feat: Implement admin role validation and enhance user management scripts

2026-02-08 23:19:30 -05:00
parent 060b2953fa
commit 27f02224ab
8 changed files with 227 additions and 34 deletions
--- a/backend/scripts/README.md
+++ b/backend/scripts/README.md
@@ -0,0 +1,58 @@
+# Backend Scripts
+
+Utility scripts for backend management tasks.
+
+## create_admin.py
+
+Creates an admin user account with elevated privileges.
+
+### Usage
+
+```bash
+cd backend
+python scripts/create_admin.py
+```
+
+The script will prompt you for:
+
+- Email address
+- Password (minimum 8 characters)
+- First name
+- Last name
+
+### Security Notes
+
+- Admin users can only be created through this script or direct database manipulation
+- The admin role cannot be assigned through the signup API
+- Existing email addresses will be rejected
+- Passwords are hashed using werkzeug's secure hash algorithm
+
+### Example
+
+```bash
+$ python scripts/create_admin.py
+=== Create Admin User ===
+
+Email: admin@example.com
+Password: ********
+First name: Admin
+Last name: User
+
+Create admin user 'admin@example.com'? (yes/no): yes
+✓ Admin user created successfully!
+  Email: admin@example.com
+  Name: Admin User
+  Role: admin
+```
+
+## Requirements
+
+The script requires the backend virtual environment to be activated:
+
+```bash
+# Windows
+.venv\Scripts\activate
+
+# Linux/Mac
+source .venv/bin/activate
+```
--- a/backend/scripts/create_admin.py
+++ b/backend/scripts/create_admin.py
@@ -0,0 +1,64 @@
+"""
+Script to create an admin user account.
+Usage: python backend/scripts/create_admin.py
+"""
+import sys
+import os
+sys.path.insert(0, os.path.abspath(os.path.join(os.path.dirname(__file__), '..')))
+
+from db.db import users_db
+from models.user import User
+from werkzeug.security import generate_password_hash
+from tinydb import Query
+import uuid
+
+def create_admin_user(email: str, password: str, first_name: str, last_name: str):
+    """Create an admin user account."""
+    
+    # Check if user already exists
+    Query_ = Query()
+    existing_user = users_db.get(Query_.email == email)
+    
+    if existing_user:
+        print(f"Error: User with email {email} already exists")
+        return False
+    
+    admin = User(
+        id=str(uuid.uuid4()),
+        email=email,
+        first_name=first_name,
+        last_name=last_name,
+        password=generate_password_hash(password),
+        verified=True,
+        role='admin'
+    )
+    
+    users_db.insert(admin.to_dict())
+    print(f"✓ Admin user created successfully!")
+    print(f"  Email: {email}")
+    print(f"  Name: {first_name} {last_name}")
+    print(f"  Role: admin")
+    return True
+
+if __name__ == '__main__':
+    print("=== Create Admin User ===\n")
+    
+    email = input("Email: ").strip()
+    password = input("Password: ").strip()
+    first_name = input("First name: ").strip()
+    last_name = input("Last name: ").strip()
+    
+    if not all([email, password, first_name, last_name]):
+        print("Error: All fields are required")
+        sys.exit(1)
+    
+    if len(password) < 8:
+        print("Error: Password must be at least 8 characters")
+        sys.exit(1)
+    
+    confirm = input(f"\nCreate admin user '{email}'? (yes/no): ").strip().lower()
+    
+    if confirm == 'yes':
+        create_admin_user(email, password, first_name, last_name)
+    else:
+        print("Cancelled")