ui batch: admin tab, time filter, count-up, chevron sync, tidy

1. New /admin route with sub-tabs (Protokoll, Benutzer) for admins. Top nav: "Protokoll" dropped, "Admin" added right of Einstellungen. /logs and /einstellungen/benutzer issue 301 redirects to the new paths. Benutzer is no longer part of Einstellungen sub-nav. 2. User_filters.max_age_hours (migration v6) — new dropdown (1–10 h / beliebig) under Einstellungen → Filter; Wohnungen list drops flats older than the cutoff by discovered_at. 3. Header shows "aktualisiert vor X s" instead of a countdown. Template emits data-counter-up-utc with last_alert_heartbeat; app.js ticks up each second. When a scrape runs, the heartbeat updates and the HTMX swap resets the counter naturally. 4. Chevron state synced after HTMX swaps: panes preserved via hx-preserve keep the user's open/closed state, and the sibling button's .open class is re-applied by syncFlatExpandState() on afterSwap — previously a scroll-triggered poll would flip the chevron back to closed while the pane stayed open. 5. "Final absenden" footer removed from the profile page (functionality is unchanged, the switch still sits atop Wohnungen). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-21 17:11:58 +02:00 · 2026-04-21 17:11:58 +02:00 · da180bd7c7
commit da180bd7c7
parent 83db8cd902
10 changed files with 175 additions and 85 deletions
--- a/web/app.py
+++ b/web/app.py
@ -1,11 +1,11 @@
 """
 lazyflat web app.

-Four tabs:
- /             → Wohnungen (all flats, per-user match highlighting, filter block, auto-apply switch)
- /bewerbungen  → Bewerbungen (history + forensics; failed apps expose a ZIP report download)
- /logs         → Logs (user-scoped audit log)
- /einstellungen/<section> → Einstellungen: profile, filter, notifications, account, admin users
+Tabs:
+- /                           → Wohnungen
+- /bewerbungen                → Bewerbungen (history + forensics ZIP for failed runs)
+- /einstellungen/<section>    → Einstellungen: profil | filter | benachrichtigungen | account
+- /admin/<section>            → Admin-only: protokoll | benutzer

 All state-changing POSTs require CSRF. Internal endpoints require INTERNAL_API_KEY.
 """
@ -209,7 +209,18 @@ def _next_scrape_utc() -> str:
    return (dt + timedelta(seconds=ALERT_SCRAPE_INTERVAL_SECONDS)).astimezone(timezone.utc).isoformat(timespec="seconds")


-FILTER_KEYS = ("rooms_min", "rooms_max", "max_rent", "min_size", "max_morning_commute", "wbs_required")
+def _last_scrape_utc() -> str:
+    hb = db.get_state("last_alert_heartbeat")
+    dt = _parse_iso(hb)
+    if dt is None:
+        return ""
+    if dt.tzinfo is None:
+        dt = dt.replace(tzinfo=timezone.utc)
+    return dt.astimezone(timezone.utc).isoformat(timespec="seconds")
+
+
+FILTER_KEYS = ("rooms_min", "rooms_max", "max_rent", "min_size",
+               "max_morning_commute", "wbs_required", "max_age_hours")


 def _has_filters(f) -> bool:
@ -258,6 +269,8 @@ def _filter_summary(f) -> str:
        parts.append("WBS")
    elif f["wbs_required"] == "no":
        parts.append("ohne WBS")
+    if f["max_age_hours"]:
+        parts.append(f"≤ {int(f['max_age_hours'])} h alt")
    return " · ".join(parts)


@ -393,10 +406,22 @@ def _wohnungen_context(user) -> dict:
    flats = db.recent_flats(100)

    rejected = db.rejected_flat_ids(uid)
+    max_age_hours = filters_row["max_age_hours"] if filters_row else None
+    age_cutoff = None
+    if max_age_hours:
+        age_cutoff = datetime.now(timezone.utc) - timedelta(hours=int(max_age_hours))
    flats_view = []
    for f in flats:
        if f["id"] in rejected:
            continue
+        if age_cutoff is not None:
+            disc = _parse_iso(f["discovered_at"])
+            if disc is None:
+                continue
+            if disc.tzinfo is None:
+                disc = disc.replace(tzinfo=timezone.utc)
+            if disc < age_cutoff:
+                continue
        if not flat_matches_filter({
            "rooms": f["rooms"], "total_rent": f["total_rent"], "size": f["size"],
            "wbs": f["wbs"], "connectivity": {"morning_time": f["connectivity_morning_time"]},
@ -456,6 +481,7 @@ def _wohnungen_context(user) -> dict:
        "apply_block_reason": reason,
        "apply_reachable": apply_client.health(),
        "next_scrape_utc": _next_scrape_utc(),
+        "last_scrape_utc": _last_scrape_utc(),
        "has_running_apply": has_running,
        "poll_interval": 3 if has_running else 30,
    }
@ -528,6 +554,7 @@ async def action_save_filters(
    min_size: str = Form(""),
    max_morning_commute: str = Form(""),
    wbs_required: str = Form(""),
+    max_age_hours: str = Form(""),
    user=Depends(require_user),
 ):
    require_csrf(user["id"], csrf)
@ -536,6 +563,13 @@ async def action_save_filters(
        v = (v or "").strip().replace(",", ".")
        return float(v) if v else None

+    def _i(v):
+        v = (v or "").strip()
+        try:
+            return int(v) if v else None
+        except ValueError:
+            return None
+
    db.update_filters(user["id"], {
        "rooms_min": _f(rooms_min),
        "rooms_max": _f(rooms_max),
@ -543,6 +577,7 @@ async def action_save_filters(
        "min_size": _f(min_size),
        "max_morning_commute": _f(max_morning_commute),
        "wbs_required": (wbs_required or "").strip(),
+        "max_age_hours": _i(max_age_hours),
    })
    db.log_audit(user["username"], "filters.updated", user_id=user["id"], ip=client_ip(request))
    return RedirectResponse("/", status_code=303)
@ -784,23 +819,45 @@ def _collect_events(start_iso: str | None, end_iso: str | None) -> list[dict]:
    return events


-@app.get("/logs", response_class=HTMLResponse)
-def tab_logs(request: Request):
+@app.get("/logs")
+def tab_logs_legacy():
+    # Old top-level Protokoll tab was merged into /admin/protokoll.
+    return RedirectResponse("/admin/protokoll", status_code=301)
+
+
+ADMIN_SECTIONS = ("protokoll", "benutzer")
+
+
+@app.get("/admin", response_class=HTMLResponse)
+def tab_admin_root(request: Request):
+    return RedirectResponse("/admin/protokoll", status_code=303)
+
+
+@app.get("/admin/{section}", response_class=HTMLResponse)
+def tab_admin(request: Request, section: str):
    u = current_user(request)
    if not u:
        return RedirectResponse("/login", status_code=303)
    if not u["is_admin"]:
        raise HTTPException(403, "admin only")
+    if section not in ADMIN_SECTIONS:
+        raise HTTPException(404)

-    q = request.query_params
-    from_str = q.get("from") or ""
-    to_str = q.get("to") or ""
-    start_iso, end_iso = _parse_date_range(from_str or None, to_str or None)
-    events = _collect_events(start_iso, end_iso)[:500]
+    ctx = base_context(request, u, "admin")
+    ctx["section"] = section

-    ctx = base_context(request, u, "logs")
-    ctx.update({"events": events, "from_str": from_str, "to_str": to_str})
-    return templates.TemplateResponse("logs.html", ctx)
+    if section == "protokoll":
+        q = request.query_params
+        from_str = q.get("from") or ""
+        to_str = q.get("to") or ""
+        start_iso, end_iso = _parse_date_range(from_str or None, to_str or None)
+        ctx.update({
+            "events": _collect_events(start_iso, end_iso)[:500],
+            "from_str": from_str, "to_str": to_str,
+        })
+    elif section == "benutzer":
+        ctx["users"] = db.list_users()
+    return templates.TemplateResponse("admin.html", ctx)


@app.get("/logs/export.csv")
@ -846,7 +903,7 @@ def tab_logs_export(request: Request):
 # Tab: Einstellungen (sub-tabs)
 # ---------------------------------------------------------------------------

-VALID_SECTIONS = ("profil", "filter", "benachrichtigungen", "account", "benutzer")
+VALID_SECTIONS = ("profil", "filter", "benachrichtigungen", "account")


@app.get("/einstellungen", response_class=HTMLResponse)
@ -859,10 +916,11 @@ def tab_settings(request: Request, section: str):
    u = current_user(request)
    if not u:
        return RedirectResponse("/login", status_code=303)
+    # Benutzer verwaltung lives under /admin/benutzer since the admin tab rework.
+    if section == "benutzer":
+        return RedirectResponse("/admin/benutzer", status_code=301)
    if section not in VALID_SECTIONS:
        raise HTTPException(404)
-    if section == "benutzer" and not u["is_admin"]:
-        raise HTTPException(403)

    ctx = base_context(request, u, "einstellungen")
    ctx["section"] = section
@ -873,10 +931,6 @@ def tab_settings(request: Request, section: str):
        ctx["filters"] = row_to_dict(db.get_filters(u["id"]))
    elif section == "benachrichtigungen":
        ctx["notifications"] = db.get_notifications(u["id"])
-    elif section == "account":
-        pass
-    elif section == "benutzer":
-        ctx["users"] = db.list_users()
    return templates.TemplateResponse("einstellungen.html", ctx)


@ -995,10 +1049,10 @@ async def action_users_create(
        uid = db.create_user(username, hash_password(password),
                             is_admin=(is_admin.lower() in ("on", "true", "yes", "1")))
    except sqlite3.IntegrityError:
-        return RedirectResponse("/einstellungen/benutzer?err=exists", status_code=303)
+        return RedirectResponse("/admin/benutzer?err=exists", status_code=303)
    db.log_audit(admin["username"], "user.created", f"new_user={username} id={uid}",
                 user_id=admin["id"], ip=client_ip(request))
-    return RedirectResponse("/einstellungen/benutzer?ok=1", status_code=303)
+    return RedirectResponse("/admin/benutzer?ok=1", status_code=303)


@app.post("/actions/users/disable")
@ -1016,7 +1070,7 @@ async def action_users_disable(
    db.log_audit(admin["username"], "user.toggle_disable",
                 f"target={target_id} disabled={value=='on'}",
                 user_id=admin["id"], ip=client_ip(request))
-    return RedirectResponse("/einstellungen/benutzer", status_code=303)
+    return RedirectResponse("/admin/benutzer", status_code=303)


@app.post("/actions/enrich-all")
@ -1059,12 +1113,12 @@ async def action_users_delete(
        raise HTTPException(400, "refusing to delete self")
    target = db.get_user(target_id)
    if not target:
-        return RedirectResponse("/einstellungen/benutzer", status_code=303)
+        return RedirectResponse("/admin/benutzer", status_code=303)
    db.delete_user(target_id)
    db.log_audit(admin["username"], "user.deleted",
                 f"target={target_id} username={target['username']}",
                 user_id=admin["id"], ip=client_ip(request))
-    return RedirectResponse("/einstellungen/benutzer?deleted=1", status_code=303)
+    return RedirectResponse("/admin/benutzer?deleted=1", status_code=303)


 # ---------------------------------------------------------------------------