Development

docker/routlin-dash/app/pages/accountmanage/action.py

@@ -1,6 +1,6 @@
 from pathlib import Path
 from flask import Blueprint, request, session, redirect, flash
-import json, re
+import json, os, re, sqlite3
 from datetime import datetime, timezone
 import auth
 import config_utils
@@ -100,6 +100,24 @@ def accounts_edit():
     return redirect(f'/{_PAGE}')
 
 
+@bp.route('/action/accountmanage/session_invalidate', methods=['POST'])
+@auth.require_level('manager')
+def session_invalidate():
+    sid = request.form.get('session_id', '').strip()
+    if not sid:
+        flash('Invalid request.', 'error')
+        return redirect(f'/{_PAGE}')
+    try:
+        con = sqlite3.connect(config_utils.SESSIONS_DB, timeout=5)
+        con.execute('DELETE FROM sessions WHERE session_id=?', (sid,))
+        con.commit()
+        con.close()
+        flash('Session invalidated.', 'success')
+    except Exception:
+        flash('Failed to invalidate session.', 'error')
+    return redirect(f'/{_PAGE}')
+
+
 @bp.route('/action/accountmanage/accounts_delete', methods=['POST'])
 @auth.require_level('manager')
 def accounts_delete():
@@ -118,7 +136,10 @@ def accounts_delete():
 
     target = accounts[row_index]
 
-    if target.get('email_address', '').lower() == session.get('email_address', '').lower():
+    target_email  = target.get('email_address', '').lower()
+    current_email = session.get('email_address', '').lower()
+    initial_email = os.environ.get('INITIAL_MANAGER_EMAIL', '').strip().lower()
+    if target_email == current_email and target_email != initial_email:
         flash('You cannot remove your own account.', 'error')
         return redirect(f'/{_PAGE}')