Development

docker/routlin-dash/app/pages/accountmanage/action.py

@@ -66,6 +66,40 @@ def accounts_add():
     return redirect(f'/{_PAGE}')
 
 
+@bp.route('/action/accountmanage/accounts_edit', methods=['POST'])
+@auth.require_level('manager')
+def accounts_edit():
+    try:
+        row_index = int(request.form.get('row_index', ''))
+    except (ValueError, TypeError):
+        flash('Invalid request.', 'error')
+        return redirect(f'/{_PAGE}')
+
+    access_level = request.form.get('access_level', '').strip()
+    if access_level not in VALID_LEVELS:
+        flash('Invalid access level.', 'error')
+        return redirect(f'/{_PAGE}')
+
+    data     = _load_accounts()
+    accounts = data.get('accounts', [])
+
+    if row_index < 0 or row_index >= len(accounts):
+        flash('Account not found.', 'error')
+        return redirect(f'/{_PAGE}')
+
+    target = accounts[row_index]
+    if target.get('email_address', '').lower() == session.get('email_address', '').lower():
+        flash('You cannot change your own access level.', 'error')
+        return redirect(f'/{_PAGE}')
+
+    accounts[row_index]['access_level'] = access_level
+    data['accounts'] = accounts
+    _save_accounts(data)
+
+    flash('Account updated.', 'success')
+    return redirect(f'/{_PAGE}')
+
+
 @bp.route('/action/accountmanage/accounts_delete', methods=['POST'])
 @auth.require_level('manager')
 def accounts_delete():