tonehaus/templates/admin/users.html.twig

{% extends 'base.html.twig' %}
{% block title %}User Management{% endblock %}

{% block body %}
  <h1 class="h4 mb-4">User management</h1>
  <div class="row g-4">
    <div class="col-lg-8">
      <div class="card">
        <div class="card-body">
          <div class="d-flex justify-content-between align-items-center mb-3">
            <h2 class="h6 mb-0">Accounts</h2>
            <span class="text-secondary small">{{ rows|length }} total</span>
          </div>
          <div class="table-responsive">
            <table class="table table-sm align-middle">
              <thead>
                <tr>
                  <th scope="col">Name</th>
                  <th scope="col">Email</th>
                  <th scope="col">Roles</th>
                  <th scope="col" class="text-center">Albums</th>
                  <th scope="col" class="text-center">Reviews</th>
                  <th scope="col" class="text-end">Actions</th>
                </tr>
              </thead>
              <tbody>
                {% for row in rows %}
                  {% set user = row.user %}
                  {% set isSelf = app.user and app.user.id == user.id %}
                  {% set isAdminUser = 'ROLE_ADMIN' in user.roles %}
                  {% set canDelete = (not isSelf) and (not isAdminUser) %}
                  {% set isModerator = 'ROLE_MODERATOR' in user.roles %}
                  {% set canPromote = is_granted('ROLE_ADMIN') and not isAdminUser %}
                  {% set promoteReason = '' %}
                  {% if not canPromote %}
                    {% if not is_granted('ROLE_ADMIN') %}
                      {% set promoteReason = 'Only administrators can update roles.' %}
                    {% else %}
                      {% set promoteReason = isModerator ? 'Demote not available.' : 'Promotion not available.' %}
                    {% endif %}
                  {% endif %}
                  {% set deleteReason = '' %}
                  {% if not canDelete %}
                    {% if isSelf %}
                      {% set deleteReason = 'You cannot delete your own account.' %}
                    {% elseif isAdminUser %}
                      {% set deleteReason = 'Administrators cannot be deleted.' %}
                    {% else %}
                      {% set deleteReason = 'Delete not available.' %}
                    {% endif %}
                  {% endif %}
                  <tr>
                    <td>
                      <div class="fw-semibold">{{ user.displayName ?? '—' }}</div>
                    </td>
                    <td>{{ user.email }}</td>
                    <td>
                      {% for role in user.roles %}
                        {% if role == 'ROLE_ADMIN' %}
                          <span class="badge text-bg-danger">Admin</span>
                        {% elseif role == 'ROLE_MODERATOR' %}
                          <span class="badge text-bg-primary">Moderator</span>
                        {% elseif role == 'ROLE_USER' %}
                          <span class="badge text-bg-secondary">User</span>
                        {% endif %}
                      {% endfor %}
                    </td>
                    <td class="text-center">{{ row.albumCount }}</td>
                    <td class="text-center">{{ row.reviewCount }}</td>
                    <td class="text-end">
                      <div class="d-flex gap-2 justify-content-end">
                        <form method="post" action="{{ path('admin_users_promote', {id: user.id}) }}" onsubmit="return confirm('{% if isModerator %}Remove moderator access from {{ user.email }}?{% else %}Promote {{ user.email }} to moderator?{% endif %}');">
                          <input type="hidden" name="_token" value="{{ csrf_token('promote-user-' ~ user.id) }}">
                          <span class="d-inline-block" {% if not canPromote %}data-bs-toggle="tooltip" data-bs-placement="top" title="{{ promoteReason }}" tabindex="0"{% endif %}>
                            <button class="btn btn-sm btn-outline-primary" type="submit" {% if not canPromote %}disabled aria-disabled="true"{% endif %}>
                              {% if isModerator %}Demote{% else %}Promote{% endif %}
                            </button>
                          </span>
                        </form>
                        <form method="post" action="{{ path('admin_users_delete', {id: user.id}) }}" onsubmit="return confirm('Delete {{ user.email }}? This cannot be undone.');">
                          <input type="hidden" name="_token" value="{{ csrf_token('delete-user-' ~ user.id) }}">
                          <span class="d-inline-block" {% if not canDelete %}data-bs-toggle="tooltip" data-bs-placement="top" title="{{ deleteReason }}" tabindex="0"{% endif %}>
                            <button class="btn btn-sm btn-outline-danger" type="submit" {% if not canDelete %}disabled aria-disabled="true"{% endif %}>Delete</button>
                          </span>
                        </form>
                      </div>
                    </td>
                  </tr>
                {% else %}
                  <tr>
                    <td colspan="6" class="text-center text-secondary py-4">No users found.</td>
                  </tr>
                {% endfor %}
              </tbody>
            </table>
          </div>
        </div>
      </div>
    </div>
    <div class="col-lg-4">
      <div class="card h-100">
        <div class="card-body">
          <h2 class="h6 mb-3">Create user</h2>
          {{ form_start(form, {attr: {novalidate: 'novalidate'}}) }}
            <div class="mb-3">
              {{ form_label(form.email, null, {label_attr: {class: 'form-label'}}) }}
              {{ form_widget(form.email, {attr: {class: 'form-control'}}) }}
              {{ form_errors(form.email) }}
            </div>
            <div class="mb-3">
              {{ form_label(form.displayName, null, {label_attr: {class: 'form-label'}}) }}
              {{ form_widget(form.displayName, {attr: {class: 'form-control'}}) }}
              {{ form_errors(form.displayName) }}
            </div>
            <div class="mb-3">
              {{ form_label(form.plainPassword.first, null, {label_attr: {class: 'form-label'}}) }}
              {{ form_widget(form.plainPassword.first, {attr: {class: 'form-control'}}) }}
              {{ form_errors(form.plainPassword.first) }}
            </div>
            <div class="mb-3">
              {{ form_label(form.plainPassword.second, null, {label_attr: {class: 'form-label'}}) }}
              {{ form_widget(form.plainPassword.second, {attr: {class: 'form-control'}}) }}
              {{ form_errors(form.plainPassword.second) }}
            </div>
            {{ form_errors(form.plainPassword) }}
            <button class="btn btn-success w-100" type="submit">Create account</button>
          {{ form_end(form) }}
        </div>
      </div>
    </div>
  </div>
  <script>
    document.addEventListener('DOMContentLoaded', function () {
      const tooltips = [].slice.call(document.querySelectorAll('[data-bs-toggle="tooltip"]'));
      tooltips.forEach(function (el) {
        if (!el.getAttribute('data-bs-original-title')) {
          bootstrap.Tooltip.getOrCreateInstance(el);
        }
      });
    });
  </script>
{% endblock %}