completing user administration

web/app.py

@@ -6,6 +6,7 @@ from typing import Dict, List
 from web.craigslist import scraper
 from web.db import (
     db_init,
+    delete_user_by_id,
     get_all_jobs,
     mark_favorite,
     record_visit,
@@ -13,6 +14,7 @@ from web.db import (
     create_or_update_user,
     verify_user_credentials,
     get_user,
+    get_user_by_id,
     get_user_regions,
     get_user_keywords,
     set_user_regions,
@@ -342,6 +344,39 @@ def admin_users():
     return render_template('admin/users.html', users=users, title='Users')
 
 
+@app.route('/admin/user/<user_id>', methods=['GET', 'POST'])
+def admin_user(user_id):
+    if not require_admin():
+        return redirect(url_for('login'))
+    user = get_user_by_id(user_id)
+    if request.method == 'POST':
+        data = request.form
+        username = (data.get('username') or '').strip()
+        password = data.get('new_password')
+        is_admin = bool(data.get('is_admin'))
+        is_active = bool(data.get('is_active')) if data.get(
+            'is_active') is not None else True
+        try:
+            create_or_update_user(
+                username, password=password, is_admin=is_admin, is_active=is_active)
+            flash('User saved')
+        except Exception as e:
+            flash(f'Error: {e}')
+        return redirect(url_for('admin_users'))
+    return render_template('admin/user.html', user=user, title='User')
+
+
+@app.route('/admin/user/<user_id>/delete', methods=['POST'])
+def admin_user_delete(user_id):
+    if not require_admin():
+        return redirect(url_for('login'))
+    if delete_user_by_id(user_id):
+        flash('User deleted')
+    else:
+        flash('Error deleting user')
+    return redirect(url_for('admin_users'))
+
+
 # ---------------- User settings (regions/keywords) -------------------------
 
 @app.route('/settings', methods=['GET', 'POST'])