation_email(new_member): flash(f"✅ Invitation envoyée à {email}.", "success") else: flash(f"⚠️ Utilisateur créé mais erreur d'envoi d'email.", "warning") current_app.logger.info(f"👥 Distributeur {current_user.email} ajoute membre {email}") except Exception as e: db.session.rollback() current_app.logger.error(f"Erreur ajout team member distributeur: {e}", exc_info=True) flash("Erreur technique lors de l'ajout.", "danger") return redirect(url_for('distributor.manage_team')) @distributor.route('/team/delete/', methods=['POST']) @login_required @role_required(['distributor', 'admin']) def delete_team_member(member_id): """Supprimer un collaborateur""" # 🚨 SÉCURITÉ if current_user.parent_id: abort(403) member = User.query.get_or_404(member_id) # Vérifier que ce membre appartient bien à ce distributeur if member.parent_id != current_user.id: flash("Action non autorisée.", "danger") return redirect(url_for('distributor.manage_team')) try: email = member.email db.session.delete(member) db.session.commit() flash(f"✅ Membre {email} supprimé.", "success") current_app.logger.info(f"👥 Distributeur {current_user.email} supprime membre {email}") except Exception as e: db.session.rollback() current_app.logger.error(f"Erreur suppression team member: {e}") flash("Erreur lors de la suppression.", "danger") return redirect(url_for('distributor.manage_team')) # ======================================================================== # LOGS D'ACTIVITÉ # ======================================================================== @distributor.route('/logs') @login_required @role_required(['distributor', 'admin']) def activity_logs(): """Affiche les logs d'activité de l'organisation du distributeur""" # 1. Définir le périmètre (Scope) owner_id = current_user.owner_id # Récupérer tous les IDs liés à cette organisation : # - Le Patron (Owner) # - Les Membres d'équipe (parent_id = owner_id) team_ids = [u.id for u in User.query.filter( (User.id == owner_id) | (User.parent_id == owner_id) ).all()] # - Les comptes créés par le distributeur (distributor_id in team_ids) created_account_ids = [u.id for u in User.query.filter(User.distributor_id.in_(team_ids)).all()] # Liste complète des IDs autorisés allowed_user_ids = team_ids + created_account_ids # 2. Filtres page = request.args.get('page', 1, type=int) period = request.args.get('period', '7d') category = request.args.get('category', 'all') user_search = request.args.get('user', '').strip() # 3. Requête de base (Filtrée par les IDs autorisés) query = AuditLog.query.filter( AuditLog.user_id.in_(allowed_user_ids), AuditLog.level.in_(['INFO', 'WARNING']) # On cache les erreurs techniques ) # Application des filtres if period != 'all': days = int(period.rstrip('d')) cutoff = datetime.now(timezone.utc) - timedelta(days=days) query = query.filter(AuditLog.timestamp >= cutoff) if category != 'all': query = query.filter(AuditLog.category == category.upper()) if user_search: # Jointure pour filtrer par email - ✅ SÉCURISÉ user_search_escaped = escape_like_pattern(user_search) query = query.join(User).filter(User.email.ilike(f'%{user_search_escaped}%', escape='\\')) # 4. Pagination pagination = query.order_by(AuditLog.timestamp.desc())\ .paginate(page=page, per_page=20, error_out=False) return render_template( 'distributor_logs.html', logs=pagination.items, pagination=pagination, period=period, category=category, user_search=user_search ) # ======================================================================== # GESTION DES COMPTES CRÉÉS (DÉTAIL, ÉDITION, ACTIONS) # ======================================================================== @distributor.route('/account/') @login_required @role_required(['distributor', 'admin']) def account_detail(account_id): """Voir les détails d'un compte créé par le distributeur""" account = User.query.get_or_404(account_id) # Sécurité : Vérifier que ce compte appartient bien à ce distributeur (ou admin) if current_user.role == 'distributor': owner_id = current_user.owner_id team_ids = [u.id for u in User.query.filter( (User.id == owner_id) | (User.parent_id == owner_id) ).all()] if account.distributor_id not in team_ids: flash("❌ Accès non autorisé.", 'danger') return redirect(url_for('distributor.distributor_dashboard')) # Statistiques du compte rapports_count = Rapport.query.filter_by(user_id=account.id).count() # Si c'est un manager, récupérer ses clients et leurs rapports clients = [] clients_count = 0 total_audits = 0 team_members = [] if account.role == 'manager': from models import DnsReport as DnsReportModel clients_raw = User.query.filter_by(manager_id=account.id).all() clients_count = len(clients_raw) # Enrichir chaque client avec son nombre de rapports ET DNS for client in clients_raw: client.rapports = Rapport.query.filter_by(user_id=client.id).order_by(Rapport.date_creation.desc()).all() client.rapport_count = len(client.rapports) client.dns_reports = DnsReportModel.query.filter_by(user_id=client.id).order_by(DnsReportModel.created_at.desc()).all() client.dns_count = len(client.dns_reports) clients.append(client) total_audits += client.rapport_count # ✅ Membres d'équipe du manager (avec leurs diags et DNS) team_members_raw = User.query.filter_by(parent_id=account.id).all() for member in team_members_raw: member.rapports = Rapport.query.filter_by(user_id=member.id).order_by(Rapport.date_creation.desc()).all() member.rapport_count = len(member.rapports) member.dns_reports = DnsReportModel.query.filter_by(user_id=member.id).order_by(DnsReportModel.created_at.desc()).all() member.dns_count = len(member.dns_reports) team_members.append(member) total_audits += member.rapport_count # Récupérer les rapports du compte (pagination) page = request.args.get('page', 1, type=int) search = request.args.get('search', '').strip() query = Rapport.query.filter_by(user_id=account.id) if search: search_escaped = escape_like_pattern(search) query = query.filter(Rapport.nom_client.ilike(f'%{search_escaped}%', escape='\\')) pagination = query.order_by(Rapport.date_creation.desc()).paginate(page=page, per_page=10, error_out=False) # ======================================================================== # ✅ NOUVEAU : ANALYSES DNS # ======================================================================== from models import DnsReport dns_page = request.args.get('dns_page', 1, type=int) dns_search = request.args.get('dns_search', '').strip() dns_per_page = 10 dns_query = DnsReport.query.filter_by(user_id=account.id) if dns_search: dns_search_escaped = escape_like_pattern(dns_search) dns_query = dns_query.filter( db.or_( DnsReport.client_name.ilike(f'%{dns_search_escaped}%', escape='\\'), DnsReport.domain.ilike(f'%{dns_search_escaped}%', escape='\\') ) ) dns_pagination = dns_query.order_by(DnsReport.created_at.desc())\ .paginate(page=dns_page, per_page=dns_per_page, error_out=False) return render_template('distributor_account_detail.html', account=account, rapports=pagination.items, pagination=pagination, rapports_count=rapports_count, clients=clients, clients_count=clients_count, team_members=team_members, # ✅ NOUVEAU total_audits=total_audits, current_search=search, dns_reports=dns_pagination.items, dns_pagination=dns_pagination, dns_search=dns_search, now=datetime.now()) @distributor.route('/account//toggle_access', methods=['POST']) @login_required @role_required(['distributor', 'admin']) def toggle_account_access(account_id): """Activer/Suspendre un compte""" account = User.query.get_or_404(account_id) # Sécurité if current_user.role == 'distributor': owner_id = current_user.owner_id team_ids = [u.id for u in User.query.filter( (User.id == owner_id) | (User.parent_id == owner_id) ).all()] if account.distributor_id not in team_ids: flash("❌ Action non autorisée.", 'danger') return redirect(url_for('distributor.distributor_dashboard')) account.is_active_account = not account.is_active_account action = "réactivé" if account.is_active_account else "suspendu" action_type = "reactivated" if account.is_active_account else "suspended" db.session.commit() current_app.logger.warning(f"🔒 Distributeur {current_user.email} a {action} le compte {account.email}") # ✅ NOTIFICATIONS EMAIL distributor_name = current_user.company_name or current_user.email # 1. Email au compte concerné if account.is_active_account: send_account_reactivated_email(account, distributor_name, 'Distributeur') else: send_account_suspended_email(account, distributor_name, 'Distributeur') # 2. Confirmation au distributeur send_action_confirmation_to_distributor(current_user.email, action_type, account) # 3. Notification à l'admin admin = User.query.filter_by(role='admin').first() if admin: send_distributor_action_to_admin(admin.email, current_user, action_type, account) flash(f"✅ Le compte de {account.company_name or account.email} a été {action}.", 'success') return redirect(url_for('distributor.account_detail', account_id=account.id)) @distributor.route('/account//toggle_audit', methods=['POST']) @login_required @role_required(['distributor', 'admin']) def toggle_account_audit(account_id): """Activer/Bloquer la création d'audits""" account = User.query.get_or_404(account_id) # Sécurité if current_user.role == 'distributor': owner_id = current_user.owner_id team_ids = [u.id for u in User.query.filter( (User.id == owner_id) | (User.parent_id == owner_id) ).all()] if account.distributor_id not in team_ids: flash("❌ Action non autorisée.", 'danger') return redirect(url_for('distributor.distributor_dashboard')) account.can_audit = not account.can_audit action = "autorisée" if account.can_audit else "bloquée" action_type = "audit_unblocked" if account.can_audit else "audit_blocked" db.session.commit() current_app.logger.info(f"📝 Distributeur {current_user.email} a {action} la création d'audit pour {account.email}") # ✅ NOTIFICATIONS EMAIL distributor_name = current_user.company_name or current_user.email # 1. Email au compte concerné if account.can_audit: send_audit_unblocked_email(account, distributor_name, 'Distributeur') else: send_audit_blocked_email(account, distributor_name, 'Distributeur') # 2. Confirmation au distributeur send_action_confirmation_to_distributor(current_user.email, action_type, account) # 3. Notification à l'admin admin = User.query.filter_by(role='admin').first() if admin: send_distributor_action_to_admin(admin.email, current_user, action_type, account) flash(f"✅ La création d'audit est maintenant {action}.", 'success') return redirect(url_for('distributor.account_detail', account_id=account.id)) @distributor.route('/account//update_engagement', methods=['POST']) @login_required @role_required(['distributor', 'admin']) def update_account_engagement(account_id): """Modifier la date de fin d'engagement""" account = User.query.get_or_404(account_id) # Sécurité if current_user.role == 'distributor': owner_id = current_user.owner_id team_ids = [u.id for u in User.query.filter( (User.id == owner_id) | (User.parent_id == owner_id) ).all()] if account.distributor_id not in team_ids: flash("❌ Action non autorisée.", 'danger') return redirect(url_for('distributor.distributor_dashboard')) date_str = request.form.get('engagement_date', '').strip() if date_str: try: account.engagement_end_date = datetime.strptime(date_str, '%Y-%m-%d') db.session.commit() current_app.logger.info(f"📅 Distributeur {current_user.email} modifie engagement pour {account.email}: {date_str}") flash("✅ Date d'engagement mise à jour.", 'success') except ValueError: flash("❌ Format de date invalide.", 'warning') else: account.engagement_end_date = None db.session.commit() flash("✅ Date d'engagement supprimée.", 'info') return redirect(url_for('distributor.account_detail', account_id=account.id)) @distributor.route('/account//delete', methods=['POST']) @login_required @role_required(['distributor', 'admin']) def delete_account(account_id): """Supprimer un compte créé""" account = User.query.get_or_404(account_id) # Sécurité if current_user.role == 'distributor': owner_id = current_user.owner_id team_ids = [u.id for u in User.query.filter( (User.id == owner_id) | (User.parent_id == owner_id) ).all()] if account.distributor_id not in team_ids: flash("❌ Action non autorisée.", 'danger') return redirect(url_for('distributor.distributor_dashboard')) # Ne pas supprimer un compte en attente de validation (l'admin doit le faire) if account.pending_validation: flash("❌ Ce compte est en attente de validation. Contactez l'administrateur.", 'warning') return redirect(url_for('distributor.account_detail', account_id=account.id)) # ✅ Bloquer si manager avec clients if account.role == 'manager': clients_count = User.query.filter_by(manager_id=account.id).count() if clients_count > 0: flash(f"❌ Impossible : ce manager gère encore {clients_count} client(s).", 'danger') return redirect(url_for('distributor.account_detail', account_id=account.id)) account_email = account.email account_company = account.company_name current_app.logger.warning(f"🗑️ Distributeur {current_user.email} supprime le compte {account_email}") # ✅ NOTIFIER L'ADMIN AVANT SUPPRESSION admin = User.query.filter_by(role='admin').first() if admin: send_distributor_action_to_admin(admin.email, current_user, 'deleted', account) try: # ✅ Supprimer les données liées AVANT de supprimer le compte from models import DnsReport, UserSession DnsReport.query.filter_by(user_id=account.id).delete() Rapport.query.filter_by(user_id=account.id).delete() UserSession.query.filter_by(user_id=account.id).delete() AuditLog.query.filter_by(user_id=account.id).delete() db.session.delete(account) db.session.commit() flash(f"✅ Compte {account_email} supprimé définitivement.", 'success') return redirect(url_for('distributor.distributor_dashboard')) except Exception as e: db.session.rollback() current_app.logger.error(f"Erreur suppression compte {account_id}: {e}", exc_info=True) flash("❌ Erreur technique lors de la suppression.", 'danger') return redirect(url_for('distributor.account_detail', account_id=account.id))