fix(delete): Ensure delete password prompt shows for all users

The password prompt for deleting items was not appearing for non-admin users because the backend endpoint to check for the password's existence was incorrectly restricted to admins, and the frontend logic did not properly handle the check. This commit fixes the issue by: - Allowing all authenticated users to check if a deletion password is set. - Updating the frontend to correctly show the prompt based on this check.
2025-11-05 12:12:16 +01:00
parent 0c670ed843
commit 9033ac4054
4 changed files with 13 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
 .env
 data/
-.vscode/
+.vscode/
+build.sh
+anleitung
--- a/README.md
+++ b/README.md
@@ -15,6 +15,10 @@ This web service is the final development step for the accompanying **Android ap
 *   **Automatic Language Detection:** The user interface automatically adapts to your browser's language. Currently, English and German are supported. Simply refresh the page after changing your browser or OS language settings.
 *   **Gotify Notifications:** Trigger notifications to your Gotify server.
 *   **Suggestion Box:** Get suggestions for items as you type.
+*   **Feature Update:** The Deletion Password field is now optional, removing the mandatory requirement for admin to set a password.
+*   **Bugfix:** The password prompt for deleting items now correctly appears for all users when a password is set.
+
+*   **New Feature:** Added support for a Dark Theme (Dark Mode).

 ## How to Use

--- a/main.py
+++ b/main.py
@@ -544,9 +544,6 @@ async def delete_marked_items(request: Optional[DeletionRequest] = None, current

@app.get("/api/settings/deletion-password")
 async def get_deletion_password(current_user: User = Depends(get_current_active_user)):
-    if not current_user.is_admin:
-        raise HTTPException(status_code=status.HTTP_403_FORBIDDEN,
-                            detail="Only admins can access this setting")
    conn = sqlite3.connect(DB_FILE)
    cursor = conn.cursor()
    cursor.execute(
--- a/static/index.html
+++ b/static/index.html
@@ -930,7 +930,12 @@
        }

        deleteMarkedBtn.addEventListener('click', () => {
-            deletePasswordModal.show();
+            if (isDeletionPasswordSet) {
+                deletePasswordModal.show();
+            } else {
+                // If no password is set, delete directly without showing the modal.
+                callDeleteMarkedItemsApi('');
+            }
        });

        deletePasswordForm.addEventListener('submit', (event) => {
@@ -952,8 +957,6 @@
        });

        async function getDeletionPassword() {
-            if (!currentUser.is_admin) return;
-
            const response = await fetch('/api/settings/deletion-password', { headers: getAuthHeaders() });
            if (response.status === 401) return handleLogout();