Skip to content

MULTI_USER_IMPLEMENTATION.md

Latest commit

 

History

History
93 lines (68 loc) · 3.17 KB

MULTI_USER_IMPLEMENTATION.md

File metadata and controls

93 lines (68 loc) · 3.17 KB

Multi-User System Implementation

Changes Made

The Subscription Tracker has been converted from a single-user to a multi-user system with role-based access control.

Key Features

  1. User Roles:

    • Standard Users: Can only manage their own subscriptions and settings
    • Admin Users: Can manage all users, create new users, and access admin settings

  2. User Management:

    • Registration is disabled for public users
    • Only admins can create new users
    • Admins can modify user roles, passwords, and delete users (with restrictions)

  3. Security:

    • Admins cannot delete themselves while logged in
    • There must always be at least one admin user
    • The last admin cannot have their admin role removed

Implementation Details

Database Changes

  • User model already had is_admin field
  • Added cascade delete relationships for UserSettings and Subscriptions
  • Each user has isolated subscriptions and settings

Routes Added

  • /admin/users - List all users (admin only)
  • /admin/users/add - Add new user (admin only)
  • /admin/users/edit/<id> - Edit user (admin only)
  • /admin/users/delete/<id> - Delete user (admin only)

Templates Added

  • admin_users.html - User management dashboard
  • admin_add_user.html - Add user form
  • admin_edit_user.html - Edit user form

Forms Added

  • AdminUserForm - For creating new users
  • AdminEditUserForm - For editing existing users

Navigation Changes

  • Removed registration link from login page
  • Added "Admin Settings" menu item for admin users
  • Admin settings accessible via Settings dropdown

Admin User Creation

The system automatically creates a default admin user if no admin exists:

  • Username: admin
  • Password: changeme
  • This only happens if there are no existing admin users

User Isolation

  • Each user has their own subscriptions and settings
  • Users cannot access other users' data
  • All existing functionality (dashboard, analytics, etc.) works per-user
  • Currency conversion, notifications, and other features work independently per user

Admin Capabilities

Admin users can:

  • View all users in the system
  • Create new users (both standard and admin)
  • Edit user details (username, email, password, role)
  • Delete users (with restrictions)
  • See user statistics (subscription counts)

Restrictions

  • Admins cannot delete themselves while logged in
  • Cannot delete the last admin user
  • Cannot remove admin role from the last admin
  • Deleting a user also deletes all their subscriptions and settings

Migration Notes

  • Existing users will retain their data
  • If upgrading from single-user, the existing admin user will remain as admin
  • No data migration needed - all existing subscriptions belong to existing users

Security Considerations

  • All admin routes check for admin privileges
  • User isolation is enforced at the database query level
  • Proper error handling prevents information leakage
  • Form validation prevents privilege escalation

This implementation provides a clean separation between users while maintaining the existing functionality for each individual user.