* feat(auth): add per-user admin promote/demote toggle Admin-only API and Users-tab control to grant/revoke admin rights; refuses to demote the last admin. * fix(auth): restore pre-admin privilege restrictions on demotion Promoting now stashes the user's privilege map (privileges_before_admin) and demoting restores it instead of resetting to defaults, so a promote/demote round trip can no longer broaden a restricted user's access. Users without a stash (created as admin, or promoted before this fix) still demote to DEFAULT_PRIVILEGES so a born-admin's stored all-True map — including can_use_bash — can't survive demotion. --------- Co-authored-by: K M Merajul Arefin <merajul.arefin@therapservices.net> |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| atomic_io.py | ||
| auth.py | ||
| constants.py | ||
| database.py | ||
| exceptions.py | ||
| middleware.py | ||
| models.py | ||
| platform_compat.py | ||
| session_manager.py | ||